Awesome-Mainframe-Hacking

Mainframe Hacking Guide

A collection of resources for learning and practicing Mainframe Penetration Testing and Security

420 stars

23 watching

68 forks

last commit: about 2 years ago

↑ IBM zSeries / ↑ Books
Mainframe Basics for Security Professionals_ Getting Started with RACF - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)			Amazon -
IBM Redbooks - Introduction to the New Mainframe: z/OS Basics			Amazon -
PoCorGTFO#12 - Page 32 - A JCL Adventure with Network Job Entry			PDF -
↑ IBM zSeries / ↑ Tutorials
Emulating a MVS/zOS with Hercules
bigiron - Wiki/Collection of materials related to IBM z/OS security	42	almost 9 years ago
TSO Tutorial
Z/OS Introduction- An IBM Redbooks video course
Multiple Mainframe Security guides from Chicago Classic Computing
Using UNIX System Services to escalate your privileges on z/OS
The crash course to z/OS pentesting	81	over 4 years ago	by
↑ IBM zSeries / ↑ Scripts and Tools
TN3270 Clients - X3270
Multipurpose Nmap Scripts	10,234	7 days ago
↑ IBM zSeries / ↑ Scripts and Tools / Multipurpose Nmap Scripts
tn3270-screen.nse
tso-enum.nse
tso-brute.nse
vtam-enum.nse
lu-enum.nse
cics-enum.nse
cics-info.nse
cics-user-brute.nse
cics-user-enum.nse
↑ IBM zSeries / ↑ Scripts and Tools
TPX Brute - The z/OS TPX logon panel brute forcer	17	almost 7 years ago
RACF Database Parser	10	8 months ago
↑ IBM zSeries / ↑ Scripts and Tools / Mainframe Application pentesting (CICS etc.)
CICSPwn	84	about 4 years ago
BIRP	125	about 3 years ago
CICSshot - Take screenshots of CICS	6	about 8 years ago
Hacked wc3270 emulator	6	over 8 years ago
↑ IBM zSeries / ↑ Scripts and Tools / zOS Enumeration Scripts
All in one Enumeration of information like VERSION, APF Libraries, SVCs, USERS etc. on Z/OS	63	19 days ago
Collection of REXX Scripts by @ayoul3__	25	almost 8 years ago
SETRRCVT by @jaytay79	33	over 2 years ago
↑ IBM zSeries / ↑ Scripts and Tools
FTP - JCL commmand execution - Metasploit Modules by @bigendiansmalls	34,232	1 day ago
Metasploit Payloads for z/OS	34,232	1 day ago
NC110-OMVS Netcat for z/OS OMVS	10	over 11 years ago
TShOcker - Mini command interpreter for TSO & UNIX accessible by NetCat	24	about 6 years ago
zOS Privilege Escalation scripts by ayoul3__	79	about 5 years ago
Note on TESTAUTH command for running a program in elevated state	5	about 5 years ago
zOSFTPlib - python ftplib-like library specifically for Z/OS
↑ IBM zSeries / ↑ Presentations and Talks
Video - All the talks by Soldier of FORTRAN (@mainframed767)
How to Break into z/OS Systems - Staurt Henderson
How to Break Into z/OS Systems Through USS, TCP/IP, and the Internet
Video - Mainframe [z/OS] Reverse Engineering & Exploit Development by @bigendiansmalls
Video - Security Necromancy : Further Adventures in Mainframe Hacking by Soldier of FORTRAN (@mainframed767) & @bigendiansmalls
Top 10 Security Vulnerabilities in z/OS by John Hillman (Vanguard)
The current state of Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
Advanced Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
Defcon 22 From ROOT to SPECIAL - Soldier of FORTRAN (@mainframed767)
Mainframes: What the F$#K is That About? - Soldier of FORTRAN (@mainframed767)
BSidesAustin Mainframes: Everybody has one but nobody knows how to hack them - Soldier of FORTRAN (@mainframed767)
BSidesLV 2013 - Legacy 0-Day How hackers breached the Logica Mainframe - Soldier of FORTRAN (@mainframed767)
Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
Video - Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
Video - Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
Video - Ransomware on the Mainframe: Checkmate by @bigendiansmalls
Video - Learning Mainframe Hacking: Where the hell did all my free time go? by @bigendiansmalls
Post exploit goodness on a Mainframe SPECIAL is the new root by (@ayoul3__)
Video - Hacking Customer Information Control System (CICS) by Ayoub Elaassal (@ayoul3__)
Video - IBM Networking Attacks-Or The Easiest Way To Own A Mainframe by Martyn Ruks
Video - Cracking Mainframe Passwords by Nigel Pentland
Video - Exploiting the Mainframe - Z/OS integrity 101 by Mark Wilson & Ray Overby
Video - A Gentle Introduction to Hacking Mainframes by Dan Helton
PDF- Talk - Gibson 101 - Quick Introduction to Hacking Mainframes in 2020
Video - Buffer overflow on the mainframe, presented by Jake Labelle
PDF- Talk - How I Found Mainframe Buffer Overflows by Jake Labelle
↑ IBM zSeries / ↑ ACF2 Specific references
CA ACF2 for z/OS - 16.0 Documentation
GIAC - ACF2 Mainframe Security
↑ IBM zSeries / ↑ Labs
Mainframe Hacking - Choose Your own Adventure Game
DVCA - Damn Vulnerable CICS Application	21	9 months ago
DC30 - Mainframe Buffer Overflows Workshop Container	88	9 months ago
↑ IBM zSeries / ↑ Misc
Evil Mainframe Hacking Training/Course
CBT Tape - Collection of Freeware & Open Source distribution of IBM mainframe MVS & OS/360 Environments
z/OS Internet Library by IBM - Collection of manuals,guides & books about z/OS
DoD Security Technical implementation Guides(STIGS) - Search for ACF2, Z/OS, RACF etc.
Default Accounts	81	over 4 years ago
↑ IBM iSeries / ↑ iSeries Books
Hacking iSeries by Shalom Carmel			Amazon -
Mastering IBM i: The Complete Resource for Today's IBM i System by Jim Buck & Jerry Fottral			Amazon -
Experts' Guide to OS/400 & i5/OS Security by Carol Woodbury & Patrick Botz			Amazon -
The IBM AS400 A technical introduction			PDF -
↑ IBM iSeries / ↑ Tutorials and Checklists
AS/400 Security Assessment Mindmap
iSeries Penetration Testing
Security Audit of IBM AS/400 and System i : Part 1
Security Audit of IBM AS/400 and System i : Part 2
Security Assessment of the IBM i (AS 400) System : Part 1
Seclists Mailing list thread on Pentesting AS/400
Resources from Shalom Carmel's talk at BH Europe - 2006
↑ IBM iSeries / ↑ Tools
hack400tool - security handling tools for IBM Power Systems (formerly known as AS/400)	96	almost 7 years ago
Hash generator for IBM System i hashes (DES, SHA-1)
AS/400 SHA-1 hash format plugin for John the Ripper
↑ IBM iSeries / ↑ iSeries Presentations and Talks
Hack the Legacy: IBM I aka AS400 Revealed by Bart Kulach
AS/400 for pentesters by Shalom Carmel
AS/400: Lifting the Veil of Obscurity
↑ IBM iSeries / ↑ Miscellaneous
AS400i.com
Hack The Legacy Website

Awesome-Mainframe-Hacking

↑ IBM zSeries / ↑ Books

↑ IBM zSeries / ↑ Tutorials

↑ IBM zSeries / ↑ Scripts and Tools

↑ IBM zSeries / ↑ Scripts and Tools / Multipurpose Nmap Scripts

↑ IBM zSeries / ↑ Scripts and Tools

↑ IBM zSeries / ↑ Scripts and Tools / Mainframe Application pentesting (CICS etc.)

↑ IBM zSeries / ↑ Scripts and Tools / zOS Enumeration Scripts

↑ IBM zSeries / ↑ Scripts and Tools

↑ IBM zSeries / ↑ Presentations and Talks

↑ IBM zSeries / ↑ ACF2 Specific references

↑ IBM zSeries / ↑ Labs

↑ IBM zSeries / ↑ Misc

↑ IBM iSeries / ↑ iSeries Books

↑ IBM iSeries / ↑ Tutorials and Checklists

↑ IBM iSeries / ↑ Tools

↑ IBM iSeries / ↑ iSeries Presentations and Talks

↑ IBM iSeries / ↑ Miscellaneous