Presented at
DEF CON 30 (2022),
Aug. 13, 2022, 2:30 p.m.
(45 minutes)
Mainframes run the world, literally. Have you ever paid for something,
a mainframe was involved, flown? Used a bank? Gone to college? A
mainframe was involved. Do you live in a country with a government?
Mainframes! The current (and really only) mainframe OS is z/OS from
IBM. If you've ever talked to a mainframer you'll get told how they're
more secure because buffer overflows are (were) impossible. This talk
will prove them all wrong!
Finding exploits on z/OS is no different than any other platform. This
talk will walk through how you too can become a mainframe exploit
researcher!
Remote code execution is extra tricky on a mainframe as almost all
sockets read data with the ASCII character set and convert that to
EBCDIC for the application. With this talk you will find out how to
find and then remotely overflow a vulnerable mainframe C program and
create a ASCII -> EBCDIC shellcode to escalate your privileges
remotely, without auth. Previous mainframe talks focused on
infrastructure based attacks. This talk builds on those but adds a
class of vulnerabilities, opening up the mainframe hacking community.
Presenters:
-
Jake Labelle
- Security Consultant
Jake, a security consultant from Basingstoke, UK, got his hands on a licensed emulator for z/OS over the pandemic , and considering that we have been in and out of lockdown for the past two years, started playing around with it for a fairly good portion of time. As someone who adores the 80s cyber aesthetic, he loves mucking around with it, but also there is nothing legacy about mainframes, docker, node js, python all your modern applications/programs are on there. Over the past year, he has found and reported a number of z/OS LPEs and RCEs vulns to IBM.
Links:
Similar Presentations: