Mainframe Shell – Metasploit Framework

The public metasploit-framework now (officially) has the basic underpinnings for beginning mainframe pentesting.

As of 10/25 – there is now a shell which, along with the some core architecture files implemented a while back, will let non-EBCDIC based machines running the Metasploit Framework communicate with processes on the mainframe, doing the ASCII<->EBCDIC conversions under the covers.

What can you do with it?  Nothing.  Yet.  The next steps are payloads, then exploits.   The payloads are in the bank, written and being tested against a couple different versions of Z/OS (1.12, 1.13, 2.1 for now).  Those should show up in the framework soon.   Once there, they provide the last basic requirement for exploit development (generally rewarded with some type of shell).

Other items in various stages of development (TN3270 work done in collaboration with and much coding from @mainframed767) :

 

RACF gets serious about password encryption.

TL;DR ->Earlier this year IBM updated (and made backwards compatible to z/os v1r12) their RACF password hashing/encryption technology – and it’s awesome.  The APAR OA43999 has been out for months and, after you research and test it, you should apply it then migrate your users to the stronger algorithm as soon as you can.   This increases the complexity of brute forcing RACF passwords from hours/days to months/years!  Want more info/background?  Read on….

Continue reading RACF gets serious about password encryption.