RE: [lists] How to's in Hacking AS400

["Curt Purdy" <purdy () tecman com>]

Also browse for Windoze shares.  Did a HIPAA audit on an MHMR and could not
touch the AS/400 from the OS/400 side, but it had a Windoze blade that had
access to the hard drive.  Walked into an empty office, plugged in the
laptop, and boom, there it was.

Could not believe I could read/write to it without any authentication.
Downloaded a record without any extension and thought I would have to have a
proprietary client to view it.  But no, opened the file in a hex editor and
there in the header was TIFF...

Tagged .tif extension, opened it in Photoshop and boom, there was EPHI for
the whole world to see, plus I could modify and write it back.  Can you say
non-compliant?  In 15 minutes I made the $40K I charged for the audit.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
Information Security Officer 
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 

 

> -----Original Message-----
> From: QSECOFR () AS400 com [mailto:QSECOFR () AS400 com] 
> Sent: Saturday, April 08, 2006 10:36 PM
> To: pen-test () securityfocus com
> Subject: [lists] How to's in Hacking AS400
>
> I've hacked several AS400s over the years.
>
> Here's some starter's:
>
> 1. Check for shares made *PUBLIC
> 2. Try all the default system IDs with default passwords 
> (e.g. QSECOFR:QSECOFR) 3. Sniff the client. There are 
> versions that send unencypted traffic. Telnet sadly works too.
> 4. Hunt through surrounding systems like backup servers, 
> desktops. These often have batch jobs in text files that 
> automatically login to AS400.
> 5. Use Jack Henry's default login. (My Favorite, the easiest 
> and laziest way to go)
>
> There are more advanced techiques with the libraries, but 
> this will take more time than I have at the moment. Excuse 
> me, but I need to go pan-handle.
>
>
>
> --------------------------------------------------------------
> ----------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? 
> Why not go with the #1 solution - Cenzic, the only one to win 
> the Analyst's Choice Award from eWeek. As attacks through web 
> applications continue to rise, you need to proactively 
> protect your applications from hackers. Cenzic has the most 
> comprehensive solutions to meet your application security 
> penetration testing and vulnerability management needs. You 
> have an option to go with a managed service (Cenzic 
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
> Download FREE whitepaper on how a managed service can help 
> you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to 
> confirm your results from other product. Contact us at 
> request () cenzic com for details.
> --------------------------------------------------------------
> ----------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------