Ibm Iseries For Penetration Testers: Bypass Restrictions And Take Over Server presented at Blackhat Europe 2006

by Shalom Carmel,

Tags: Security Access

Summary : iSeries aka AS400 servers are used by manufacturers, banks, insurance companies, casinos and governments. Odds are that wherever there is an iSeries based application, is where the money is. With over 300,000 customers worldwide and millions of users, some people are bound to be rogue hackers looking for a way to exploit it for their own means. We will see how an attacker reconstructs the list of users on the server, how a limited access user can bypass the restrictions, how to take over an iSeries server via ODBC, and how to hijack from the iSeries connected workstations using terminal emulation clients. Prerequisite knowledge for the lecture is basics of TCP/IP application protocols, basics of database management, some programming understanding.