Recently we heard an exploit about Spring4Shell like everyone else. We quickly built an incident on LetsDefend about it. Now, we are explaining how you can setup up a home lab yourself.
Requirements:
- Vulnerable app
- Spring4Shell exploit
- Docker
Stages:
- Build a vulnerable app
- Preparation for attack
- Exploitation
By the way, we have already built an incident about Spring4Shell. If you want to investigate it as an Incident Responder in SOC environment, just click the button below and register.
Build a Vulnerable App
Firstly, we should install the vulnerable app about spring4shell. Already there is a docker image we can use.
| docker run -d -p 8082:8080 –name springrce -it vulfocus/spring-core-rce-2022-03-29 |
Now, we are ready to attack this app.
Preparation for Attack
Download the CVE-2022-22965 exploit code. Then run it.
Exploitation
Everything is ready for exploitation. Let’s run the shell.
Conclusion
Basically, we explained how to build a vulnerable Spring4Shell lab for education purposes. Now, you are able to remote code execution on the target system (local system).
If you interested, there are other related posts: