Here are the slides to my Derbycon talk on mainframe security. Mainframe Hacking – Derbycon 5.0 Mainframe Hacking Video – Derbycon 5.0
A much slimmer and simpler complement to the bind shell. Come see my talk at Derbycon this Saturday 5:30pm at and learn about how you (yes you) can put this to use in your pentests! This version does not have a built-in EBCDIC encoder/decoder like the bind shell below. The client (or framework??) is responsible for… Continue reading The reverse shell
Here’s a teaser on the talk I’m giving at Derbycon 5.0. Mainframe Pentesting / Security. No more excuses.
This is an addendum to the last post. Here is shellcode (and it’s stripped down source) that achieve the same goal as the prior post. The difference is the payload is XOR encoded and the shellcode, and it’s source, have a built in decoder stub that decodes the payload in memory then jumps to… Continue reading Bind Shell – shellcode and source
Key in any basic toolset for pentesting the mainframe platform is a selection of payloads that can be used to test vulnerabilities. Below is a bind shell payload, written from scratch in mainframe assembler. The shell can be connected to using netcat. The payload differs from its Intel counterparts, in that it contains its own EBCDIC to ASCII… Continue reading Mainframe Bind Shell – Source Code