Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Default passwords for TSO and CICS ?
From: Glenn Larsson <ichinin () swipnet se>
Date: Wed, 10 Jul 2002 20:34:41 +0200

Rainer Duffner wrote:


same site, other host.
Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
beyond me, but perhaps they don't know about x3270. ;-)

Anyway, when I open a session, I am presented with several options:

LOGON userid            TSO
CICSI                   integration CICS
CICSP                   production CICS
CICST                   test CICS

(and there's the company-logo on top, but I omitted that :-] )

I must admit that I don't no either of the above OSs - I have limited
experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
accounts I tried didn't work.
Does anybody know some TSO default accounts, if any ?



I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.

You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular

...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]