Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new cmd mainframe payload (generic_jcl) for z/OS #6717

Merged
merged 1 commit into from Apr 14, 2016

Conversation

Projects
None yet
3 participants
@bigendiansmalls
Copy link
Contributor

bigendiansmalls commented Mar 29, 2016

New Generic Mainframe (z/OS) JCL (Job Control Language - mainframe "scripting") cmd payload.

This payload does nothing but return successfully. It can be used to
test exploits and as a basis for other JCL cmd payloads. JCL is used to submit jobs (i.e. run programs) on the mainframe.

Testing the module with MSFVENOM should yield the following:
$ ./msfvenom -p cmd/mainframe/generic_jcl
No platform was selected, choosing Msf::Module::Platform::Mainframe from the payload
No Arch selected, selecting Arch: cmd from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 131 bytes
//DUMMY  JOB (MFUSER),'dummy job',
//   NOTIFY=&SYSUID,
//   MSGCLASS=H,
//   MSGLEVEL=(1,1),
//   REGION=0M
//   EXEC PGM=IEFBR14
$

Notes:

  • there is no exploit that uses this payload yet
  • it is the first of 3 PRs to complete an exploit which uses JCL
Add generic JCL cmd payload for z/OS (mainframe)
This payload does nothing but return successfully.  It can be used to
test exploits and as a basis for other JCL cmd payloads.

@bcook-r7 bcook-r7 merged commit a6518b5 into rapid7:master Apr 14, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

bcook-r7 added a commit that referenced this pull request Apr 14, 2016

@bigendiansmalls bigendiansmalls deleted the bigendiansmalls:mf_cmd_generic_jcl branch Apr 14, 2016

@bcook-r7 bcook-r7 self-assigned this Oct 11, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.