The first z/OS exploit module in the Metasploit Framework, landed last Friday. This is an exploit which takes advantage of a default or poorly configured FTP server. And, it requires valid credentials. However, given this (and it’s a very common configuration), you will be presented with a very nice Unix shell – allowing for deeper… Continue reading A logical first step
Had a great interview with Patrick on the Risky Business podcast. Listen here:
# update 3/31 – added Reverse Shell JCL – this can be used by any direct-to-JES2 delivery method (e.g. FTP, NJE, etc) PR #6737 In continuation of adding more mainframe functionality to Metasploit, I’ve built (and am in the process of incorporating) JCL (job control language)-based payloads (and exploits which use them) within the framework. Once… Continue reading JCL Scripting for Metasploit-Framework
A thoughtful review of the existing IBM debuggers for z/OS
Mainframe Insecuritites or Hack the Gibson. No, Really!
When Metasploit meets Mainframe
Here’s a teaser on the talk I’m giving at Derbycon 5.0. Mainframe Pentesting / Security. No more excuses.
This is an addendum to the last post. Here is shellcode (and it’s stripped down source) that achieve the same goal as the prior post. The difference is the payload is XOR encoded and the shellcode, and it’s source, have a built in decoder stub that decodes the payload in memory then jumps to… Continue reading Bind Shell – shellcode and source
Key in any basic toolset for pentesting the mainframe platform is a selection of payloads that can be used to test vulnerabilities. Below is a bind shell payload, written from scratch in mainframe assembler. The shell can be connected to using netcat. The payload differs from its Intel counterparts, in that it contains its own EBCDIC to ASCII… Continue reading Mainframe Bind Shell – Source Code
Creating shellcode on System Z (Mainframe) Unix System Services (USS) employs the same disciplines required for the same activities on Intel platforms. The difference lies in the syntax, assembler mnemonics, tools available, and debugging utilities. There are certainly other ways to achieve this, and I’m still refining my favorites. The below is one of my… Continue reading Building shellcode, egghunters and decoders.