From: Dimitrov, Constantin (cdimitrov@micros.com)
Date: Wed Sep 01 2004 - 05:47:53 EDT
Message Queuing is a message infrastructure and a development platform for
creating distributed, loosely-coupled messaging applications for the
MicrosoftR WindowsR operating system. Message Queuing applications can use
the Message Queuing infrastructure to communicate across heterogeneous
networks and with computers that may be offline. Message Queuing provides
guaranteed message delivery, efficient routing, security, transaction
support, and priority-based messaging.
MQ is Message Queueing or upgraded version of RPC.
For start MQ API is in MQRT.DLL, COM object is also available MQOA.DLL
Security functions are in MQSEC.DLL.
For example:
http://support.microsoft.com/default.aspx?scid=kb;en-us;821144
Can use certificates ASN.1 DER encoded format
It's available on servers you need to add it from Add/Remove Windows
Components.
Same tools that exploit RPC weaknesses can do the work for MQ
-----Original Message-----
From: rick@livingstoncadservice.com [mailto:rick@livingstoncadservice.com]
Sent: Tuesday, August 31, 2004 9:31 PM
To: tommy@providesecurity.com
Cc: pen-test@securityfocus.com; webappsec@securityfocus.com;
full-disclosure-admin@lists.netsys.com
Subject: RE: Help Exploiting MQ
What is MQ?
***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited. If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************
> -------- Original Message --------
> Subject: Help Exploiting MQ
> From: "Tom" <tommy@providesecurity.com>
> Date: Tue, August 31, 2004 6:07 am
> To: full-disclosure-admin@lists.netsys.com
> Cc: pen-test@securityfocus.com, webappsec@securityfocus.com
>
> Does anyone have any tools, techniques on how to exploit weaknesses within
MQ?
>
> Thanks,
>
> Tom
>
>
>
>
>
----------------------------------------------------------------------------
-- > Ethical Hacking at the InfoSec Institute. All of our class sizes are > guaranteed to be 12 students or less to facilitate one-on-one interaction > with one of our expert instructors. Check out our Advanced Hacking course, > learn to write exploits and attack security infrastructure. Attend a course > taught by an expert instructor with years of in-the-field pen testing > experience in our state of the art hacking lab. Master the skills of an > Ethical Hacker to better assess the security of your organization. > > http://www.infosecinstitute.com/courses/ethical_hacking_training.html > ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:02 EDT