Updated IBM MQ notes.

This commit is contained in:
mgeeky 2019-11-25 13:06:08 +01:00
parent 538e2baa3c
commit dd5be2c656

View File

@ -181,6 +181,15 @@ If we wish to have our commands' results back, then more code will need to be ad
Martyn Ruks described (ref: 1, page 30) that we may also succeed invoking system commands by defining event triggers that would execute specified command as soon as preconfigured event fired up our malicious trigger. Martyn Ruks described (ref: 1, page 30) that we may also succeed invoking system commands by defining event triggers that would execute specified command as soon as preconfigured event fired up our malicious trigger.
## Additional sources
1. [Martyn Ruks: WebSphere MQ Security. White Paper Part 1](https://labs.f-secure.com/assets/141/original/mwri_websphere-mq-security-white-paper-part1_2008-05-06.pdf)
2. [Martyn Ruks: MQ Jumping](https://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
3. [punch-q](https://github.com/sensepost/punch-q)
4. [pymqi installation issue](https://github.com/dsuch/pymqi/issues/15#issuecomment-124772995)raad](https://gist.github.com/mgeeky/fc11c9f227755a529eb607ed4d1742f9)
## Additional sources ## Additional sources
1. [Martyn Ruks: WebSphere MQ Security. White Paper Part 1](https://labs.f-secure.com/assets/141/original/mwri_websphere-mq-security-white-paper-part1_2008-05-06.pdf) 1. [Martyn Ruks: WebSphere MQ Security. White Paper Part 1](https://labs.f-secure.com/assets/141/original/mwri_websphere-mq-security-white-paper-part1_2008-05-06.pdf)