MQTT

Message Queuing Telemetry Transport (MQTT) is a messaging protocol based on publish-subscribe mechanism and works over TCP/IP protocol stack. It is an ISO standard - ISO/IEC 20922:2016. You can also read the specification here. It is a very famous protocol in the IoT scene and is used in various domains from home to ICS.

mqtt.generic.crackauth

You should use this plugin if the broker requires authentication. You can brute-force the credentials.

Note

The client ID and user name are not the same.

Usage details:

ef> run mqtt.generic.crackauth -h

mqtt.generic.pub

During your assessment, you may want to write malicious data to a specific topic, check if you are able to write to specific topics, corrupt $SYS topic’s data. This plugin can help you with that.

Usage details:

ef> run mqtt.generic.pub -h

mqtt.generic.sub

It is very common to check what topics we can subscribe to, what data do we receive for further analysis or get data from $SYS topics. If you are lucky you may end up reading sensitive data that can help you pwn the system. This simple plugin can help you in doing that.

Usage details:

ef> run mqtt.generic.sub -h