maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/5671-5672-pentesting-amqp.md

74 lines
4.7 KiB
Markdown
Raw Blame History

# 5671,5672 - Pentesting AMQP
{{#include ../banners/hacktricks-training.md}}
## Basic Information
From [cloudamqp](https://www.cloudamqp.com/blog/2015-05-18-part1-rabbitmq-for-beginners-what-is-rabbitmq.html):
> **RabbitMQ** ni **programu ya kupanga ujumbe** inayojulikana pia kama _mwakilishi wa ujumbe_ au _msimamizi wa foleni._ Kwa ufupi; ni programu ambapo foleni zinafafanuliwa, ambazo programu zinajiunga ili kuhamasisha ujumbe au ujumbe.\
> **Ujumbe unaweza kujumuisha aina yoyote ya taarifa**. Inaweza, kwa mfano, kuwa na taarifa kuhusu mchakato au kazi ambayo inapaswa kuanza kwenye programu nyingine (ambayo inaweza hata kuwa kwenye seva nyingine), au inaweza kuwa ujumbe rahisi wa maandiko. Programu ya msimamizi wa foleni inahifadhi ujumbe hadi programu inayopokea inajiunga na kuchukua ujumbe kutoka kwenye foleni. Programu inayopokea kisha inashughulikia ujumbe.\
> Definition from .
**Default port**: 5672,5671
```
PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 3.1.5 (0-9)
```
## Uhesabu
### Mikono
```python
import amqp
#By default it uses default credentials "guest":"guest"
conn = amqp.connection.Connection(host="<IP>", port=5672, virtual_host="/")
conn.connect()
for k, v in conn.server_properties.items():
print(k, v)
```
### Kiotomatiki
```bash
nmap -sV -Pn -n -T4 -p 5672 --script amqp-info <IP>
PORT STATE SERVICE VERSION
5672/tcp open amqp RabbitMQ 3.1.5 (0-9)
| amqp-info:
| capabilities:
| publisher_confirms: YES
| exchange_exchange_bindings: YES
| basic.nack: YES
| consumer_cancel_notify: YES
| copyright: Copyright (C) 2007-2013 GoPivotal, Inc.
| information: Licensed under the MPL. See http://www.rabbitmq.com/
| platform: Erlang/OTP
| product: RabbitMQ
| version: 3.1.5
| mechanisms: PLAIN AMQPLAIN
|_ locales: en_US
```
### Brute Force
- [**AMQP Protocol Brute-Force**](../generic-hacking/brute-force.md#amqp-activemq-rabbitmq-qpid-joram-and-solace)
- [**STOMP Protocol Brute-Force**](../generic-hacking/brute-force.md#stomp-activemq-rabbitmq-hornetq-and-openmq)
## Mipango Mingine ya RabbitMQ
Katika [https://www.rabbitmq.com/networking.html](https://www.rabbitmq.com/networking.html) unaweza kupata kwamba **rabbitmq inatumia bandari kadhaa**:
- **1883, 8883**: ([Wateja wa MQTT](http://mqtt.org) bila na na TLS, ikiwa [plugin ya MQTT](https://www.rabbitmq.com/mqtt.html) imewezeshwa. [**Jifunze zaidi kuhusu jinsi ya pentest MQTT hapa**](1883-pentesting-mqtt-mosquitto.md).
- **4369: epmd**, huduma ya kugundua wenzake inayotumiwa na nodi za RabbitMQ na zana za CLI. [**Jifunze zaidi kuhusu jinsi ya pentest huduma hii hapa**](4369-pentesting-erlang-port-mapper-daemon-epmd.md).
- **5672, 5671**: inatumika na wateja wa AMQP 0-9-1 na 1.0 bila na na TLS
- **15672**: [HTTP API](https://www.rabbitmq.com/management.html) wateja, [usimamizi UI](https://www.rabbitmq.com/management.html) na [rabbitmqadmin](https://www.rabbitmq.com/management-cli.html) (tu ikiwa [plugin ya usimamizi](https://www.rabbitmq.com/management.html) imewezeshwa). [**Jifunze zaidi kuhusu jinsi ya pentest huduma hii hapa**](15672-pentesting-rabbitmq-management.md).
- 15674: wateja wa STOMP-over-WebSockets (tu ikiwa [plugin ya Web STOMP](https://www.rabbitmq.com/web-stomp.html) imewezeshwa)
- 15675: wateja wa MQTT-over-WebSockets (tu ikiwa [plugin ya Web MQTT](https://www.rabbitmq.com/web-mqtt.html) imewezeshwa)
- 15692: metriki za Prometheus (tu ikiwa [plugin ya Prometheus](https://www.rabbitmq.com/prometheus.html) imewezeshwa)
- 25672: inatumika kwa mawasiliano kati ya nodi na zana za CLI (bandari ya seva ya usambazaji ya Erlang) na inatengwa kutoka kwa anuwai ya dinamik (imewekwa kwa bandari moja kwa chaguo-msingi, inakokotwa kama bandari ya AMQP + 20000). Iwapo muunganisho wa nje kwenye bandari hizi ni muhimu sana (kwa mfano, klasta inatumia [federation](https://www.rabbitmq.com/federation.html) au zana za CLI zinatumika kwenye mashine za nje ya subnet), bandari hizi hazipaswi kufichuliwa hadharani. Tazama [mwongozo wa mtandao](https://www.rabbitmq.com/networking.html) kwa maelezo. **Ni bandari 9 tu kati ya hizi zilizo wazi kwenye mtandao**.
- 35672-35682: inatumika na zana za CLI (bandari za mteja wa usambazaji wa Erlang) kwa mawasiliano na nodi na inatengwa kutoka kwa anuwai ya dinamik (inakokotwa kama bandari ya usambazaji wa seva + 10000 kupitia bandari ya usambazaji wa seva + 10010). Tazama [mwongozo wa mtandao](https://www.rabbitmq.com/networking.html) kwa maelezo.
- 61613, 61614: [Wateja wa STOMP](https://stomp.github.io/stomp-specification-1.2.html) bila na na TLS (tu ikiwa [plugin ya STOMP](https://www.rabbitmq.com/stomp.html) imewezeshwa). Chini ya vifaa 10 vyenye bandari hii wazi na hasa UDP kwa nodi za DHT.
## Shodan
- `AMQP`
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink