Brute-forcing z/OS TSO accounts
z/OS TSO accounts often use identifiers that are easy to guess through brute-force or dictionary attacks. It is possible to automate the login procedure and attempt brute-force attacks against the password itself, so we need to consider that TSO accounts with weak passwords are at risk.
In this recipe, you will learn how to launch brute-force password auditing attacks against z/OS TSO accounts.
How to do it...
To start brute-forcing z/OS TSO accounts, simply run the following Nmap command:
$ nmap -sV --script tso-brute <target>
If we are lucky, the script will return valid credentials that we can use in the TSO login screen. The valid credentials will be listed, telling us when any users are logged in:
23/tcp open  tn3270  syn-ack IBM Telnet TN3270 | tso-brute: |   Node Name: |     IBMUSER:<skipped> - User logged on. Skipped. |     ZERO...