HackTheBox - Broker

00:00 - Intro
01:00 - Start of nmap
01:45 - Logging into ActiveMQ with admin:admin and then failing to use the exploit from 2016
04:00 - Doing a full nmap scan, then running script scans on the open ports
07:50 - Finding a page that talks about CVE-2023-46604, the latest activemq exploit
11:00 - Pulling down an exploit payload for this exploit, it is golang
12:30 - Modifying the payload to execute a reverse shell, instead of downloading and executing …

activemq admin broker cve cve-2023-46604 doing down exploit hackthebox latest logging nmap open ports page ports running scan scans script start talks