|
midrange.com
message: 2
date: Thu, 21 Jul 2005 14:10:48 -0400
from: William A Pack <tonyp@xxxxxxxxx>
subject: Re: [MI400] Buffer overflow and code execution on iSeries
(Off Topic)
Marvin,
This sounds like an interesting trick. Any pointers on how this
can be
replicated?
Thanks,
Tony Pack
[Marvin Radding:]
Here is the code that I use. First thing is to call the message queue
create program. After that everything is automatic.
Message Break Program: (I keep this in the QUSRJOB library)
[Marvin Radding:]
Here is the code that I use. First thing is to call the message queue
create program. After that everything is automatic.
I keep these programs in the QUSRJOB library.
/***********************************************************************
*/
/* Message Queue Creation:
*/
/***********************************************************************
*/
PGM
DCL VAR(&JOBNO) TYPE(*CHAR) LEN(6)
DCL VAR(&USER) TYPE(*CHAR) LEN(10)
DCL VAR(&JOB) TYPE(*CHAR) LEN(10)
DCL VAR(&MSGQ) TYPE(*CHAR) LEN(10)
DCL VAR(&MSGQLIB) TYPE(*CHAR) LEN(10) +
VALUE('QUSRJOB')
DCL VAR(&DATE) TYPE(*CHAR) LEN(6)
/* Get User Name and Job Number */
RTVJOBA JOB(&JOB) USER(&USER) NBR(&JOBNO)
RTVSYSVAL SYSVAL(QDATE) RTNVAR(&DATE)
/* Create Message Queue Name */
CHGVAR VAR(&MSGQ) VALUE('MSGQ' || &JOBNO)
/* Check for Message Queue */
CHKOBJ OBJ(&MSGQLIB/&MSGQ) OBJTYPE(*MSGQ)
/* If it is not there create it */
MONMSG MSGID(CPF9801) EXEC(CRTMSGQ +
MSGQ(&MSGQLIB/&MSGQ) TEXT('Job: ' |
&JOBNO |< '/' || &USER |< '/' || &J
' ' || &DATE))
/* Set the Message Queue to handle message commands */
CHGMSGQ MSGQ(&MSGQLIB/&MSGQ) DLVRY(*BREAK) +
PGM(QUSRJOB/TS000171C)
ENDPGM
/***********************************************************************
*/
/***********************************************************************
*/
/* Message Break Program:
*/
/***********************************************************************
*/
PGM (&MSGQ &MSGLIB &MRK)
DCL VAR(&MSGQ) TYPE(*CHAR) LEN(10)
DCL VAR(&MSGLIB) TYPE(*CHAR) LEN(10)
DCL VAR(&MRK) TYPE(*CHAR) LEN(4)
DCL VAR(&MSG) TYPE(*CHAR) LEN(256)
DCL VAR(&MSGLEN) TYPE(*DEC) LEN(5 0)
DCL VAR(&LEN) TYPE(*DEC) LEN(15 5)
RCVMSG MSGQ(&MSGLIB/&MSGQ) MSGKEY(&MRK) MSG(&M
MSGLEN(&MSGLEN)
CHGVAR VAR(&LEN) VALUE(&MSGLEN + 5)
CALL PGM(QCMDEXC) PARM(&MSG &LEN)
ENDPGM
/***********************************************************************
*/
What till I show you my technique for debugging in batch. It can really
confuse even the gurus.
Marvin
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
