hacktricks/network-services-pentesting/5671-5672-pentesting-amqp.md

6.8 KiB

5671,5672 - Pentesting AMQP

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Basic Information

From cloudamqp:

RabbitMQ ni programu ya kupanga ujumbe inayojulikana pia kama mwakilishi wa ujumbe au msimamizi wa foleni. Kwa ufupi; ni programu ambapo foleni zinafafanuliwa, ambazo programu zinajiunga ili kuhamasisha ujumbe au ujumbe.
Ujumbe unaweza kujumuisha aina yoyote ya habari. Inaweza, kwa mfano, kuwa na habari kuhusu mchakato au kazi ambayo inapaswa kuanza kwenye programu nyingine (ambayo inaweza hata kuwa kwenye seva nyingine), au inaweza kuwa ujumbe rahisi wa maandiko. Programu ya msimamizi wa foleni inahifadhi ujumbe hadi programu inayopokea inajiunga na kuchukua ujumbe kutoka kwenye foleni. Programu inayopokea kisha inashughulikia ujumbe huo.
Definition from .

Default port: 5672,5671

PORT     STATE SERVICE VERSION
5672/tcp open  amqp    RabbitMQ 3.1.5 (0-9)

Enumeration

Manual

import amqp
#By default it uses default credentials "guest":"guest"
conn = amqp.connection.Connection(host="<IP>", port=5672, virtual_host="/")
conn.connect()
for k, v in conn.server_properties.items():
print(k, v)

Kiotomatiki

nmap -sV -Pn -n -T4 -p 5672 --script amqp-info <IP>

PORT     STATE SERVICE VERSION
5672/tcp open  amqp    RabbitMQ 3.1.5 (0-9)
| amqp-info:
|   capabilities:
|     publisher_confirms: YES
|     exchange_exchange_bindings: YES
|     basic.nack: YES
|     consumer_cancel_notify: YES
|   copyright: Copyright (C) 2007-2013 GoPivotal, Inc.
|   information: Licensed under the MPL.  See http://www.rabbitmq.com/
|   platform: Erlang/OTP
|   product: RabbitMQ
|   version: 3.1.5
|   mechanisms: PLAIN AMQPLAIN
|_  locales: en_US

Brute Force

Mipangilio Mingine ya RabbitMQ

Katika https://www.rabbitmq.com/networking.html unaweza kupata kwamba rabbitmq inatumia mipangilio kadhaa:

Shodan

  • AMQP

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}