RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload (IRRDBU00) to validate the User IDs to attack.

RACF (Resource Access Control Facility), is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems.

The whole point of this program is to try and bring home to folks the importance of choosing good passwords. Put simply, because RACF stores passwords securely, a good password will take of the order of 2 years to crack using brute force, but a poor password will take of the order of 2 minutes to crack using a dictionary attack. The choice is yours!

To get started download and run racfsnow.exe If the racfsnow.ini file doesn’t already exist it will be created and racfsnow will run in demo mode, using data supplied purely for demo purposes. To run normally, simply set demo_mode to false and supply the name of your own input file (and preferably also an IRRDBU00 unload file if possible).

There is only one optional command line parameter, all the rest are supplied via the racfsnow.ini file. The optional command line parameter is a single User ID. This invokes what is referred to as targeted mode and ignores all other scoping parameters, simply focusing on trying to recover a single User ID.

Note: Because the initial pass of the binary database file is doing a low level search for any passwords, it may still find several hits for a single User ID.