Pull request - Service probe for MSMQ (Microsoft Message Queuing)

Gonçalo via dev Sun, 29 Oct 2023 06:53:06 -0700

Hello Nmap Team,

In April I have submitted the pull request below which adds a service probe for 
MSMQ (Microsoft Message Queuing). I've attached the diff for your convenience.


This probe may help identify MSMQ exposure that may need to be remediated to 
avoid exploitation of CVE-2023-21554, aka QueueJumper.

Can you please check and merge?
PR: https://github.com/nmap/nmap/pull/2632Diff: 
https://github.com/nmap/nmap/pull/2632.diff

Thank you,Best regards,
Gonçalo Ribeiro

diff --git a/nmap-service-probes b/nmap-service-probes
index d4eeecaa1e..a0f13d087c 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -16775,3 +16775,12 @@ ports 34555
 Probe UDP BECKHOFF_ADS 
q|\x03\x66\x14\x71\0\0\0\0\x01\0\0\0\0\0\0\0\x01\x01\x10\x27\0\0\0\0|
 rarity 8
 ports 48899
+
+##############################NEXT PROBE##############################
+# Microsoft Message Queuing probe
+Probe TCP msmqEstablishConnection 
q|\x10\xc0\x0b\0LIOR<\x02\0\0\xff\xff\xff\xff\0\0\x02\0NmapNmapNmapNmapNmapNmapNmapNmapNmap\x10\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0|
+
+ports 1801
+
+match msmq 
m|^\x10Z\x0b\0LIOR<\x02\0\0\xff\xff\xff\xff\0\0[\x12\x02]\0NmapNmapNmapNmap| 
p/Microsoft Message Queuing/
+# .*ZZZ$ should end the regex, but detection fails in some cases with this. 
Unsure why

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

Pull request - Service probe for MSMQ (Microsoft Message Queuing)

Reply via email to