top of page

5672- Pentesting AMQP

Writer's picture: Shahid ParvezShahid Parvez
Jan 142 min read

AMQP i.e. Advanced Message Queuing Protocol is a standard for message oriented communication between applications. It is widely used in messaging systems, allowing asynchronous communication between processes. As a pentester, understanding how to exploit AMQP can reveal critical information about internal systems and potentially disrupt business operations. 


Default Port 

AMQP typically uses port 5672 


PORT     STATE  SERVICE   VERSION

5672/tcp   open      amqp        RabbitMQ Server



Interaction with AMQP 

There are several ways in which one can interact with AMQP servers- 


Command-line Tools 


  1. RabbitMQ CLI Tools

This provides several command-line tools that can be used for pentesting:

  • rabbitmqctl: Used for managing RabbitMQ server 

  • amqp-protocol-client: it is a client library for AMQP protocol testing


  1. AMQP Protocol Client 

The AMQP Protocol client allows you to interact with AMQP servers programmatically. 



  1. Pika: A Python AMQP library 



Banner and Fingerprinting 

When connecting to an AMQP server on port 5672, you may receive a response similar to the following: 




This banner provides crucial information about the AMQP server version, which is essential for identifying potential vulnerabilities. 



AMQP Authentication 

AMQP typically uses PLAIN authentication by default. Exploit this to gain unauthorized access:

  1. Exploiting Unauthorised Access 

If unauthenticated access is possible: 

  • Attempt to connect without credentials 

  • Try common default credentials(eg- guest)

  • Use weak passwords found through enumeration  


Data Exfiltration


Exploit AMQP features to exfiltrate sensitive data:

  1. Create and publish messages to sensitive queues

  2. Use exchanges to route messages to unintended destinations

  3. Leverage AMQP’s publish-subscribe model for data exfiltration 


Best Practices for Secure AMQP Deployments 

  • One should use strong authentication mechanisms

  • Implementation of proper access access lists 

  • Keep RabbitMQ and AMQP servers up-to-date with latest security patches 

  • Regular audit and monitoring of AMQP usage and access logs

  • Use encryption for data transit 


Common Vulnerabilities and Exploits  

  1. Default Credentials 

  2. Weak Passwords 

  3. Misconfigured Permissions 

  4. Unrestricted File Uploads 

 
 
 

Recent Posts

See All

2375,2376- Pentesting Docker

Docker is a platform popularly used for containerization, offering a standardized way to develop, ship, and run applications across...

 
 
 
bottom of page