Defcon Talk: Legacy System AS400 Hacked

Bart Kulach has a pdf from this year’s Defcon23  “Hack the Legacy! IBMi (aka AS/400) revealed”

He recommends to check the website he set up http://www.hackthelegacy.org/

The items he has focused on are the privilege  escalation issue in this slide:

privilegeescalationbartkulach

 

There are some good suggestions for a standard audit of your AD

Check your group profiles, what groups are your admin accounts under?

Monitoring profile handles is good as well as object and data authorities (AS/400)

Checking access levels is good – check them as part of your external and internal audits.

 

passwordsecuritybartkulach

 

 

The whole key with escalation attacks is to gain access to your admin accounts.

Bart Kulach claims here that the IBM API output has finally been revealed by him. Which means that hackers can now easily attack your AS400 password files.

 

There are still many more Defcon 23 talks to review… each one sometimes gives 1 or 2 good security suggestions.

As mentioned – in this one I like

1. Check your admin account group inclusions, as well as user accounts that have admin level group capabilities.

2.  Remember even privilege escalation vulnerabilities have a goal – to take your password file and to escalate to admin account.  (typical escalation vulnerabilities  are less important)

 

 

 

contact us for more

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.