Penetration Testing mailing list archives
RE: [lists] How to's in Hacking AS400
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 14 Apr 2006 04:53:22 -0400
Also browse for Windoze shares. Did a HIPAA audit on an MHMR and could not touch the AS/400 from the OS/400 side, but it had a Windoze blade that had access to the hard drive. Walked into an empty office, plugged in the laptop, and boom, there it was. Could not believe I could read/write to it without any authentication. Downloaded a record without any extension and thought I would have to have a proprietary client to view it. But no, opened the file in a hex editor and there in the header was TIFF... Tagged .tif extension, opened it in Photoshop and boom, there was EPHI for the whole world to see, plus I could modify and write it back. Can you say non-compliant? In 15 minutes I made the $40K I charged for the audit. Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA Information Security Officer If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-----Original Message----- From: QSECOFR () AS400 com [mailto:QSECOFR () AS400 com] Sent: Saturday, April 08, 2006 10:36 PM To: pen-test () securityfocus com Subject: [lists] How to's in Hacking AS400 I've hacked several AS400s over the years. Here's some starter's: 1. Check for shares made *PUBLIC 2. Try all the default system IDs with default passwords (e.g. QSECOFR:QSECOFR) 3. Sniff the client. There are versions that send unencypted traffic. Telnet sadly works too. 4. Hunt through surrounding systems like backup servers, desktops. These often have batch jobs in text files that automatically login to AS400. 5. Use Jack Henry's default login. (My Favorite, the easiest and laziest way to go) There are more advanced techiques with the libraries, but this will take more time than I have at the moment. Excuse me, but I need to go pan-handle. -------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. -------------------------------------------------------------- ----------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- How to's in Hacking AS400 QSECOFR (Apr 09)
- RE: [lists] How to's in Hacking AS400 Curt Purdy (Apr 14)