daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added network/detection/msmq-detect.yaml

patch-1
Brandon Hutchinson 2023-04-19 15:34:10 +00:00
parent 74cdfe5330
commit e34e263509
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
network/detection/msmq-detect.yaml Normal file
View File

@ -0,0 +1,30 @@
id: msmq-detect
info:
name: MSMQ (Microsoft Message Queuing Service) Remote Detection
author: bhutch
severity: info
description: Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.
metadata:
censys-query: services.service_name:MSMQ
reference:
- https://www.shadowserver.org/what-we-do/network-reporting/accessible-msmq-service-report/
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/f9bbe350-d70b-4e90-b9c7-d39328653166
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
tags: network,msmq
network:
- inputs:
- data: 10c00b004c494f523c020000ffffffff00000200d1587355509195954997b6e611ea26c60789cd434c39118f44459078909ea0fc4ecade1d100300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type: hex
host:
- "{{Hostname}}"
- "{{Host}}:1801"
read-size: 2048
matchers:
- type: word
encoding: hex
words:
- "105a0b004c494f523c020000ffffffff"