Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
##
7
# This is a prototype JCL command payload for z/OS - mainframe.
8
#   It submits the IEFBR14 standard z/OS program, which does nothing
9
#   but complete successfully and return code 0.
10
#
11
#   See http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.ieab500/hpropr.htm?lang=en
12
#   for more information on IEFBR14
13
##
14

15

16
module MetasploitModule
17
  CachedSize = 150
18
  include Msf::Payload::Single
19
  include Msf::Payload::Mainframe
20
  include Msf::Sessions::CommandShellOptions
21

22
  def initialize(info = {})
23
    super(merge_info(info,
24
                     'Name'          => 'Generic JCL Test for Mainframe Exploits',
25
                     'Description'   => 'Provide JCL which can be used to submit
26
                        a job to JES2 on z/OS which will exit and return 0.  This
27
                        can be used as a template for other JCL based payloads',
28
                     'Author'        => 'Bigendian Smalls',
29
                     'License'       => MSF_LICENSE,
30
                     'Platform'      => 'mainframe',
31
                     'Arch'          => ARCH_CMD,
32
                     'Handler'       => Msf::Handler::None,
33
                     'Session'       => Msf::Sessions::MainframeShell,
34
                     'PayloadType'   => 'cmd',
35
                     'RequiredCmd'   => 'jcl',
36
                     'Payload'       =>
37
      {
38
        'Offsets' => {},
39
        'Payload' => ''
40
      }))
41
    register_options(
42
      [
43
        OptString.new('ACTNUM', [true, "Accounting info for JCL JOB card", "MSFUSER-ACCTING-INFO"]),
44
        OptString.new('PGMNAME', [true, "Programmer name for JCL JOB card", "programmer name"]),
45
        OptString.new('JCLASS', [true, "Job Class for JCL JOB card", "A"]),
46
        OptString.new('NOTIFY', [false, "Notify User for JCL JOB card", ""]),
47
        OptString.new('MSGCLASS', [true, "Message Class for JCL JOB card", "Z"]),
48
        OptString.new('MSGLEVEL', [true, "Message Level for JCL JOB card", "(0,0)"])
49
      ],
50
      self.class
51
    )
52
    register_advanced_options(
53
      [
54
        OptBool.new('NTFYUSR', [true, "Include NOTIFY Parm?", false]),
55
        OptString.new('JOBNAME', [true, "Job name for JCL JOB card", "DUMMY"])
56
      ],
57
      self.class
58
    )
59
  end
60

61
  ##
62
  # Construct Payload
63
  ##
64
  def generate(_opts = {})
65
    super + command_string
66
  end
67

68
  ##
69
  # Setup replacement vars from options if need be
70
  ##
71
  def command_string
72
    jcl_jobcard +
73
      "//   EXEC PGM=IEFBR14\n"
74
  end
75
end
76

77