Attackers can also target large mainframes to harvest very sensitive data.
0 CVE Mainframe related
Strangely there are 0 CVE at the given time for any vulnerabilities on the z/OS and it is considered as a highly secure platform.
The risk is if a highly secure z/OS is connected to a less insecure Windows environment where the attackers can from a compromised network attack the z/OS.
Admins can also use smart cards or Kerberos to access the secure platform.
Mainframe Linux Windows 3270 Emulator
Programs related to Mainframes are Quick3270, WC3270.
z/OS Password RACF Database
Passwords on z/OS are stored in the RACF database in a hashed format.
CICS was used earlier to connect multiple mainframes to process banking transactions.
IBM developed CICS in 1968 and promote SNA networking before TCP/IP in the 90ties.
CICS is like a combination of CMS WordPress and a classic middleware such as Tomcat or Apache.
CICS gives shortcuts to use in COBOL code and makes them available via VTAM..
By exiting the application with F3 the user gets back on CICS screen or terminal.
CICS terminal is waiting for a four digit code to launch like CESN authentication program.
It is possible to bruteforce transaction ID with scripts.
Two interesting scripts are:
CECI gives a interpreter to execute. Read files write files.
CEMT (CICS Master Terminal Program)
Controls resources on CICS files programs, transaction ID.
By having access to the two programs it can be used to control the CICS.
Via a program called CICSpwn python script to make it more easy.
Often cicspwn.pl can be used without authentication to gain sensitive data and execute code as well.