From: Glenn Larsson (ichinin@swipnet.se)
Date: Wed Jul 10 2002 - 14:34:41 EDT
Rainer Duffner wrote:
>
> Hi,
>
> same site, other host.
> Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
> beyond me, but perhaps they don't know about x3270. ;-)
>
> Anyway, when I open a session, I am presented with several options:
>
> LOGON userid TSO
> CICSI integration CICS
> CICSP production CICS
> CICST test CICS
>
> (and there's the company-logo on top, but I omitted that :-] )
>
> I must admit that I don't no either of the above OSs - I have limited
> experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
> accounts I tried didn't work.
> Does anybody know some TSO default accounts, if any ?
> Or CICS ?
>
> cheers,
> Rainer
Hi.
I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.
You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular
basis.
...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)
Regards,
Glenn
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT