Rainer Duffner wrote: > > Hi, > > same site, other host. > Why someone would world-expose a IBM-Mainframe to the internet (23/tcp) is > beyond me, but perhaps they don't know about x3270. ;-) > > Anyway, when I open a session, I am presented with several options: > > LOGON userid TSO > CICSI integration CICS > CICSP production CICS > CICST test CICS > > (and there's the company-logo on top, but I omitted that :-] ) > > I must admit that I don't no either of the above OSs - I have limited > experience with zVM/CMS (-> ipl Linux S/390), but some of the usual default > accounts I tried didn't work. > Does anybody know some TSO default accounts, if any ? > Or CICS ? > > cheers, > Rainer Hi. I only have limited experience from CICS from the past (Bored admin; Reading manuals)however i have an idea; How about a simple password sniffer with keystroke injection capabilities? Just capture all strokes sent via the 3270 app, perhaps even send a few cmds while you're at it. You could even attack via the macro function (that usually exist in the 3270 app) if the user use those on a regular basis. ...or try a sniffer; if TCP/23 == vanilla Telnet, you can try the usual attacks; passing any hashed data, replaying traffic etc. (I have no idea if traffic on that port support encryption, just an idea.) Regards, Glenn ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 18:50:26 PDT