HackTricks5671,5672 - Pentesting AMQP
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Taarifa za Msingi
Kutoka kwa cloudamqp:
RabbitMQ ni programu ya kuorodhesha ujumbe inayojulikana pia kama wakala wa ujumbe au msimamizi wa foleni. Kwa kifupi; ni programu ambapo foleni zinafafanuliwa, ambazo maombi huunganisha ili kuhamisha ujumbe au ujumbe kadhaa.
Ujumbe unaweza kujumuisha aina yoyote ya taarifa. Kwa mfano, unaweza kuwa na taarifa kuhusu mchakato au kazi ambayo inapaswa kuanzishwa kwenye programu nyingine (ambayo inaweza hata kuwa kwenye seva nyingine), au inaweza kuwa ujumbe mfupi tu wa maandishi. Programu ya msimamizi wa foleni huhifadhi ujumbe hadi programu mpokeaji iunganishe na ichukue ujumbe kutoka kwenye foleni. Programu mpokeaji kisha inachakata ujumbe huo.
Ufafanuzi kutoka .
Bandari ya chaguo-msingi: 5672,5671
PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 3.1.5 (0-9)
Uorodheshaji
Kwa mkono
import amqp
#By default it uses default credentials "guest":"guest"
conn = amqp.connection.Connection(host="IP", port=5672, virtual_host="/")
conn.connect()
for k, v in conn.server_properties.items():
print(k, v)
Otomatiki
nmap -sV -Pn -n -T4 -p 5672 --script amqp-info IP
PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 3.1.5 (0-9)
| amqp-info:
| capabilities:
| publisher_confirms: YES
| exchange_exchange_bindings: YES
| basic.nack: YES
| consumer_cancel_notify: YES
| copyright: Copyright (C) 2007-2013 GoPivotal, Inc.
| information: Licensed under the MPL. See http://www.rabbitmq.com/
| platform: Erlang/OTP
| product: RabbitMQ
| version: 3.1.5
| mechanisms: PLAIN AMQPLAIN
|_ locales: en_US
Brute Force
Bandari nyingine za RabbitMQ
In https://www.rabbitmq.com/networking.html you can find that rabbitmq uses several ports:
- 1883, 8883: (MQTT clients bila TLS na kwa TLS, if the MQTT plugin is enabled. Learn more about how to pentest MQTT here.
- 4369: epmd, huduma ya kugundua wenzao inayotumika na nodes za RabbitMQ na zana za CLI. Learn more about how to pentest this service here.
- 5672, 5671: zinatumiwa na wateja wa AMQP 0-9-1 na 1.0 bila TLS na kwa TLS
- 15672: HTTP API wateja, management UI na rabbitmqadmin (tu ikiwa management plugin imewezeshwa). Learn more about how to pentest this service here.
- 15674: wateja wa STOMP-over-WebSockets (tu ikiwa Web STOMP plugin imewezeshwa)
- 15675: wateja wa MQTT-over-WebSockets (tu ikiwa Web MQTT plugin imewezeshwa)
- 15692: metriksi za Prometheus (tu ikiwa Prometheus plugin imewezeshwa)
- 25672: inatumiwa kwa mawasiliano kati ya node na zana za CLI (Erlang distribution server port) na inateguliwa kutoka kwa safu ya dynamic (imepunguzwa kwa port moja kwa default, inahesabiwa kama AMQP port + 20000). Isipokuwa uhusiano wa nje kwenye bandari hizi ni muhimu kweli (kwa mfano cluster inatumia federation au zana za CLI zinatumika kwenye mashine nje ya subnet), bandari hizi hazipaswi kufunguliwa kwa umma. See networking guide for details. Only 9 of these ports opened on the internet.
- 35672-35682: zinatumiwa na zana za CLI (Erlang distribution client ports) kwa mawasiliano na nodes na zimetengwa kutoka kwa safu ya dynamic (inahesabiwa kama server distribution port + 10000 hadi server distribution port + 10010). See networking guide for details.
- 61613, 61614: STOMP clients bila TLS na kwa TLS (tu ikiwa STOMP plugin imewezeshwa). Vifaa visivyozidi 10 vina bandari hii wazi na kwa kawaida UDP kwa nodes za DHT.
Angalia pia
Shodan
AMQP
Marejeo
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
Jifunze na fanya mazoezi ya GCP Hacking:Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.