from root to special - def con con 22/def con 22 presentations... · – python/jcl/ftp ... from...
TRANSCRIPT
![Page 1: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/1.jpg)
From ROOT to SPECIAL
Hacking IBM Mainframes
Soldier of Fortran @mainframed767
![Page 2: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/2.jpg)
DISCLAIMER!
All research was done under personal time. I am not here in the name of, or on behalf of, my employer.
Therefore, any views expressed in this talk are my own and not those of my employer.
This talk discusses work performed in my spare time generally screwing around with mainframes and thinking 'what if this still works...'
@mainframed767
![Page 3: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/3.jpg)
?Question?
PLAIN TXT 53%
SSL 47%
INTERNET MAINFRAMES
![Page 4: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/4.jpg)
?SSL?
Self Signed 33%
No Error 49�
SSL TN3270 MAINFRAMES Bad
CA 17%
![Page 5: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/5.jpg)
Who are you?
• Security Guy
• Tired of 90’s thinking
• Eye opening experience
@mainframed767
![Page 6: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/6.jpg)
PCI Security Expert
Mainframe Security Guru
ISO 27002 & PCI
Certifier
“What’s NETSTAT?”
- Our Horrible Consultant
![Page 7: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/7.jpg)
Spoken
![Page 8: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/8.jpg)
z/OS? WTF
• Most popular “mainframe” OS
• Version 2.1 out now!
Legacy my ass!
@mainframed767
![Page 9: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/9.jpg)
z/OS Demo
• Let’s take a look at this thing
• It’ll all make sense
@mainframed767
![Page 10: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/10.jpg)
zOS or PoS?
• Hard to tell, identifying sucks
• Scanner have “challenges”
nmap -sV -p 992 167.xxx.4.2 -Pn
@mainframed767
![Page 11: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/11.jpg)
Nmap 6.40
PORT: 992/tcp STATE: open
SERVICE: ssl
VERSION:
IBM OS/390
@mainframed767
![Page 12: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/12.jpg)
Nmap 6.46
PORT: 992/tcp STATE: open
SERVICE: ssl
VERSION:
Microsoft
IIS SSL
@mainframed767
![Page 13: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/13.jpg)
![Page 14: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/14.jpg)
CENSORED(
CENSORED(
CENSORED(
CENSORED(
CENSORED(
CENSORED(
![Page 15: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/15.jpg)
Other Methods
• Web Servers: IBM HTTP Server V5R3M0
![Page 16: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/16.jpg)
FTP Banner
@mainframed767
CENSORED(
![Page 17: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/17.jpg)
Lets Break in
• Steal Credentials
• Web Server
• 3270 Panels – Usin’ BIRP
@mainframed767
![Page 18: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/18.jpg)
Ettercap Demo
@mainframed767
![Page 19: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/19.jpg)
Missed it
@mainframed767
![Page 20: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/20.jpg)
CGI-Bin in tyool 2014
• REXX / SH still used
• Injection simple, if you know TSO commands
@mainframed767
![Page 21: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/21.jpg)
@mainframed767
![Page 22: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/22.jpg)
![Page 23: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/23.jpg)
![Page 24: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/24.jpg)
CENSORED( CENSORED(
@mainframed767
![Page 25: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/25.jpg)
B.I.R.P.
• Big Iron Recon & Pwnage
– By @singe – HITB 2014
• 3270 is awesome
@mainframed767
![Page 26: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/26.jpg)
Standard 3270
@mainframed767
![Page 27: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/27.jpg)
BIRP 3270
@mainframed767
![Page 28: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/28.jpg)
Only FTP?
• No Problem! • FTP lets you run JCL (JCL = Script)
• Command: SITE FILE=JES
![Page 29: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/29.jpg)
Access Granted
• Now we have access
• FTP Account • Asking someone
Now what?
@mainframed767
![Page 30: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/30.jpg)
![Page 31: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/31.jpg)
Escalate!
• Let’s escalate our privilege
• Connect with telnet/ssh/3270
@mainframed767
![Page 32: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/32.jpg)
Getroot.rx
• rexx script • Leverages CVE-2012-5951:
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
![Page 33: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/33.jpg)
Tsk tsk
• IBM not really being honest here
• Works on any setuid REXX script!
@mainframed767
![Page 34: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/34.jpg)
@mainframed767
![Page 35: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/35.jpg)
DEMO
@mainframed767
![Page 36: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/36.jpg)
DEMO
![Page 37: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/37.jpg)
THANKS
• Swedish Black Hat community
• Oliver Lavery – GDS Security
• Logica Breach Investigation Files
![Page 38: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/38.jpg)
![Page 39: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/39.jpg)
Keep ACCESS
• Get a copy of the RACF database
• John the Ripper
racf2john racf.db
john racf_hashes
@mainframed767
![Page 40: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/40.jpg)
Steal
• Use IRRDBU00 to convert RACF to flat file
• Search for SPECIAL accounts
• Login with a SPECIAL account
@mainframed767
![Page 41: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/41.jpg)
IRRDBU00
CENSORED(
@mainframed767
![Page 42: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/42.jpg)
Welcome to OWN zone
• SPECIAL gives access to make any change to users
• Add Users • Make others SPECIAL, OPERATIONS
@mainframed767
![Page 43: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/43.jpg)
Give�r UID 0
@mainframed767
![Page 44: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/44.jpg)
Give�r SPECIAL
@mainframed767
![Page 45: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/45.jpg)
INETD
@mainframed767
![Page 46: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/46.jpg)
INETD
• Works just like Linux
Kill inetd:
- ps –ef|grep inetd - Kill <id>
@mainframed767
![Page 47: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/47.jpg)
Connect with NETEBCDICAT
• EBCDIC!
@mainframed767
• Use NetEBCDICat
![Page 48: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/48.jpg)
BPX. Wha?
• BPX.SUPERUSER – Allows people to su to root without password
![Page 49: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/49.jpg)
BPX.SUPERUSER
• As SPECIAL user type (change userid):
PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(USERID) ACCESS(READ)
And
SETROPTS GENERIC(FACILITY) REFRESH
![Page 50: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/50.jpg)
Tools
• CATSO – TSO Bind/Reverse shell
• TSHOCKER – Python/JCL/FTP wrapper for CATSO
• MainTP – Python/JCL/FTP getroot.rx wrapper
@mainframed767
![Page 51: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/51.jpg)
![Page 52: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/52.jpg)
TShocker
@mainframed767
![Page 53: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/53.jpg)
Maintp
• Uses GETROOT.rx + JCL and FTP and NetEBCDICat to get a remote root shell
@mainframed767
![Page 54: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/54.jpg)
![Page 55: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/55.jpg)
Thanks
• Logica Breach Investigation Team
• Dominic White (@singe)
• The community
![Page 56: From ROOT to SPECIAL - DEF CON CON 22/DEF CON 22 presentations... · – Python/JCL/FTP ... From root to SPECIAL - Hacking IBM ... Technology, Phreaking, Lockpicking, Hackers, Infosec,](https://reader034.vdocuments.net/reader034/viewer/2022051406/5aac38707f8b9a693f8cc454/html5/thumbnails/56.jpg)
Contact
Twitter�
@mainframed767
Email�
Websites:
Mainframed767.tumblr.com
Soldieroffortran.org