HP Nonstop

Background

The HP Nonstop is the mainframe that I have done most of my research on. Links to my blogpost and whitepaper can be found below.
Blogpost:
Whitepaper:
These teach the basics of HP Nonstop and the basics of privilege escalation techniques for HP Nonstop. This is a cheat sheet for commands on the HP Nonstop and some notes that may be helpful when testing them.

Command Prompts

Within HP Nonstop, a lot of the interaction happens by dropping into a processes shell and interacting with it directly. Each process has a different terminal prompt. These are useful to know and will be important for following along with the commands.
Prompt
Terminal
>
TACL Shell. (Like Bash) Enter this shell by typing TACL.
=
Safeguard shell for querying Safeguard. Enter this by typing SAFECOM.
?
โ€‹
;
โ€‹
โ€‹
โ€‹

Commands

Safeguard Enumeration:
1
>SAFECOM; INFO DETAIL,
2
โ€‹
3
>SAFECOM; INFO VOLUME $*
4
โ€‹
5
>SAFECOM; INFO SUBVOL $*.*
6
โ€‹
7
>SAFECOM; INFO DISKFILE $*.*.*
8
โ€‹
9
>SAFECOM; INFO USER *.*
Copied!
Guardian Enumeration:
1
>PROMPT BOTH
2
โ€‹
3
>WHO
4
โ€‹
5
>OSH (from here run normal linux commands)
6
โ€‹
7
>VOLUME (cd equivalent)
8
โ€‹
9
>FILEINFO (ls equivalent)
10
โ€‹
11
>#PMSEARCHLIST ($PATH equivalent)
12
โ€‹
13
>DSAP
14
โ€‹
15
>Processes
16
โ€‹
17
>SQL datasets
Copied!
PMSEARCHLIST Privesc
1
>#PMSEARCHLIST
2
$SYSTEM.SYSTEM $SYSTEM.PARMLIB
3
โ€‹
4
>SAFECOM; INFO SUBVOL $SYSTEM.SYSTEM
5
NO RECORD FOUND
6
โ€‹
7
>SAFECOM; INFO SUBVOL $SYSTEM.PARMLIB
8
NO RECORD FOUND
9
โ€‹
10
>VOLUME $SYSTEM.SYSTEM
11
>FILEINFO
12
โ€‹
13
โ€‹
14
>TEDIT VULNMACRO
15
โ€‹
Copied!
Hello World TACL Macro POC
1
โ€‹
Copied!
Process Privesc
1
โ€‹
Copied!
PROGID Privesc
1
โ€‹
Copied!
CMON Privesc
1
โ€‹
Copied!