CVE-2023-46604

ActiveMQ RCE (CVE-2023-46604) 回显利用工具

ActiveMQ-Exploit English | 简体中文 CVE-2023-46604 ActiveMQ RCE< 5183 Exploit Supports running jdk 18 and the target version automatically determines whether it is within the scope of the vulnerability Supports echo mode and built-in generation of expxml fofa query Disclaimer This tool is only used for legal testing Please make sure you are authorized for th

Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604

CVE-2023-46604 Lab This lab guides on exploiting vulnerabilities of CVE-2023-46604 Acknowledgements Apache ActiveMQ CVE-2023-46604 Environment This lab requires the installation of 2 virtual machines One Kali Linux machine version 20234 and one Ubuntu machine version 22043 LTS You can download them here: Kali Linux 20234 Ubuntu 22043 LTS VMware-workstation-1750 for

Cy8 - AI-Powered Vulnerability Advisory Generation Cy8 is an innovative project that combines the power of AI with modern technologies like OpenAI, RAG (Retrieval-Augmented Generation), and langChain to simplify and accelerate the process of generating vulnerability reports Designed for security professionals, Cy8 aims to reduce the time and effort spent on researching and doc

CVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability Machine: Broker

Broker_ApacheMQ CVE-2023-46604 - ApacheMQ Version 5155 Vulnerability Machine: Broker

ExploitScript-CVE-2023-46604 Disclaimer This repository contains proof-of-concept code for CVE-2023-466064 and is intended strictly for educational purposes The authors and contributors do not endorse any illegal activity The information presented here is for academic, security research, and testing purposes, and for the current resolution of the machine Broker from HackTheBo

PY

ActiveMQ_CVE-2023-46604 PY实现快速构造数据流量并发包；两个gadgets类的实现都有，orgspringframeworkcontextsupportFileSystemXmlApplicationContext和orgspringframeworkcontextsupportClassPathXmlApplicationContext ，FIleSystemXml可以绕过一些ids 检测类设备

Exploit for CVE-2023-46604

CVE-2023-46604 Exploit for CVE-2023-46604 This tool helps to exploit this vulnerability Shodan Query to find target: product:"ActiveMQ" port:"61616" Tools Usage: for read targets from the file: python3 exploitpy -f targets -c YourVPS/pocxml --- single target: python3 exploitpy -ip IP -c YourVPS/pocxm

Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit builds upon the foundational work available at githubcom/X1cT34m (githubcom/X1r0z/ActiveMQ-RCE) We have further developed the technique to achieve a reverse shell utilizing the Metasploit Framework (githubcom/rapid7/metasploit-framework) Usage: Important: Manually change the IP Address (0

broker

CVE-2023-46604 RCE Pseudoshell This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol Description CVE-2023-46604 is a deserialization vulnerability that exists in Apache ActiveMQ's OpenWire protocol This flaw can be exploited by an att

Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604

CVE-2023-46604 Lab This lab guides on exploiting vulnerabilities of CVE-2023-46604 Acknowledgements Apache ActiveMQ CVE-2023-46604 Environment This lab requires the installation of 2 virtual machines One Kali Linux machine version 20234 and one Ubuntu machine version 22043 LTS You can download them here: Kali Linux 20234 Ubuntu 22043 LTS VMware-workstation-1750 for

This repository has a tool and an API for Saudi CERT alerts. Its goal is to help improve the level of cybersecurity awareness in Saudi Arabia. Using AWS Lambda, this project takes Saudi CERT's alerts, organizes them, and makes them easy to get through a public API.

Saudi Cert Lambda (Parser & Public API) 🚀 Revised Goal This repository features a specialized tool and API for Saudi CERT alerts, focusing on bolstering online safety in Saudi Arabia Utilizing AWS Lambda, it efficiently gathers and organizes Saudi CERT's alerts, providing easy access through a public API In its pursuit, the project prioritizes offering the la

CVE-2023-46604 This repository contains an exploit script and a Proof of Concept (PoC) XML file for the CVE-2023-46604 vulnerability affecting Apache ActiveMQ The vulnerability allows for remote code execution due to unsafe deserialization practices within the OpenWire protocol Description CVE-2023-46604 is a deserialization vulnerability that exists in Apache ActiveMQ's

POC repo for CVE-2023-46604

CVE-2023-46604-POC POC repo for CVE-2023-46604

Repository to exploit CVE-2023-46604 reported for ActiveMQ

Active MQ CVE-2023-46604 exploit This repository is a guide with examples on how to exploit the CVE-2023-46604 The exploit takes advantage of the usage of reflection for instantiating Exception classes through a malicious command that instead of being a valid command, it sends as the exception class a Spring class to load beans and as the string constructor parameter an URL fro

CVE-2023-46604-RCE Vulnerability A deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ Affected versions include 5180 through to 5182, 5170 through to 5175, 5160 through to 5166, and all versions before 51516 Setup Change the Values inside the POCXML as your needs (Your Command) Host the POCXML pass the POCXML URL to th

jereanny14

jereanny14githubio Digital-security-in-company´s About this proyect is about the cybersecurity in company´s, how ciberatacks be a problem a how we can avoid them Just as the subtitle says, we will cover these topics, like hacking examples in Costa Rica, general problems for safe datas and the use about software or malware The objetives about this proyect is make

Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604

CVE-2023-46604 Lab This lab guides on exploiting vulnerabilities of CVE-2023-46604 Acknowledgements Apache ActiveMQ CVE-2023-46604 Environment This lab requires the installation of 2 virtual machines One Kali Linux machine version 20234 and one Ubuntu machine version 22043 LTS You can download them here: Kali Linux 20234 Ubuntu 22043 LTS VMware-workstation-1750 for

ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具

ActiveMQ-RCE [English Version] ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具, 基于 Go 语言 一些详细的分析报告 exp10itio/2023/10/apache-activemq-版本-5183-rce-分析 attackerkbcom/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis OpenWire 协议分析 参考官方的文档以及 Wireshark 对 OpenWire 协议进行简单分析 activemq

ActiveMQ honeypot

activemq-honeypot Honeypot that scopes CVE-2023-46604 (Apache ActiveMQ RCE Vulnerability) and focused on getting Indicators of Compromise This honeypot can be used in any Threat Intelligence infrastructure to get attacker's IP adresses, Post-Exploitation samples and malware samples This information can be helpful to detect and prevent attacks in future Real usage exampl

CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool

⚙️ 工具简介 (Welcome star 🌟) CVE-2023-46604 之 ActiveMQ RCE 漏洞验证/利用工具 CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool 🔧 使用 # 拉取源码 git clone githubcom/sule01u/CVE-2023-46604git # 进入目录 cd CVE-2023-46604 # 将pocxml部署到http服务(Deploy on your vps) python3 -m httpserver # 发送poc python

This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.

CVE-2023-46604 RCE Pseudoshell This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol Description CVE-2023-46604 is a deserialization vulnerability that exists in Apache ActiveMQ's OpenWire protocol This flaw can be exploited by an att

This repository has a tool and an API for Saudi CERT alerts. Its goal is to help improve the level of cybersecurity awareness in Saudi Arabia. Using AWS Lambda, this project takes Saudi CERT's alerts, organizes them, and makes them easy to get through a public API.

Saudi Cert Lambda (Parser & Public API) 🚀 Revised Goal This repository features a specialized tool and API for Saudi CERT alerts, focusing on bolstering online safety in Saudi Arabia Utilizing AWS Lambda, it efficiently gathers and organizes Saudi CERT's alerts, providing easy access through a public API In its pursuit, the project prioritizes offering the la

A go-exploit for Apache ActiveMQ CVE-2023-46604

Apache ActiveMQ CVE-2023-46604 CVE-2023-46604 is a widely exploited vulnerability that appears on CISA's KEV list This go-exploit implementation can execute a reverse shell on the targets using a Nashorn payload, or download a binary to the target and execute it Compiling To build the exploit into a docker image simply: make docker

activemq-rce-cve-2023-46604

README simple analysis for CVE-2023-46604 thinkycxme/2024-04-19-activemq-cve-2023-46604-analysishtml

ActiveMQ-CVE-2023-46604