Script tso-enum
Script types:
portrule
Categories:
intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/tso-enum.nse
Script Summary
TSO User ID enumerator for IBM mainframes (z/OS). The TSO logon panel
tells you when a user ID is valid or invalid with the message:
IKJ56420I Userid <user ID> not authorized to use TSO
.
The TSO logon process can work in two ways:
1) You get prompted with IKJ56700A ENTER USERID -
to which you reply with the user you want to use.
If the user ID is valid it will give you a normal
TSO logon screen. Otherwise it will give you the
screen logon error above.
2) You're given the TSO logon panel and enter your user ID
at the Userid ===>
prompt. If you give
it an invalid user ID you receive the error message above.
This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP.
TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, #, $. - it cannot be longer than 7 chars
Script Arguments
- tso-enum.commands
Commands in a semi-colon separated list needed to access TSO. Defaults to
tso
.- brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
- creds.[service], creds.global
See the documentation for the creds library.
- passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
Example Usage
nmap --script=tso-enum -p 23 <targets>
nmap -sV -p 9923 10.32.70.10 --script tso-enum --script-args userdb=tso_users.txt,tso-enum.commands="logon applid(tso)"
Script Output
PORT STATE SERVICE VERSION 23/tcp open tn3270 IBM Telnet TN3270 | tso-enum: | TSO User ID: | TSO User:RAZOR - Valid User ID | TSO User:BLADE - Valid User ID | TSO User:PLAGUE - Valid User ID |_ Statistics: Performed 6 guesses in 3 seconds, average tps: 2
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html