Skip to content
Nuclei Templates

MSMQ (Microsoft Message Queuing Service) Remote - Detect

ID: msmq-detect

Severity: info

Author: bhutch

Tags: network,msmq,detect,detection,tcp

Description

Section titled “Description”

Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.

YAML Source

Section titled “YAML Source”
id: msmq-detect


info:
  name: MSMQ (Microsoft Message Queuing Service) Remote - Detect
  author: bhutch
  severity: info
  description: Detects remote MSMQ services. Public exposure of this service may be a misconfiguration.
  reference:
    - https://www.shadowserver.org/what-we-do/network-reporting/accessible-msmq-service-report/
    - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/f9bbe350-d70b-4e90-b9c7-d39328653166
    - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
  metadata:
    verified: true
    max-request: 1
    shodan-query: MSMQ
    censys-query: services.service_name:MSMQ
  tags: network,msmq,detect,detection,tcp
tcp:
  - inputs:
      - data: 10c00b004c494f523c020000ffffffff00000200d1587355509195954997b6e611ea26c60789cd434c39118f44459078909ea0fc4ecade1d100300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
        type: hex


    host:
      - "{{Hostname}}"
    port: 1801
    read-size: 2048


    matchers:
      - type: word
        encoding: hex
        words:
          - "105a0b004c494f523c020000ffffffff"
# digest: 490a0046304402200bc0319a7b02cbec990f23be32ab64785f23d2af065244c3a18241c7a4f1140402204bfcb099d896636ab9eb4e7ff7bba2e1e80beb3e851ff52698aa2be985ddf375:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "network/detection/msmq-detect.yaml"

View on Github