0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

Update 1414-pentesting-ibmmq.md (typos)

This commit is contained in:
Sébastien Copin 2023-10-12 13:52:24 +02:00 committed by GitHub
parent 30cbf6ebc7
commit fe88ec40e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
network-services-pentesting/1414-pentesting-ibmmq.md
View File

@ -102,7 +102,7 @@ It happens that some IBM MQ instances accept **unauthenticated** MQ requests, so
As soon as we get one channel name (here: `DEV.ADMIN.SVRCONN`), we can enumerate all other channels.
The enumeration can basically be done with this code snippet `code/examples/dis_channels.py` from *pymqi*:
The enumeration can basically be done with this code snippet `code/examples/dis_channels.py` from **pymqi**:
```python
import logging
@ -222,7 +222,7 @@ You can target queue(s)/channel(s) to sniff out / dump messages from them (non-d
>
> *Note: always according to IBM MQ documentation (Administration Reference), there is also an HTTP endpoint at `/admin/action/qmgr/{qmgrName}/mqsc` to run the equivalent MQSC command for service creation (`DEFINE SERVICE`). This aspect is not covered yet here.*
The service creation / deletion with PCF for remote program execution is can be done by **punch-q**:
The service creation / deletion with PCF for remote program execution can be done by **punch-q**:
**Example 1**
@ -240,7 +240,7 @@ You can also enumerate existing programs on the machine (here `/bin/doesnotexist
```bash
sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
s "-c id"
s "whatever"
Command: /bin/doesnotexist
Arguments: -c id
Service Name: 6e3ef5af652b4436
@ -262,7 +262,7 @@ For easy reverse shell, **punch-q** proposes also two reverse shell payloads :
* One with bash
* One with perl
*Of course you can build a custom one with the `execute`.*
*Of course you can build a custom one with the `execute` command.*
For bash:
@ -368,4 +368,4 @@ CONTAINER ID IMAGE COMMAND CRE
* [mgeeky's gist - "Practical IBM MQ Penetration Testing notes"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec)
* [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
* [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq)
* [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq)