Write service probe for MSMQ (Microsoft Message Queuing) #2632
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a service probe to confirm whether the service running on TCP port 1801 is MSMQ.
I've documented here part of my process as I was studying/testing the protocol to implement the probe.
This probe may help identify MSMQ exposure that may need to be remediated to avoid exploitation of CVE-2023-21554, aka QueueJumper.
Feel free to suggest changes if needed.
Note: the last line of the change includes a comment referring to the regex
.*ZZZ$
seemingly not working for some responses for which it should work. I think this may be due to some bug in Nmap.