rocketmq-exploit

该技能与其声明目的高度一致，但其目的本身就是让 AI 代理执行漏洞利用、远程命令执行和任意文件写入。不存在明显的供应链或凭证窃取迹象，但作为进攻性安全/漏洞利用技能，对真实目标产生未授权攻击的风险极高，应归类为高风险可疑技能而非确认恶意软件。

High likelihood of malicious/offensive intent. The fragment contains a full recon workflow for RocketMQ (broker version, dashboard unauth check, nameserver heuristic) and explicit exploitation/post-exploitation instructions with command execution, SSH authorized_keys planting, reverse shells, and cron persistence for specific CVEs (CVE-2023-33246, CVE-2023-37582). This is not suitable for use in a trusted software supply chain without strong isolation and scrutiny.

This fragment is explicit offensive tooling: it constructs and transmits a crafted UPDATE_BROKER_CONFIG request containing a shell-command injection payload via the rocketmqHome configuration field. When used against vulnerable, exposed RocketMQ brokers, it is intended to result in remote code execution. The presence of raw protocol framing and an operational CLI confirms its malicious intent rather than benign diagnostics.

This code is explicitly an offensive exploit tool that crafts unauthenticated RocketMQ NameServer requests to redirect configStorePath to an attacker-chosen file path and write attacker-controlled content to the target system (arbitrary file write). The included examples further show persistence and remote shell payloads, making it categorically high-risk for any supply-chain inclusion and unsuitable for benign use.