nuclei-templates/network/detection/msmq-detect.yaml

34 lines
2.3 KiB
YAML
Raw Normal View History

id: msmq-detect
info:
2023-04-19 20:58:15 +00:00
name: MSMQ (Microsoft Message Queuing Service) Remote - Detect
author: bhutch
severity: info
description: Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.
reference:
- https://www.shadowserver.org/what-we-do/network-reporting/accessible-msmq-service-report/
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/f9bbe350-d70b-4e90-b9c7-d39328653166
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
2023-04-19 20:58:15 +00:00
metadata:
verified: true
max-request: 1
shodan-query: MSMQ
censys-query: services.service_name:MSMQ
tags: network,msmq,detect,detection,tcp
tcp:
- inputs:
2023-04-19 17:47:04 +00:00
- data: 10c00b004c494f523c020000ffffffff00000200d1587355509195954997b6e611ea26c60789cd434c39118f44459078909ea0fc4ecade1d100300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type: hex
host:
- "{{Hostname}}"
2023-09-16 19:35:21 +00:00
port: 1801
read-size: 2048
2023-04-19 17:47:04 +00:00
matchers:
- type: word
encoding: hex
words:
- "105a0b004c494f523c020000ffffffff"
# digest: 4a0a00473045022100ae2d5b1a528dfcb3ed77662dfd51ea66386406e361281325979bf0eed648cf620220722db3791d0873fd8323c80ea6ac4be40db2ec6f21cfd925111121fea50fea2a:922c64590222798bb761d5b6d8e72950