Published on February 1st, 2014 | by NJ Ouchn


[New Tool] racfsnow Password cracker for RACF (IBM mainframe) v1.5 in the wild

RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload (IRRDBU00) to validate the User IDs to attack.

It uses an ini file to control various parameters to enable focusing the attack on certain user IDs and or passwords.

This program is very original since the community is lacking such free utilities to perform security assessment on IBM Mainframe (zOS and other subsystems). I hope the author could add more features to extend it to do more tests such as : checking for the system version, checking for the datasets, elevating privileges using ISPF, gathering information using RACF TSO commands. Pentesting RACF  systems is not an easier task since one’s has to fully understand the zOS architecture.

Check here full documentation >> http://www.racfsnow.co.uk/racfsnow.pdf

This tool has been submitted by Nigel Pentland



Tags: , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑