Skip to content

Latest commit

 

History

History
73 lines (47 loc) · 2.34 KB

spring4shell-cve-2022-22965.md

File metadata and controls

73 lines (47 loc) · 2.34 KB
Raw
description
Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework

🟢 Spring4Shell: CVE-2022-22965

{% embed url="https://tryhackme.com/room/spring4shell" %} https://tryhackme.com/room/spring4shell {% endembed %}

Room Attributes Value
Subscription Required False [Free]
Type Walkthrough
Difficulty Info
Tags Spring4Shell, Vulnerability, RCE, Java, CVE-2022-22965

Task 1 - Info Introduction and Deploy

Deploy the target machine by clicking the green button at the top of this task!

{% hint style="info" %} Note: This machine will take 2-3 minutes to start up completely! {% endhint %}

{% hint style="success" %} No answer needed {% endhint %}

Task 2 - Tutorial Vulnerability Background

Read the task information and understand how Spring4Shell works at a high level.

{% hint style="success" %} No answer needed {% endhint %}

Task 3 - Practical Exploitation

Follow the steps in the task to exploit Spring4Shell and obtain a webshell.

{% hint style="success" %} No answer needed {% endhint %}

[Bonus Question: Optional] Use your webshell to obtain a reverse/bind shell on the target.

{% hint style="success" %} No answer needed {% endhint %}

What is the flag in /root/flag.txt?

Reveal Flag 🚩

🚩THM{NjAyNzkyMjU0MzA1ZWMwZDdiM2E5YzFm}

Task 4 - Info Conclusion

I understand and can abuse Spring4Shell!

{% hint style="success" %} No answer needed {% endhint %}