CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/misc/ibm_mq_login.md
Views: 1904
Vulnerable Application
IBM Downloads page: https://developer.ibm.com/messaging/mq-downloads/
Tested on IBM MQ 7.5, 8 and 9
Usage:
Download and install MQ Server from the above link
Create a new Queue Manager
Create a new channel (without SSL)
Allow remote connections for admin users by removing the CHLAUTH record that denies all users or configure access for a specific username.
Run the module
Verification Steps
Install IBM MQ Server 7.5, 8, or 9
Start msfconsole
Do:
use auxiliary/scanner/misc/ibm_mq_login
Do:
set channel <admin_channel_name_without_ssl>
Do:
set queue_manager <queue_manager_name>
Do:
set usernames_file <list_of_usernames>
Do:
set rhosts <target_IP>
Do:
set rport <port>
Do:
run
Options
USERNAMES_FILE
This option should contain the path to a text file which contains a list of usernames that will be checked. One username per line.
QUEUE_MANAGER
This option should contain the name of the target Queue Manager.
CHANNEL
This option should contain the name of a server-connection channel that will be used to connect to the Queue Manager.
Scenarios
This module can be used to identify a list of usernames that are allowed to connect to the Queue Manager. This module requires the name of a valid server-connection channel, the Queue Manager's name which can be obtained by running the following 2 modules:
auxiliary/scanner/misc/ibm_mq_channel_brute
auxiliary/scanner/misc/ibm_mq_enum
After identifying a valid username, MQ Explorer can be used to connect to the Queue Manager using the information gathered.