Re: Help Exploiting MQ

[NinjasFlipOutAndKillPeopleAllTheTime <ninjasflipoutandkillpeople () gmail com>]

I can't help with exploiting binaries, but here are a few things you
can look at.  Most of these are orientated towards having direct
access to the boxes running MQ rather than via a presentation layer
(such as a website)

* In the first instance, if the OAM is off, lots of security stuff
goes out the window.

* For MQ sessions where the two 'nodes' are both on Win32, you can
instruct them to pass domain SIDs in addition to text based usernames.
 In mixed environments, some amount of authentication spoofing should
be possible by judicious use of environment variables....or...

* Get the MQ client from IBM.  Lots of source code examples in it. 
Look at stuff relating to MCA_USER attribute.  Things are likely to
get much more complicated if you're interfacing with kit with serious
user managment though (iSeries, Tandems etc)

* For expediency (like where a test environment has moved into
production), you may frequently find that unathenticated connections
to SYSTEM.DEF.SVRCONN are possible (initially set up as a template to
clone new queues from, but almost always left behind).  Get that and
you own the box from an MQ perspective.  Starting, stopping, creation,
deletion of messages/queues are all possible at this stage.

* Finally, don't overlook the OS security.  If the root password is
password, you may not need to go to all this trouble :-)

I'm only really just starting on this, and most of what's above is
based on the excellent IBM redbook stuff.  If you have any luck I'd be
interested to here.

Cheers

-------------------------------------------------------------------------
Think this is a stupid email address?  See http://realultimatepower.net/
Gotta love the internet...A billion ways to waste time...