How to Build Home Lab for Spring4Shell Exploit

Omer Gunal
Posted:
April 1, 2022
Home
Posts
Incident Responder
How to Build Home Lab for Spring4Shell Exploit
Contents

Recently we heard an exploit about Spring4Shell like everyone else. We quickly built an incident on LetsDefend about it. Now, we are explaining how you can setup up a home lab yourself.

Requirements:

Stages:

  • Build a vulnerable app
  • Preparation for attack
  • Exploitation

By the way, we have already built an incident about Spring4Shell. If you want to investigate it as an Incident Responder in SOC environment, just click the button below and register.

Build a Vulnerable App

Firstly, we should install the vulnerable app about spring4shell. Already there is a docker image we can use.

docker run -d -p 8082:8080 --name springrce -it vulfocus/spring-core-rce-2022-03-29

vulnerable spring core app

Now, we are ready to attack this app.

Preparation for Attack

Download the CVE-2022-22965 exploit code. Then run it.

Spring Core RCE - CVE-2022-22965 poc code

Exploitation

Everything is ready for exploitation. Let's run the shell.

Conclusion

Basically, we explained how to build a vulnerable Spring4Shell lab for education purposes. Now, you are able to remote code execution on the target system (local system).

If you interested, there are other related posts:

Share
letsdefend description card

You might also be interested in ...

Start learning cybersecurity today