ActiveMQ-RCE file does not exist in repo

Question

ActiveMQ-RCE file does not exist in repo

Closed this issue a year ago · 1 comments

on repo, I see "./ActiveMQ-RCE -i 127.0.0.1 -u http://127.0.0.1:8000/poc.xml" parameters for running the poc code but when I tried to it, it does not work. Because I see you use go lang. So how can I use it? ActiveMQ-RCE file does not exist in your repo location so, it doesn't work. Also when I try to run go file, I had this results ("tmp/go-build2874341474/b001/exe/main" doesn't exist on directory of tmp file location, also):

┌──(kali㉿kali)-[~/Desktop/ActiveMQ-RCE-main]
└─$ sudo go run main.go
_ _ _ __ __ ___ ____ ____ _____
/ \ | |() | / |/ _ \ | _ \ / | ____|
/ _ \ / | | \ \ / / _ \ |/| | | | || |) | | | _|
/ ___ \ (| || |\ V / __/ | | | || || _ <| || |_
// ____|_|| _/ ___|| ||__\ || _\___|_____|

Usage of /tmp/go-build2874341474/b001/exe/main:
-i string
ActiveMQ Server IP or Host
-p string
ActiveMQ Server Port (default "8161")
-u string
Spring XML Url

Answer 1 · 2023-11-03T10:34:04.000Z

You need to know the difference between go run and go build.
By the way, you don't have to stick to whether the filename is ActiveMQ-RCE. Both go build and go run have the same effect when running this poc.
I have provided some detailed analysis reports in README.md. Maybe you can read these reports first.
To exploit successfully, you need to serve poc.xml file with a http server, and then specify the parameter -u to the path of this file in your http server. (e.g. http://127.0.0.1:8000/poc.xml)