{"id":19297277,"url":"https://github.com/mainframed/logica","last_synced_at":"2025-04-22T08:31:27.144Z","repository":{"id":8324325,"uuid":"9875779","full_name":"mainframed/logica","owner":"mainframed","description":"Files compiled from the Logica breach investigation materials","archived":false,"fork":false,"pushed_at":"2018-08-14T04:45:58.000Z","size":28,"stargazers_count":40,"open_issues_count":0,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-09T23:02:26.358Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mainframed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-05-05T23:04:18.000Z","updated_at":"2024-02-09T08:50:57.000Z","dependencies_parsed_at":"2022-08-07T02:15:34.157Z","dependency_job_id":null,"html_url":"https://github.com/mainframed/logica","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mainframed%2Flogica","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mainframed%2Flogica/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mainframed%2Flogica/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mainframed%2Flogica/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mainframed","download_url":"https://codeload.github.com/mainframed/logica/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250206190,"owners_count":21392208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T23:01:50.172Z","updated_at":"2025-04-22T08:31:24.182Z","avatar_url":"https://github.com/mainframed.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"## Logica Investigation\n\n**Description**: In this repository is a collection of files outlined/documented in the various files included within the alleged Logica breach. Most of the files are complete (typos notwithstanding) and incomplete files contain whatever was documented in the investigation paperwork.\n\n## WHY?\n\nI decided to document these files here due to the historical nature of the breach. It is the first publicly documented IBM z/OS breach in which the some of the code is actually available. It also serves as educational resources to those wanting to get interested in testing/auditing mainframes and mainframe security. \n\n## The Files\n\n**aptitup.jcl**: A JCL file which executes the file `/tmp/a.env` file in **OMVS** (aka UNIX) using `BPXBATCH`. \n\n**Enum.c**: A C program to enumerate users using `getpwuid`. \n\n**go.rx**: A REXX script used to escalate privileges to the UID/GID supplied to the script. It is assumed this program is running with an appropriate setuid.\n\n**Ha.C**: A C program that takes two arguments UID/GID and executes `/bin/sh` as the supplied arguments.\n\n**kuku.rx**: A REXX script which exploits a previously unknown 0-Day vulnerability in CNMEUNIX (a program in OMVS with setuid). The script uses CNMEUNIX to locally escalate privileges to superuser (aka root) access in OMVS. **This code is only a snippet as that is all that is available**.\n\n**nop.jcl**: A JCL file which \"does nothing\" ;)\n\n**Tfy.source.backdoor**: A ASM program which changes ACEE settings. \n\n**tsocmd.rx**: A REXX script which executes TSO commands. This is different from the /bin/tso command as it can execute authorized programs. This script is freely available from IBM but was found during the investigation. \n\n**utcam.sh**: BASH script which when run send commands to a remote listening web server. \n\n**vc242**: Turns on and off the JSCBAUTH bit depending on the contents of Register 0. (thanks @BarrySchrager1)\n\n**DeFeNeStRaTe.C**: z/OS OMVS local exploit for APF authorized load module IOELMD10\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmainframed%2Flogica","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmainframed%2Flogica","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmainframed%2Flogica/lists"}