Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Default passwords for TSO and CICS ?
From: Glenn Larsson <ichinin () swipnet se>
Date: Wed, 10 Jul 2002 20:34:41 +0200

Rainer Duffner wrote:

Hi,

same site, other host.
Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
beyond me, but perhaps they don't know about x3270. ;-)

Anyway, when I open a session, I am presented with several options:

LOGON userid            TSO
CICSI                   integration CICS
CICSP                   production CICS
CICST                   test CICS

(and there's the company-logo on top, but I omitted that :-] )

I must admit that I don't no either of the above OSs - I have limited
experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
accounts I tried didn't work.
Does anybody know some TSO default accounts, if any ?
Or CICS ?

cheers,
Rainer

Hi.

I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.

You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular
basis.

...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)

Regards,
Glenn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault