15672 - Pentesting RabbitMQ Management
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at https://go.intigriti.com/hacktricks today, and start earning bounties up to $100,000!
Basic Information
You can learn more about RabbitMQ in 5671,5672 - Pentesting AMQP. In this port you may find the RabbitMQ Management web console if the management plugin is enabled. The main page should looks like this:
Enumeration
The default credentials are "guest":"guest". If they aren't working you may try to brute-force the login.
To manually start this module you need to execute:
Once you have correctly authenticated you will see the admin console:
Also, if you have valid credentials you may find interesting the information of http://localhost:15672/api/connections
Note also that it's possible to publish data inside a queue using the API of this service with a request like:
Cracking Hash
Shodan
port:15672 http
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at https://go.intigriti.com/hacktricks today, and start earning bounties up to $100,000!
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated