Home
hack400tool (or actually its core) was initially created in 2010 to boost security assessments on AS/400 systems, that otherwise had to be done by either manual dumps of settings or a number of CL programs that would partly automate the job. This was time costly and required heavy involvement of IT personnel. A decision was made to create a "thick client" that would allow for gathering data externally in a controlled way. Over time, the functionality of the hack400tool's core class, IBMiConnector, has grown substantially.
In years 2013-2016 the security research on IBM i APIs together with @5up3rUs3r led to discovery of the password format used by system QSYRUPWD API. Following this discovery, hack400tool has been expanded with hash dump and privilege escalation functionality. The details on that API were presented at DefCon 23 (presentation and video). Based on these developments, a plugin for password cracking tool John the Ripper was created and included in the "bleeding jumbo" build (source code).
In 2016-2017, hack400tool was enhanced with new functionality based on user feedback, and the GUI received a fresh look. Also the naming has been unified: IBMiScanner became hack400scanner, and hack400tool became hack400exploiter. The latter change was to avoid confusion between the tool suite and the tool name. Mid 2017 a new tool came to live, hack400auditor. In its current (demo) version it is meant to provide assurance on compliance to proven security best practices that have been tested on multiple production systems and are an (enhanced) offspring of IBM's RedBooks. A full, commercial version is in development.
If you encounter any problems running the software, have noticed a bug or have any specific questions related to these tools, feel free to use the Issues facility or visit www.hackthelegacy.org.