nuclei-templates/network/detection/msmq-detect.yaml

36 lines
2.1 KiB
YAML
Raw Normal View History

id: msmq-detect
info:
2023-04-19 20:58:15 +00:00
name: MSMQ (Microsoft Message Queuing Service) Remote - Detect
author: bhutch
severity: info
description: Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.
reference:
- https://www.shadowserver.org/what-we-do/network-reporting/accessible-msmq-service-report/
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/f9bbe350-d70b-4e90-b9c7-d39328653166
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
2023-04-19 20:58:15 +00:00
metadata:
max-request: 2
2023-06-04 08:13:42 +00:00
verified: true
2023-04-19 20:58:15 +00:00
shodan-query: MSMQ
censys-query: services.service_name:MSMQ
tags: network,msmq,detect
tcp:
- inputs:
2023-04-19 17:47:04 +00:00
- data: 10c00b004c494f523c020000ffffffff00000200d1587355509195954997b6e611ea26c60789cd434c39118f44459078909ea0fc4ecade1d100300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:1801"
2023-04-19 17:47:04 +00:00
read-size: 2048
2023-04-19 17:47:04 +00:00
matchers:
- type: word
encoding: hex
words:
- "105a0b004c494f523c020000ffffffff"