Justifcation for Nmap Port Numbers

Malayke / CVE-2023-33246_RocketMQ_RCE_EXPLOIT

CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit

Apache License 2.0

98 stars 21 forks source link

Justifcation for Nmap Port Numbers #3

Closed iqlusi0n closed 7 months ago

iqlusi0n commented 7 months ago

I was just curious to the choice of the ports 11911, 12911, and 13911 in the Nmap script?

It looks like those port numbers are not used by default in the RocketMQ code base and I don't really find anything online suggesting to use them as an alternative. So I was curious if you found those port numbers used a lot in deployment.

Malayke commented 7 months ago

These ports, 11911, 12911, and 13911, are similar to the top open ports found by nmap, but they are most commonly used by RocketMQ. I discovered these ports when setting up the RocketMQ environment. Typically, services exposed to the internet have a high probability of changing their default ports. Given the serious nature of this vulnerability, and the fact that it has been disclosed for some time now, I estimate that most of them have either been fixed or access control has been implemented on these ports.

iqlusi0n commented 7 months ago

Thanks for the information. Do you know what components of RocketMQ use those ports (11911, 12911, and 13911)? Like the controller, broker, nameserver, or something else?

Malayke commented 7 months ago

I believe it would be better for you to check this information on the RocketMQ official website. The ports that I've collected are just the ones that I've seen.

iqlusi0n commented 7 months ago

Will do, thanks for the help!