CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/amqp/amqp_login.md
Views: 1904
Vulnerable Application
This module will test AMQP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.
Verification Steps
Install RabbitMQ and start it
To use Docker, run:
docker run --rm -it --hostname "$(hostname)" -p 15672:15672 -p 5672:5672 rabbitmq:3-management
Start msfconsole
Do:
use auxiliary/scanner/amqp/amqp_login
Do:
set rhosts
Do: set usernames and passwords via any of the available options
Do:
run
Options
BLANK_PASSWORD
Boolean value on if an additional login attempt should be attempted with an empty password for every user.
PASSWORD
Password to try for each user.
PASS_FILE
A file containing a password on every line. Kali linux example: /usr/share/wordlists/metasploit/password.lst
STOP_ON_SUCCESS
If a valid login is found on a host, immediately stop attempting additional logins on that host.
USERNAME
Username to try for each password.
USERPASS_FILE
A file containing a username and password, separated by a space, on every line. An example line would be username password
.
USER_AS_PASS
Boolean value on if an additional login attempt should be attempted with the password as the username.
USER_FILE
A file containing a username on every line.
VERBOSE
Show a failed login attempt. This can get rather verbose when large USER_FILE
s or PASS_FILE
s are used. A failed attempt will look similar to the following:
Option Combinations
It is important to note that usernames and passwords can be entered in multiple combinations. For instance, a password could be set in PASSWORD
, be part of either PASS_FILE
or USERPASS_FILE
, be guessed via USER_AS_PASS
or BLANK_PASSWORDS
. This module makes a combination of all of the above when attempting logins. So if a password is set in PASSWORD
, and a PASS_FILE
is listed, passwords will be generated from BOTH of these.
Scenarios
RabbitMQ 3.11.10 on Docker
The Docker container listens on 5672/tcp without SSL. There's also an administrative site running on 15672/tcp where users can be added. The default credentials to login are guest
/ guest
. A new admin
account was added for this example.