/CVE-2023-33246_Apache_RocketMQ_RCE

CVE-2023-33246 RocketMQ RCE exploit

Primary LanguagePythonApache License 2.0Apache-2.0

CVE-2023-33246 RocketMQ Remote Code Execution vulnerability

RocketMQ is a distributed messaging and streaming platform.

A critical remote code execution (RCE) vulnerability, CVE-2023-33246, was identified in Apache RocketMQ versions 5.1.0 and below. This vulnerability allows attackers to execute arbitrary commands as the system user running the application, posing a significant risk to affected systems. The exploit has been actively leveraged by threat actors, leading to the deployment of the DreamBus botnet.

This exploit script and PoC are written for an in-depth CVE analysis on vsociety.

Usage

Run the exploit:

python3 exploit.py 127.0.0.1 10911 <commands>

Run the scanner

usage: check.py [-h] [--ip IP] [--file FILE] [--port PORT] [--cidr CIDR]

Check CVE-2023-33246 RocketMQ RCE vulnerability

optional arguments:
  -h, --help   show this help message and exit
  --ip IP      A single IP address to check
  --file FILE  A file containing a list of IP addresses, one per line
  --port PORT  The port number to use when connecting to the server (default
               is 9876)
  --cidr CIDR  A CIDR range to scan (e.g. 1.2.3.0/24)

Disclaimer

⚠️ This exploit script has been created solely for research and the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The script's author and owner disclaim any responsibility or liability for any misuse or damage caused by this software. Just so you know, users are urged to use this software responsibly and only by applicable laws and regulations. Use responsibly.

Mitigation

Upgrade org.apache.rocketmq:rocketmq-broker to version 4.9.6, 5.1.1 or higher.

References