2023-04-19 15:34:10 +00:00
|
|
|
id: msmq-detect
|
|
|
|
|
|
|
|
info:
|
2023-04-19 20:58:15 +00:00
|
|
|
name: MSMQ (Microsoft Message Queuing Service) Remote - Detect
|
2023-04-19 15:34:10 +00:00
|
|
|
author: bhutch
|
|
|
|
severity: info
|
|
|
|
description: Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.
|
|
|
|
reference:
|
|
|
|
- https://www.shadowserver.org/what-we-do/network-reporting/accessible-msmq-service-report/
|
|
|
|
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/f9bbe350-d70b-4e90-b9c7-d39328653166
|
|
|
|
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
|
|
|
|
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
|
2023-04-19 20:58:15 +00:00
|
|
|
metadata:
|
2024-06-07 10:04:29 +00:00
|
|
|
verified: true
|
2023-09-27 13:29:58 +00:00
|
|
|
max-request: 1
|
|
|
|
shodan-query: MSMQ
|
2024-06-07 10:04:29 +00:00
|
|
|
censys-query: services.service_name:MSMQ
|
|
|
|
tags: network,msmq,detect,detection,tcp
|
2023-04-27 04:28:59 +00:00
|
|
|
tcp:
|
2023-04-19 15:34:10 +00:00
|
|
|
- inputs:
|
2023-04-19 17:47:04 +00:00
|
|
|
- data: 10c00b004c494f523c020000ffffffff00000200d1587355509195954997b6e611ea26c60789cd434c39118f44459078909ea0fc4ecade1d100300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
|
|
|
type: hex
|
2023-04-19 15:34:10 +00:00
|
|
|
|
|
|
|
host:
|
|
|
|
- "{{Hostname}}"
|
2023-09-16 19:35:21 +00:00
|
|
|
port: 1801
|
2023-04-19 15:34:10 +00:00
|
|
|
read-size: 2048
|
2023-04-19 17:47:04 +00:00
|
|
|
|
2023-04-19 15:34:10 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
encoding: hex
|
|
|
|
words:
|
|
|
|
- "105a0b004c494f523c020000ffffffff"
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 4a0a00473045022100ae2d5b1a528dfcb3ed77662dfd51ea66386406e361281325979bf0eed648cf620220722db3791d0873fd8323c80ea6ac4be40db2ec6f21cfd925111121fea50fea2a:922c64590222798bb761d5b6d8e72950
|