🟱Spring4Shell: CVE-2022-22965

Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework

LogoTryHackMe | Spring4Shell: CVE-2022-22965TryHackMe
https://tryhackme.com/room/spring4shell

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Spring4Shell, Vulnerability, RCE, Java, CVE-2022-22965

Task 1 - Info Introduction and Deploy

Deploy the target machine by clicking the green button at the top of this task!

Note: This machine will take 2-3 minutes to start up completely!

No answer needed

Task 2 - Tutorial Vulnerability Background

Read the task information and understand how Spring4Shell works at a high level.

No answer needed

Task 3 - Practical Exploitation

Follow the steps in the task to exploit Spring4Shell and obtain a webshell.

No answer needed

[Bonus Question: Optional] Use your webshell to obtain a reverse/bind shell on the target.

No answer needed

What is the flag in /root/flag.txt?

Reveal Flag đŸš©

đŸš©THM{NjAyNzkyMjU0MzA1ZWMwZDdiM2E5YzFm}

Task 4 - Info Conclusion

I understand and can abuse Spring4Shell!

No answer needed

PreviousDirty Pipe: CVE-2022-0847NextBurp Suite

Last updated