A typical FTP interactive session consists of specifying the remote host you want to communicate with, the user profile you use to gain access with, the user profile's associated password, and the instruction to put or get a particular file. And, in an interactive session, that is no problem because the password specified is not displayed. For a one-off file transfer, FTP used interactively is fine and causes no significant security exposure.

For a regular periodic transfer of data between two hosts, interactive FTP transfer is not practical. What is needed and provided for is the ability to store the FTP script into a file, much like a program and execute the script in what is known as batch mode.

The following code snippet shows how to use a CL program to execute an FTP script in batch mode.

OVRDBF FILE(INPUT) TOFILE(QATMPINC) MBR(MYFTP) OVRDBF FILE(OUTPUT) TOFILE(QGPL/QFTPLOG) STRTCPFTP RMTSYS(YOURAS400.ANYNET.COM)

The first line directs the standard input file to the source file containing the FTP script to be executed. The second line points to a file that the FTP execution and error messages are written to. The FTP script to be executed is shown here:

UserId Password GET QGPL/YOURFILE MYLIB/MYFILE Quit

"Wonderful," you say. But hang on a minute--doesn't that mean you have a file hanging around with an AS/400 user profile name and password in plain view? Absolutely! Obviously, this is a big problem.

If you have access to one AS/400 that uses batch FTP transfers to other hosts, then, with very little effort, you can find the associated script files and thereby the user profile and password to the remote hosts. You can then sign on to these remote hosts and repeat the search for FTP script files ad infinitum until you have collected a veritable bevy of user profiles and passwords.

Finding Hidden Passwords

There is a file called QADBXATR in library QSYS that contains a complete inventory of all physical files on the system. QADBXATR can be queried to find all source files. Using the underlying search command provided in the PDM, Find String PDM (FNDSTRPDM), it's possible to find every occurrence of the word QUIT and, thereby, every source member that contains an FTP script. A program to Steal FTP passwords

The solution to this problem is to write a command that captures the required data elements to execute an FTP transfer and write the transfer script to a file in QTEMP and then execute the FTP transfer.

This solution was discussed in-depth in an article by Treovr Seeney of Sentinex Inc. in the November 2000 edition of Midrange Computing. The code for the a secure FTP command can be downloaded from MidrangeComputing.com.

Home | Software Solutions | iSeries Security | Tips & Techniques | Consulting | About us | Contact Us