Enumerating z/OS TSO user IDs
In IBM mainframes (z/OS), the TSO login panel reveals information about authorized users through error messages. Attackers can leverage this information to enumerate valid user IDs of the system.
This recipe demonstrates how to enumerate z/OS TSO User IDs with Nmap.
How to do it...
To enumerate z/OS TSO user IDs with Nmap, enter the following command:
$ nmap -sV --script tso-enum <target>
Any valid users will be listed in the script output:
PORT   STATE SERVICE VERSION 23/tcp open  tn3270  IBM Telnet TN3270 | tso-enum: |   TSO User ID: |     TSO User:PETE -  Valid User ID |     TSO User:YOLI -  Valid User ID |     TSO User:PABLO -  Valid User ID |_  Statistics: Performed 6 guesses in 3 seconds, average tps: 2
The script emulates a TN3270
screen. Next, we will learn...