00:00 - Intro 01:00 - Start of nmap 01:45 - Logging into ActiveMQ with admin:admin and then failing to use the exploit from 2016 04:00 - Doing a full nmap scan, then running script scans on the open ports 07:50 - Finding a page that talks about CVE-2023-46604, the latest activemq exploit 11:00 - Pulling down an exploit payload for this exploit, it is golang 12:30 - Modifying the payload to execute a reverse shell, instead of downloading and executing an elf file. Need to HTML Entity Encode the payload 16:30 - Reverse shell returned, seeing we can run nginx as root 17:20 - Building an nginx config that runs as root and shares the entire filesystem 23:08 - Enabling the WebDav PUT so we can upload files to the server and uploading an SSH Key 27:05 - Showing we could upload a cron entry aswell to get code execution
Hide player controls
Hide resume playing