Escolar Documentos
Profissional Documentos
Cultura Documentos
Security
Martyn Ruks
martyn.ruks@mwrinfosecurity.com
EUSecWest 08
2008-05-22
Introduction to MQ
2
Why study WebSphere MQ?
• The environments in which it is used are usually
business critical.
• The new and improved version 6.0 was revealed in April 2005
• Affecting availability
6
A Typical Environment
• Queue Managers
• Channels
• Queues
• Object Authority Manager
• Triggers and monitors
10
What is a Queue ?
12
The WebSphere MQ Protocol
13
A Typical Packet
14
PCF Commands
15
Issuing PCF Commands
16
MQ Security Features
17
Security Features
18
MCAUSER – The Basics
• There are lots of rules about how the interaction between the
MCAUSER and the OAM actually works
22
SSL Support – The Basics
• MQ can support SSL and TLS connections on a per
channel basis
• The tools I have written work just as well over SSL as they do
over clear text
25
SSL Client Authentication – Limitations
• By default a large number of trusted CAs are
included in a key repository
26
Testing WebSphere MQ
27
Connecting to MQ
28
Finding WebSphere MQ
• By default a Queue Manager will listen on TCP
port 1414
30
Channel Auto Definition
32
Useful PCF Commands
• Version Enumeration
• Channel discovery
• Queue Discovery
• Check Permission data
33
Executing Commands – Method 1
38
Exploit Details
39
Invalid MCAUSER Bypass
40
Exploit Details
41
Our Toolkit – Part 1
42
Our Toolkit – Part 2
44
More Information
45
Demo – The Setup
46
Demo – The Objectives
48
Technical Recommendations
50
High Level Recommendations – Part 1
52
Preview of Version 7
54
Summary
• If you don’t get the basics right you could get burnt
and by default MQ is not secure
55
Questions ?
56