Had a great time playing through the amazing game created by Phil Young (Soldier of Fortran @mainframed767). What makes thing project amazing is that it was written in HyperCard 2.4 and runs only on the old Apple Macintosh systems (Macintosh 7.0.1) as seen in a screenshot below. So getting into it requires a dedication that a “hacker” should have. The idea is brilliant and introduces people to the concept of Mainframe hacking (many people don’t even know what Mainframes were or are )
The game can be played online from Archive.org’s simulation here https://archive.org/details/MainframeHackingCYOA or local if you download the images from Archive.org
You can use the minivmac (https://github.com/jsdf/minivmac) or the pce (http://www.hampa.ch/pce/download.html) both work fine for the MainframeHackingCYOA. I have managed to run the game on simulated Alpha DS25 via alphavm or on a MIPS CI20 development board (running the retro CDE)
Since we got this far I wanted to take an opportunity to describe my experience during the gameplay and show some interesting points this game makes. Again big thanks to Soldier of Fortran for this gem !
We start the game simply by being curious. I recommend to go through this yourself .. before reading the below.
Now this is quite informative. Nmap, Metasploit and Hydra is a daily bread to any security researcher but c3270( curses-based IBM host access tool) not so much (http://x3270.bgp.nu/download.html)
So we ran the VTAM enumeration against the telnet port 23 we have found earlier and learn about the TSOPRD, TSODEV, CICSPRD1 and CICSPRD2 applids. We can use the information to enumerate the CICS on the Mainframe as seen below. Remember that we have a password from the leaked Ecorp document off the BBS ( ECorp@18) so we use these credentials for CICS enumeration here … Lets query the TSODEV and see what information comes out.
Now if you get lucky and choose a privileged user from the above you can finish the game quickly .. x420 looks like it must have some weight … what I did however was using x003 and TSO attack
Update 31.05. Silly me … typing in wrong commands is typical .. so you need to enter SYS2.OLDLIB
Another method is via CICS attack – since I already got the info that x420 will be the super user … I went straight into attacking the CICS -> starting over
So we have learned a few things here … time to study the above code from this git repo github.com/ayoul3
https://github.com/ayoul3/cicspwn https://github.com/ayoul3/Privesc https://github.com/ayoul3/Rexx_scripts https://github.com/ayoul3/JCL_scripts https://github.com/ayoul3/wc3270_hacked
Here are the @mainframed767 Youtube resources about Mainframe security
And maybe starting to learn from scratch using HERCULES https://github.com/hercules-390/hyperion