search

🟒Spring4Shell: CVE-2022-22965

Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework

LogoSpring4Shell: CVE-2022-22965TryHackMechevron-right
https://tryhackme.com/room/spring4shellarrow-up-right

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Spring4Shell, Vulnerability, RCE, Java, CVE-2022-22965

hashtag
Task 1 - Info Introduction and Deploy

hashtag
Deploy the target machine by clicking the green button at the top of this task!

circle-info

Note: This machine will take 2-3 minutes to start up completely!

circle-check

No answer needed

hashtag
Task 2 - Tutorial Vulnerability Background

hashtag
Read the task information and understand how Spring4Shell works at a high level.

circle-check

No answer needed

hashtag
Task 3 - Practical Exploitation

hashtag
Follow the steps in the task to exploit Spring4Shell and obtain a webshell.

circle-check

No answer needed

hashtag
[Bonus Question: Optional] Use your webshell to obtain a reverse/bind shell on the target.

circle-check

No answer needed

hashtag
What is the flag in /root/flag.txt?

chevron-rightReveal Flag 🚩hashtag

🚩THM{NjAyNzkyMjU0MzA1ZWMwZDdiM2E5YzFm}

hashtag
Task 4 - Info Conclusion

hashtag
I understand and can abuse Spring4Shell!

circle-check

No answer needed

PreviousDirty Pipe: CVE-2022-0847NextBurp Suite

Last updated