Re: Default passwords for TSO and CICS ?

[Glenn Larsson <ichinin () swipnet se>]

Rainer Duffner wrote:
> Hi,
>
> same site, other host.
> Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is
> beyond me, but perhaps they don't know about x3270. ;-)
>
> Anyway, when I open a session, I am presented with several options:
>
> LOGON userid            TSO
> CICSI                   integration CICS
> CICSP                   production CICS
> CICST                   test CICS
>
> (and there's the company-logo on top, but I omitted that :-] )
>
> I must admit that I don't no either of the above OSs - I have limited
> experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default
> accounts I tried didn't work.
> Does anybody know some TSO default accounts, if any ?
> Or CICS ?
>
> cheers,
> Rainer

Hi.

I only have limited experience from CICS from the past
(Bored admin; Reading manuals)however i have an idea;
How about a simple password sniffer with keystroke
injection capabilities? Just capture all strokes sent
via the 3270 app, perhaps even send a few cmds while
you're at it.

You could even attack via the macro function (that usually
exist in the 3270 app) if the user use those on a regular
basis.

...or try a sniffer; if TCP/23 == vanilla Telnet, you can
try the usual attacks; passing any hashed data, replaying
traffic etc. (I have no idea if traffic on that port
support encryption, just an idea.)

Regards,
Glenn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/