Nmap Development mailing list archives
PR on Github - Write service probe for MSMQ
From: Gonçalo César Mendes Ribeiro via dev <dev () nmap org>
Date: Mon, 17 Apr 2023 10:09:44 +0100
Hello,This is just to inform you that I have opened PR #2632 [1] on GitHub. Leaving the PR description below for quick reference.
"Adds a service probe to confirm whether the service running on TCP port 1801 is MSMQ (Microsoft Message Queuing).
I've documented here [2] part of my process as I was studying/testing the protocol to implement the probe.
This probe may help identify MSMQ exposure that may need to be remediated to avoid exploitation of CVE-2023-21554 [3], aka QueueJumper.
Feel free to suggest changes if needed.Note: the last line of the change includes a comment referring to the regex .*ZZZ$ seemingly not working for some responses for which it should work. I suspect this may be due to some bug in Nmap."
Thank you, Regards, Gonçalo Ribeiro Links: ------ [1] https://github.com/nmap/nmap/pull/2632 [2] https://infosec.exchange/@goncalor/110199988255426558 [3] https://nvd.nist.gov/vuln/detail/CVE-2023-21554
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
Current thread:
- PR on Github - Write service probe for MSMQ Gonçalo César Mendes Ribeiro via dev (May 16)