Re: Default passwords for TSO and CICS ?

From: Glenn Larsson (ichinin@swipnet.se)
Date: 07/10/02


Date: Wed, 10 Jul 2002 20:34:41 +0200
From: Glenn Larsson <ichinin@swipnet.se>
To: Rainer Duffner <rainer@ultra-secure.de>

Rainer Duffner wrote:
>
> Hi,
>
> same site, other host.
> Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
> beyond me, but perhaps they don't know about x3270. ;-)
>
> Anyway, when I open a session, I am presented with several options:
>
> LOGON userid TSO
> CICSI integration CICS
> CICSP production CICS
> CICST test CICS
>
> (and there's the company-logo on top, but I omitted that :-] )
>
> I must admit that I don't no either of the above OSs - I have limited
> experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
> accounts I tried didn't work.
> Does anybody know some TSO default accounts, if any ?
> Or CICS ?
>
> cheers,
> Rainer

Hi.

I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.

You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular
basis.

...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)

Regards,
Glenn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)