From eedfc29b4825abadd692eba385f6cf7de5147a26 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 21 Dec 2016 00:16:06 +0000
Subject: [PATCH] Add support for RACF to cics-user-enum. Closes #619

---
 scripts/cics-user-enum.nse | 21 +++++++++++----------
 scripts/tn3270-screen.nse  |  2 --
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/scripts/cics-user-enum.nse b/scripts/cics-user-enum.nse
index 6ab89d81c..e5e6f19d4 100644
--- a/scripts/cics-user-enum.nse
+++ b/scripts/cics-user-enum.nse
@@ -35,6 +35,7 @@ CICS User ID enumeration script for the CESL/CESN Login screen.
 --
 -- @changelog
 -- 2016-08-29 - v0.1 - created by Soldier of Fortran
+-- 2016-12-19 - v0.2 - Added RACF support
 --
 -- @author Philip Young
 -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
@@ -106,7 +107,8 @@ Driver = {
     end
     -- At this point we MUST be at CESL/CESN to try accounts.
     -- If we're not then we quit with an error
-    if not (self.tn3270:find('SIGN ON TO CICS') and self.tn3270:find("Signon to CICS")) then
+    if not (self.tn3270:find('SIGN ON TO CICS') or self.tn3270:find("Signon to CICS")) then
+    local err = brute.Error:new( "Can't get to CESL")
       err:setRetry( true )
       return false, err
     end
@@ -117,21 +119,21 @@ Driver = {
     self.tn3270:get_all_data()
     stdnse.debug(2,"Screen Recieved for User ID: %s", pass)
     self.tn3270:get_screen_debug(2)
-    -- So far only support for TopSecret, ACF2
-    -- TODO: Add RACF error messages if they exist?
     if self.tn3270:find('TSS7145E') or
-       self.tn3270:find('ACF01004') then
-       -- known invalid userid
+       self.tn3270:find('ACF01004') or
+       self.tn3270:find('DFHCE3530') then
+       -- known invalid userid messages
        -- TopSecret: TSS7145E
        -- ACF2:      ACF01004
-       -- RACF:      TODO
+       -- RACF:      DFHCE3530
       stdnse.debug("Invalid CICS User ID: %s", string.upper(pass))
       return false,  brute.Error:new( "Incorrect CICS User ID" )
     elseif self.tn3270:find('TSS7102E') or
-           self.tn3270:find('ACF01012') then
+           self.tn3270:find('ACF01012') or
+           self.tn3270:find('DFHCE3523') then
       -- TopSecret: TSS7102E Password Missing
       -- ACF2:      ACF01012 PASSWORD NOT MATCHED
-      -- RACF:      TODO
+      -- RACF:      DFHCE3523 Please type your password.
       stdnse.verbose("Valid CICS User ID: %s", string.upper(pass))
       return true, creds.Account:new("CICS User", string.upper(pass), creds.State.VALID)
     else
@@ -244,9 +246,8 @@ action = function(host, port)
     local status, result = engine:start()
     -- port.version.extrainfo = "Security: " .. secprod
     -- nmap.set_port_version(host, port)
-    return "result"
+    return result
   else
     return err
   end
-
 end
diff --git a/scripts/tn3270-screen.nse b/scripts/tn3270-screen.nse
index c1255ab46..c5f730be4 100644
--- a/scripts/tn3270-screen.nse
+++ b/scripts/tn3270-screen.nse
@@ -54,8 +54,6 @@ Hidden fields will be listed below the screen with (row, col) coordinates.
 author = "Philip Young aka Soldier of Fortran"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = {"safe", "discovery"}
--- XXX Is this a real script?
---dependencies = {"tn3270-info"}
 
 portrule = shortport.port_or_service({23,992}, {"tn3270"})