Attacking Cyber Security News

How to Build Home Lab for Spring4Shell Exploit

Recently we heard an exploit about Spring4Shell like everyone else. We quickly built an incident on LetsDefend about it. Now, we are explaining how you can setup up a home lab yourself.



  • Build a vulnerable app
  • Preparation for attack
  • Exploitation

By the way, we have already built an incident about Spring4Shell. If you want to investigate it as an Incident Responder in SOC environment, just click the button below and register.

Build a Vulnerable App

Firstly, we should install the vulnerable app about spring4shell. Already there is a docker image we can use.

docker run -d -p 8082:8080 –name springrce -it vulfocus/spring-core-rce-2022-03-29
vulnerable spring core app

Now, we are ready to attack this app.

Preparation for Attack

Download the CVE-2022-22965 exploit code. Then run it.

Spring Core RCE - CVE-2022-22965 poc code


Everything is ready for exploitation. Let’s run the shell.


Basically, we explained how to build a vulnerable Spring4Shell lab for education purposes. Now, you are able to remote code execution on the target system (local system).

If you interested, there are other related posts:

Share on social media