PR on Github - Write service probe for MSMQ

[Gonçalo César Mendes Ribeiro via dev <dev () nmap org>]

Hello,

This is just to inform you that I have opened PR #2632 [1] on GitHub. 
Leaving the PR description below for quick reference.

"Adds a service probe to confirm whether the service running on TCP port 
1801 is MSMQ (Microsoft Message Queuing).

I've documented here [2] part of my process as I was studying/testing 
the protocol to implement the probe.

This probe may help identify MSMQ exposure that may need to be 
remediated to avoid exploitation of CVE-2023-21554 [3], aka QueueJumper.

Feel free to suggest changes if needed.

Note: the last line of the change includes a comment referring to the 
regex .*ZZZ$ seemingly not working for some responses for which it 
should work. I suspect this may be due to some bug in Nmap."

Thank you,

Regards,

Gonçalo Ribeiro

Links:
------
[1] https://github.com/nmap/nmap/pull/2632
[2] https://infosec.exchange/@goncalor/110199988255426558
[3] https://nvd.nist.gov/vuln/detail/CVE-2023-21554

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/