RE: [lists] How to's in Hacking AS400
- From: "Curt Purdy" <purdy@xxxxxxxxxx>
- Date: Fri, 14 Apr 2006 04:53:22 -0400
Also browse for Windoze shares. Did a HIPAA audit on an MHMR and could not
touch the AS/400 from the OS/400 side, but it had a Windoze blade that had
access to the hard drive. Walked into an empty office, plugged in the
laptop, and boom, there it was.
Could not believe I could read/write to it without any authentication.
Downloaded a record without any extension and thought I would have to have a
proprietary client to view it. But no, opened the file in a hex editor and
there in the header was TIFF...
Tagged .tif extension, opened it in Photoshop and boom, there was EPHI for
the whole world to see, plus I could modify and write it back. Can you say
non-compliant? In 15 minutes I made the $40K I charged for the audit.
Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
Information Security Officer
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
-----Original Message-----
From: QSECOFR@xxxxxxxxx [mailto:QSECOFR@xxxxxxxxx]
Sent: Saturday, April 08, 2006 10:36 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: [lists] How to's in Hacking AS400
I've hacked several AS400s over the years.
Here's some starter's:
1. Check for shares made *PUBLIC
2. Try all the default system IDs with default passwords
(e.g. QSECOFR:QSECOFR) 3. Sniff the client. There are
versions that send unencypted traffic. Telnet sadly works too.
4. Hunt through surrounding systems like backup servers,
desktops. These often have batch jobs in text files that
automatically login to AS400.
5. Use Jack Henry's default login. (My Favorite, the easiest
and laziest way to go)
There are more advanced techiques with the libraries, but
this will take more time than I have at the moment. Excuse
me, but I need to go pan-handle.
--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win
the Analyst's Choice Award from eWeek. As attacks through web
applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most
comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You
have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help
you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your results from other product. Contact us at
request@xxxxxxxxxx for details.
--------------------------------------------------------------
----------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------
- References:
- How to's in Hacking AS400
- From: QSECOFR
- How to's in Hacking AS400
- Prev by Date: RE: Vulnerability and Penetration testing software
- Next by Date: Re: ports 8901 and 8902
- Previous by thread: How to's in Hacking AS400
- Next by thread: [tool] bsqlbf v1.1
- Index(es):
Relevant Pages
|
|
