🟢Spring4Shell: CVE-2022-22965

Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework

TryHackMe | Spring4Shell: CVE-2022-22965TryHackMe

https://tryhackme.com/room/spring4shell

Room Attributes	Value
Subscription Required	False [Free]
Type	Walkthrough
Difficulty	Info
Tags	Spring4Shell, Vulnerability, RCE, Java, CVE-2022-22965

Task 1 - Info Introduction and Deploy

Deploy the target machine by clicking the green button at the top of this task!

Note: This machine will take 2-3 minutes to start up completely!

No answer needed

Task 2 - Tutorial Vulnerability Background

Read the task information and understand how Spring4Shell works at a high level.

No answer needed

Task 3 - Practical Exploitation

Follow the steps in the task to exploit Spring4Shell and obtain a webshell.

No answer needed

[Bonus Question: Optional] Use your webshell to obtain a reverse/bind shell on the target.

No answer needed

What is the flag in /root/flag.txt?

Reveal Flag 🚩

🚩THM{NjAyNzkyMjU0MzA1ZWMwZDdiM2E5YzFm}

Task 4 - Info Conclusion

I understand and can abuse Spring4Shell!

No answer needed