From dd5be2c6566101f2ac8516e17550db3308c2babe Mon Sep 17 00:00:00 2001 From: mgeeky Date: Mon, 25 Nov 2019 13:06:08 +0100 Subject: [PATCH] Updated IBM MQ notes. --- networks/IBM-MQ-Pentesting-notes.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/networks/IBM-MQ-Pentesting-notes.md b/networks/IBM-MQ-Pentesting-notes.md index 48a390c..710828d 100644 --- a/networks/IBM-MQ-Pentesting-notes.md +++ b/networks/IBM-MQ-Pentesting-notes.md @@ -181,6 +181,15 @@ If we wish to have our commands' results back, then more code will need to be ad Martyn Ruks described (ref: 1, page 30) that we may also succeed invoking system commands by defining event triggers that would execute specified command as soon as preconfigured event fired up our malicious trigger. +## Additional sources + +1. [Martyn Ruks: WebSphere MQ Security. White Paper – Part 1](https://labs.f-secure.com/assets/141/original/mwri_websphere-mq-security-white-paper-part1_2008-05-06.pdf) +2. [Martyn Ruks: MQ Jumping](https://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf) +3. [punch-q](https://github.com/sensepost/punch-q) +4. [pymqi installation issue](https://github.com/dsuch/pymqi/issues/15#issuecomment-124772995)raad](https://gist.github.com/mgeeky/fc11c9f227755a529eb607ed4d1742f9) + + + ## Additional sources 1. [Martyn Ruks: WebSphere MQ Security. White Paper – Part 1](https://labs.f-secure.com/assets/141/original/mwri_websphere-mq-security-white-paper-part1_2008-05-06.pdf)