• Subject: RE: AS/400 on alt.hacker
  • From: Chris Bipes <ChrisB@xxxxxxxxxxxxxxx>
  • Date: Thu, 23 Sep 1999 08:51:17 -0700

Capturing user ids and passwords is very easy.  You have to worry about
someone on your LAN.  For internet access, your ISPs LAN or your corporate
ISPs LAN.  They can also be captured on the LANs between your ISP and your
corporate ISP.  If your employees use large reputable ISPs you should have
no problem.  It is those little ISPs run out of a garage that have me
worried.  Try a TRACERT from your home to your company and see how many
hops, (LANs), you go through.  I get from Santa Rosa to Rohnert Park via LA.

Christopher K. Bipes    mailto:ChrisB@Cross-Check.com
Sr. Programmer/Analyst  mailto:Chris_Bipes@Yahoo.com
CrossCheck, Inc.        http://www.cross-check.com
6119 State Farm Drive   Phone: 707 586-0551 x 1102
Rohnert Park CA  94928  Fax: 707 586-1884

*Note to Recruiters
I nor anyone that I know of is interested in any new and/or exciting
positions. Please do not contact me.

-----Original Message-----
From: Dan Bale [mailto:dbale@genfast.com]
Sent: Tuesday, September 21, 1999 9:40 AM
To: MIDRANGE-L@midrange.com
Subject: RE: AS/400 on alt.hacker


Thanks for the post.  I had not seen this before, so this was news to me.

I, and I think others on this list, are waiting to see if anyone takes up
"challenge" of cracking the AS/400 user ID and password, as offered by
How high do you think IBM would jump if this were accomplished?

But you got me thinking about using Remote Client Access to connect to an
through an ISP from home.  From what I understand, this is all unencrypted,
anyone using "packet capture software" should be able to pick up my user ID
password with little difficulty.  However, how will anyone know to "capture"
_my_ connection?  Would the person capturing be "sitting/waiting" on the
AS/400-side of the transmission or would he have to be monitoring my end of
connection?  If the latter, what are the chances that someone would know
that I
do this?  It's not like I put a sign out in front of my house advertising
fact.  I do an awful lot of surfing, so a "cracker" would have to have a
boring life waiting around for me to connect to our AS/400 from home.

- Dan Bale

____________________ Original Message ______________________

I have not seen this info posted here, if I am repeating someone else I

There is software called l0phtcrack.  This software can obtain most
passwords on an NT domain within 60 seconds if the user can access the
registry, sams file, or password file.  It can obtain passwords by just
listening on the network without signing on by using SBM packet capture.

What does this matter on the AS/400?  If you are like many organization,
your users have the same password on the network as the AS/400.  If a hacker
can hack at a weaker NT platform for a password, he can usually use it on
more secure platforms such as the AS/400.

The site is at http://www.l0pht.com/

In some cases the AS/400 is easier to capture passwords on.  If you are
using Telnet, FTP, or using a router such as NetSoft Elite, or NetWare SAA
to connect to the AS/400, then your passwords are probably going over the
wire without any encryption.  I have successfully captured user ID's and
Password by using a packet capture software.  The capture is in ASCII
format, so I convert it to EBCDIC and I have the user ID/Password.

PS:I am involved in securing my network, not in breaching others.
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page