Recently updated my work in Metasploit to allow for editing of the JCL JOB card, in PR7221. What this means for you senior and aspiring z/OS pentesters, is that you can tailor JCL you submit with valid CLASS,MSGCLASS,NOTIFY,ACCOUNTING etc. This will allow for more success running jobs on different systems and, out of the box,… Continue reading Updated JCL in Metasploit Functionality
Category: Uncategorized
Tips for Productive Debugging with GDB
For any of you who live in GDB, this is a great quick guide on some setup options that will improve your GDB efficiency.
Things I’ve Learned (and things to come)
I started writing a list of topics I’ve learned, some in excruciating detail, some just enough to know where to look for further details (trust me, that is no small feat). I’m writing this not only as a way of keeping me honest on those days when nothing goes right, but also as a way to… Continue reading Things I’ve Learned (and things to come)
Risky Business #410 — Mainframe security: Too big to fail?
Had a great interview with Patrick on the Risky Business podcast. Listen here:
Smashing the z/OS LE “Daisy” Chain for Fun and Cease and Desist letters (GUEST POST)
The following is a cross-post from REDDIT, reposted here with permission from the author @_Ciq (twitter) – Excellent write-up!!! -BeS <Big wall of text trigger warning.> Over the past few months I’ve been becoming increasingly interested in the CTF concept; finding (purposely built) flaws in software and exploiting them so that arbitrary code can be… Continue reading Smashing the z/OS LE “Daisy” Chain for Fun and Cease and Desist letters (GUEST POST)
The reverse shell
A much slimmer and simpler complement to the bind shell. Come see my talk at Derbycon this Saturday 5:30pm at and learn about how you (yes you) can put this to use in your pentests! This version does not have a built-in EBCDIC encoder/decoder like the bind shell below. The client (or framework??) is responsible for… Continue reading The reverse shell
Bind Shell – shellcode and source
This is an addendum to the last post. Here is shellcode (and it’s stripped down source) that achieve the same goal as the prior post. The difference is the payload is XOR encoded and the shellcode, and it’s source, have a built in decoder stub that decodes the payload in memory then jumps to… Continue reading Bind Shell – shellcode and source
Python shells on Z & a Patch to Ported Tools
Rocket Software (@rocket on twitter, links below) has a great set of ported tools for System Z. One of them is Python 2.7.6 Python is in ever penetration tester’s toolkit, and one of my favorite uses for it is to get a “clean” shell once you have gotten connectivity to a system. Mainframe is… Continue reading Python shells on Z & a Patch to Ported Tools