|
Penetration Testing
mailing list archives
Re: Default passwords for TSO and CICS ?
From: Glenn Larsson <ichinin () swipnet se>
Date: Wed, 10 Jul 2002 20:34:41 +0200
Rainer Duffner wrote:
Hi,
same site, other host.
Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
beyond me, but perhaps they don't know about x3270. ;-)
Anyway, when I open a session, I am presented with several options:
LOGON userid TSO
CICSI integration CICS
CICSP production CICS
CICST test CICS
(and there's the company-logo on top, but I omitted that :-] )
I must admit that I don't no either of the above OSs - I have limited
experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
accounts I tried didn't work.
Does anybody know some TSO default accounts, if any ?
Or CICS ?
cheers,
Rainer
Hi.
I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.
You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular
basis.
...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)
Regards,
Glenn
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
