The HP Nonstop is the mainframe that I have done most of my research on. Links to my blogpost and whitepaper can be found below.
Blogpost:
Whitepaper:
These teach the basics of HP Nonstop and the basics of privilege escalation techniques for HP Nonstop. This is a cheat sheet for commands on the HP Nonstop and some notes that may be helpful when testing them.
Within HP Nonstop, a lot of the interaction happens by dropping into a processes shell and interacting with it directly. Each process has a different terminal prompt. These are useful to know and will be important for following along with the commands.
Prompt | Terminal |
> | TACL Shell. (Like Bash) Enter this shell by typing TACL. |
= | Safeguard shell for querying Safeguard. Enter this by typing SAFECOM. |
? | ​ |
; | ​ |
​ | ​ |
Safeguard Enumeration:
>SAFECOM; INFO DETAIL,​>SAFECOM; INFO VOLUME $*​>SAFECOM; INFO SUBVOL $*.*​>SAFECOM; INFO DISKFILE $*.*.*​>SAFECOM; INFO USER *.*
Guardian Enumeration:
>PROMPT BOTH​>WHO​>OSH (from here run normal linux commands)​>VOLUME (cd equivalent)​>FILEINFO (ls equivalent)​>#PMSEARCHLIST ($PATH equivalent)​>DSAP​>Processes​>SQL datasets
PMSEARCHLIST Privesc
>#PMSEARCHLIST$SYSTEM.SYSTEM $SYSTEM.PARMLIB​>SAFECOM; INFO SUBVOL $SYSTEM.SYSTEMNO RECORD FOUND​>SAFECOM; INFO SUBVOL $SYSTEM.PARMLIBNO RECORD FOUND​>VOLUME $SYSTEM.SYSTEM>FILEINFO​​>TEDIT VULNMACRO​
Hello World TACL Macro POC
​
Process Privesc
​
PROGID Privesc
​
CMON Privesc
​