• Subject: Re: AS/400 on alt.hacker
  • From: leif@xxxxxxx
  • Date: Tue, 21 Sep 1999 12:52:01 -0500

the AS/400 password scheme is very weak as well.
can be cracked by brute force in a few hours.

----- Original Message -----
From: Ed Davidson <Edavidson@primeinc.com>
To: <MIDRANGE-L@midrange.com>
Sent: Tuesday, September 21, 1999 9:45 AM
Subject: RE: AS/400 on alt.hacker


> I have not seen this info posted here, if I am repeating someone else I
> apologize.
>
> There is software called l0phtcrack.  This software can obtain most
> passwords on an NT domain within 60 seconds if the user can access the
> registry, sams file, or password file.  It can obtain passwords by just
> listening on the network without signing on by using SBM packet capture.
>
> What does this matter on the AS/400?  If you are like many organization,
> your users have the same password on the network as the AS/400.  If a
hacker
> can hack at a weaker NT platform for a password, he can usually use it on
> more secure platforms such as the AS/400.
>
> The site is at http://www.l0pht.com/
>
>
>
> In some cases the AS/400 is easier to capture passwords on.  If you are
> using Telnet, FTP, or using a router such as NetSoft Elite, or NetWare SAA
> to connect to the AS/400, then your passwords are probably going over the
> wire without any encryption.  I have successfully captured user ID's and
> Password by using a packet capture software.  The capture is in ASCII
> format, so I convert it to EBCDIC and I have the user ID/Password.
>
>
>
> PS:I am involved in securing my network, not in breaching others.
>
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---
>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].