niedziela, 17 lutego 2019

Go! RabbitMQ, go!

After a while I decided to check few other machines available on Bitnami (and/or TurnKeyLinux). This time - just like before - I used Ubuntu 18 server to re-create environment and install 'application' from the scratch. Today we will try RabbitMQ
This post is mostly based on documentation available on so it's strongly suggested to Go there and read the docs too if you're not familiar with it (yet ;))

I decided to check an example in Go - never used it, never tried it. ;] Reason good like any other, so - checking available tutorial(s)...

To prepare our 'example environment' I used Ubuntu 16.04:

Ready to go:


Our VM after RabittMQ is installed looks (with nmap) like below:

More details:

According to the docs:

Cool (but Bitnami-VM was prepared with firewall settigs so I decided to create 'clean version' on new installed Ubuntu).

(...or I just used it in a wrong way... ;))

After a while I found very interesting link. I was able to 'reproduce' those steps but unfortunately - only in 'local machine' (again: maybe I configured something in a wrong way... anyway ;))

(*btw: same results for the command above without -hosts param as well. As you can see I was reading and checking what can be done and how 'things' are working here... aka 'lazy sunday' ;])

Reading about Erlang bugs I found that 'few weeks ago' Metasploit released a very nice module - erlang_cookie_rce. To use it I needed to update my metasploit-framework on Kali - but after a while, we are here:

As you can see there is a disclosure date from year 2009 (but you can use 'edit' command in msf console to get some hints 'why' ;))

As you can see (msf> show options) we need a valid COOKIE to use this module. As the idea was described in post mentioned before we will skip the part of the 'bruteforce attack'.

For the purpose of this post I decided to grab the COOKIE value directly from the target-machine. File was located here:

Now we have all details to use the module. Checking options:

Ready to check?

I think it's done. ;)

Of course (according to the docs) if you still would like:

You can 'verify if there is a RabbitMQ' also using (that mentioned ;)) Go-client:

Quick check:

See you next time.


Brak komentarzy:

Prześlij komentarz