RE: Help Exploiting MQ

From: Koen Vingerhoets (koen.vingerhoets_at_ubench.be)
Date: 09/01/04

  • Next message: Smith III, Edward Mr. CAA/ISC: "RE: Craking Serv-u passwords stored in .ini file."
    To: <rick@livingstoncadservice.com>, <tommy@providesecurity.com>
    Date: Wed, 1 Sep 2004 09:18:46 +0200
    
    

    IBM MQ
    - Series
    - Workflow
    - Websphere

    A whole myriad of IBM tools... I would be interested in exploits too.
    One of the oddities I encountered up to now is that not-existant pages
    aren't handled by the Websphere Application Server, but thrown back to the
    Apache/IIS/IBM HTTP Server. This means that that server has to be locked
    down properly too... or it could give directory view and such.

    Koen

    -----Original Message-----
    From: rick@livingstoncadservice.com
    [mailto:rick@livingstoncadservice.com]
    Sent: Tuesday, August 31, 2004 9:31 PM
    To: tommy@providesecurity.com
    Cc: pen-test@securityfocus.com; webappsec@securityfocus.com;
    full-disclosure-admin@lists.netsys.com
    Subject: RE: Help Exploiting MQ

    What is MQ?

    ***********************************************************************
    This message is intended only for the use of the intended recipient and
    may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you
    are not the intended recipient, you are hereby notified that any use,
    dissemination, disclosure or copying of this communication is strictly
    prohibited. If you have received this communication in error, please
    destroy all copies of this message and its attachments and notify us
    immediately.
    ***********************************************************************

    > -------- Original Message --------
    > Subject: Help Exploiting MQ
    > From: "Tom" <tommy@providesecurity.com>
    > Date: Tue, August 31, 2004 6:07 am
    > To: full-disclosure-admin@lists.netsys.com
    > Cc: pen-test@securityfocus.com, webappsec@securityfocus.com
    >
    > Does anyone have any tools, techniques on how to exploit weaknesses within
    MQ?
    >
    > Thanks,
    >
    > Tom
    >
    >
    >
    >
    > --------------------------------------------------------------------------

    ----
    > Ethical Hacking at the InfoSec Institute. All of our class sizes are
    > guaranteed to be 12 students or less to facilitate one-on-one interaction
    > with one of our expert instructors. Check out our Advanced Hacking course,
    > learn to write exploits and attack security infrastructure. Attend a
    course
    > taught by an expert instructor with years of in-the-field pen testing
    > experience in our state of the art hacking lab. Master the skills of an
    > Ethical Hacker to better assess the security of your organization.
    >
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------
    -----
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Smith III, Edward Mr. CAA/ISC: "RE: Craking Serv-u passwords stored in .ini file."

    Relevant Pages

    • RE: Exploit Archive
      ... > Ethical Hacking at the InfoSec Institute. ... > with one of our expert instructors. ... Check out our Advanced Hacking course, ... > learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: listing directory structure within webserver root
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: snmp
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: tcp port 999
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... Check out our Advanced Hacking course, ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: Achilles proxy for linux
      ... > Ethical Hacking at the InfoSec Institute. ... > with one of our expert instructors. ... Check out our Advanced Hacking course, ... > learn to write exploits and attack security infrastructure. ...
      (Pen-Test)