http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and to submit a job. They upload a program called "netcat" into a data set starting with their RACF id. They then submit a job which copies the data set into the /tmp subdirectory with a "random" name, chmod the name to be executable, then executes does starts the netcat in the "background" (asynchronous to the batch job) and piping to/from the z/OS UNIX shell. The "hacker" simply connects to the port that netcat is listening on, and presto, they have a shell on their desktop. -- This is a test of the Emergency Broadcast System. If this had been an actual emergency, do you really think we'd stick around to tell you? Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
