RE: [lists] How to's in Hacking AS400

From: Curt Purdy (purdy@tecman.com)
Date: Fri Apr 14 2006 - 04:53:22 EDT


Also browse for Windoze shares. Did a HIPAA audit on an MHMR and could not
touch the AS/400 from the OS/400 side, but it had a Windoze blade that had
access to the hard drive. Walked into an empty office, plugged in the
laptop, and boom, there it was.

Could not believe I could read/write to it without any authentication.
Downloaded a record without any extension and thought I would have to have a
proprietary client to view it. But no, opened the file in a hex editor and
there in the header was TIFF...

Tagged .tif extension, opened it in Photoshop and boom, there was EPHI for
the whole world to see, plus I could modify and write it back. Can you say
non-compliant? In 15 minutes I made the $40K I charged for the audit.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
Information Security Officer
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

 

> -----Original Message-----
> From: QSECOFR@AS400.com [mailto:QSECOFR@AS400.com]
> Sent: Saturday, April 08, 2006 10:36 PM
> To: pen-test@securityfocus.com
> Subject: [lists] How to's in Hacking AS400
>
> I've hacked several AS400s over the years.
>
> Here's some starter's:
>
> 1. Check for shares made *PUBLIC
> 2. Try all the default system IDs with default passwords
> (e.g. QSECOFR:QSECOFR) 3. Sniff the client. There are
> versions that send unencypted traffic. Telnet sadly works too.
> 4. Hunt through surrounding systems like backup servers,
> desktops. These often have batch jobs in text files that
> automatically login to AS400.
> 5. Use Jack Henry's default login. (My Favorite, the easiest
> and laziest way to go)
>
> There are more advanced techiques with the libraries, but
> this will take more time than I have at the moment. Excuse
> me, but I need to go pan-handle.
>
>
>
> --------------------------------------------------------------
> ----------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win
> the Analyst's Choice Award from eWeek. As attacks through web
> applications continue to rise, you need to proactively
> protect your applications from hackers. Cenzic has the most
> comprehensive solutions to meet your application security
> penetration testing and vulnerability management needs. You
> have an option to go with a managed service (Cenzic
> ClickToSecure) or an enterprise software (Cenzic Hailstorm).
> Download FREE whitepaper on how a managed service can help
> you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to
> confirm your results from other product. Contact us at
> request@cenzic.com for details.
> --------------------------------------------------------------
> ----------------
>
>
>
>

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:50 EDT