Skip to content

aancw/Spring4shell-poc-rs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Spring4shell PoC Script

Interactive Spring4Shell PoC attack script written in Rust

Requirements

  • Rust
  • Docker

Features

  • war file deployer
  • interactive web shell

Vulnerable Products

  • JDK version 9.0+
  • Spring framework and derivative framework spring-beans-*.jar exists

Building the Lab

  • Install docker
  • Git clone lab repo and then build
git clone https://github.com/aancw/Spring4shell-poc-lab
cd Spring4shell-poc-lab
sh deploy.sh
  • Wait until container is up
  • Happy hacking!

Checking Affected System

  • For JDK version, you can use
java -version
  • To check if you are using Spring framework or derivative. Do a global search after "spring-beans-.jar" and "spring.jar"
find . -name spring-beans*.jar

$ root@aa3b00479589:/usr/local/tomcat# find . -name spring-beans*.jar
./webapps/spring_app/WEB-INF/lib/spring-beans-5.2.3.RELEASE.jar

Detail Informations

Spring Patch

Acknowledgment

About

Spring 4 Shell PoC script writted in Rust

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages