CVE-2023-46604

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ via deserialization to achieve remote code execution (RCE). The exploit sends a crafted payload to trigger the vulnerability and can be used to generate reverse shells for both Linux and Windows targets.

This repository contains a functional GUI-based exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit leverages deserialization via a crafted `ClassPathXmlApplicationContext` payload to achieve remote code execution (RCE).

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ versions below 5.18.3. The exploit leverages a deserialization vulnerability to achieve remote code execution (RCE) by crafting a malicious XML payload that defines a malicious class and executes arbitrary commands.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The exploit crafts a malicious payload to trigger remote code execution by leveraging unsafe deserialization practices.

This repository contains a functional exploit for CVE-2023-46604, leveraging a deserialization vulnerability in Apache ActiveMQ. The exploit sends a malicious ExceptionResponse packet containing a crafted ClassPathXmlApplicationContext object, which triggers remote code execution via a Spring bean XML file hosted on an attacker-controlled server.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The exploit generates a pseudo-shell by crafting malicious XML payloads and leveraging a local HTTP server to receive command output from the target.

This repository contains a functional Python exploit for CVE-2023-46604, an RCE vulnerability in Apache ActiveMQ. The exploit crafts a malicious OpenWire protocol packet to trigger deserialization of a remote XML file, leading to arbitrary code execution.

This repository contains a functional Go-based exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit validates the target, checks the version, and executes a reverse shell or downloads/executes a binary payload via a Nashorn payload.

This repository contains a fully functional exploit for CVE-2023-46604, leveraging deserialization of a malicious XML configuration file in Apache ActiveMQ to achieve remote code execution. The exploit includes a Dockerized vulnerable environment, a Python-based exploit script, and a malicious XML payload to demonstrate the vulnerability.

This repository contains a working proof-of-concept for CVE-2021-44228 (Log4Shell) and CVE-2023-46604 (Apache ActiveMQ RCE). It includes detailed setup instructions, exploit code, and steps to achieve remote code execution via LDAP/JNDI injection and reverse shell.

This repository contains a functional exploit for CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ. The exploit leverages insecure deserialization in the OpenWire protocol to execute arbitrary commands by manipulating serialized class types.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire transport unmarshaller. The exploit sends a crafted payload to trigger remote code execution by leveraging a malicious XML URL.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.15.15. The exploit leverages deserialization vulnerabilities in the broker and client truststore files to achieve remote code execution (RCE).

This repository contains a Java-based tool for detecting and exploiting multiple Apache ActiveMQ vulnerabilities, including CVE-2023-46604. It includes functional exploit code for deserialization attacks and webshell deployment, with a GUI interface for ease of use.

This repository provides a detailed academic analysis of CVE-2023-46604, focusing on vulnerability explanation, technical details, impact assessment, and mitigation strategies for Apache ActiveMQ deserialization RCE. It includes modular documentation but no functional exploit code.

This repository contains a functional Python exploit for CVE-2023-46604, which targets an unsafe deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The script crafts a malicious payload to trigger remote code execution by loading a Spring bean from a specified XML URL.

This repository contains a functional Python exploit for CVE-2023-46604, targeting Apache ActiveMQ's OpenWire protocol. The exploit crafts a malicious packet to trigger deserialization of a Spring XML configuration file, leading to remote code execution.

The repository contains a functional PoC for CVE-2023-44487 (HTTP/2 Rapid Reset DoS) with a Python script that exploits the vulnerability by rapidly resetting HTTP/2 streams. It also references a Metasploit module for CVE-2023-46604 (Apache ActiveMQ RCE) but does not include the actual exploit code for the latter.

This repository contains a functional Python exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit crafts a malicious payload to trigger deserialization via Spring gadgets (FileSystemXmlApplicationContext or ClassPathXmlApplicationContext) to achieve remote code execution.

This repository is a Docker-based playground for CVE-2023-46604 (Apache ActiveMQ RCE) but lacks actual exploit implementation. The `attack.sh` and `verify.sh` scripts contain only placeholders (TODOs) with no functional exploit code.

This repository provides a detailed technical analysis of CVE-2023-46604, an insecure deserialization vulnerability in Apache ActiveMQ. It includes root cause analysis, patch diffs, and a walkthrough of the exploit chain involving OpenWire deserialization and arbitrary class instantiation.

This repository provides a detailed lab setup and detection methodology for CVE-2023-46604, focusing on understanding the Apache ActiveMQ RCE vulnerability via the OpenWire protocol. It includes network topology, detection steps using Wireshark, and Suricata IDS rules for mitigation.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit sends a crafted payload to trigger a deserialization vulnerability, resulting in remote code execution (RCE). The repository includes a Docker setup for both victim and attacker environments, along with a Python script to deliver the exploit.

This repository provides a detailed technical analysis of CVE-2023-46604, focusing on the OpenWire protocol in Apache ActiveMQ. It includes packet structure breakdowns, protocol analysis, and explanations of how the vulnerability leads to remote code execution (RCE).

This repository contains a functional exploit for CVE-2023-46604, leveraging reflection to instantiate a malicious Spring class that loads a remote XML file containing a ProcessBuilder payload for RCE. The exploit includes both client and server-side components, with a Java-based HTTP server to serve the malicious XML and Python scripts to facilitate the attack.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ via a deserialization vulnerability. The exploit sends a crafted payload to trigger remote code execution (RCE) on the victim machine, demonstrated through a reverse shell setup.

This repository contains a functional honeypot designed to simulate a vulnerable Apache ActiveMQ service (CVE-2023-46604) to capture attacker IPs, XML payloads, and RCE commands. It includes a Rust-based server that logs attack details and provides an API for retrieving collected indicators.

This repository contains a functional exploit PoC for CVE-2023-46604, leveraging deserialization in Apache ActiveMQ via crafted ExceptionResponse messages. The exploit sends a malicious payload to trigger remote code execution on vulnerable ActiveMQ instances.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.15.5. The exploit crafts a malicious packet to trigger deserialization of a malicious class, leading to remote code execution (RCE) by loading an external XML configuration file.

This is a functional exploit PoC for CVE-2023-46604, targeting Apache ActiveMQ via a crafted serialized payload. The script constructs a malicious packet with a ClassPathXmlApplicationContext class name and an attacker-controlled XML payload, which can lead to remote code execution.

The repository contains only a README file with minimal content, mentioning an outdated CVE (CVE-2019-9053) and no actual exploit code or technical details. It appears to be a placeholder with no functional exploit or analysis.

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

This repository provides a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.18.2 via a crafted XML payload sent over the OpenWire protocol. It includes detailed setup instructions, exploit code (exploit.py), and a malicious XML payload (poc.xml) to achieve remote code execution (RCE) and establish a reverse shell.

This Metasploit module exploits a deserialization vulnerability in Apache ActiveMQ's OpenWire transport unmarshaller, allowing unauthenticated remote code execution via crafted payloads delivered through a malicious XML configuration file.