spring4shell Capture File
2022-4-1 03:13:38 Author: blog.didierstevens.com(查看原文) 阅读量:38 收藏

spring4shell Capture File

If you are interested, I’ve put a spring4shell exploit capture file on my GitHub.

It might trigger your AV, like Defender (Defender triggers on the webshell code).

First HTTP request in the capture file, is just a test query.

Second HTTP request is the exploit that drops a webshell.

Third HTTP request is using that webshell.

Figure 1: just a test request
Figure 2: exploit dropping a webshell
Figure 3: using the webshell

No comments yet.


文章来源: https://blog.didierstevens.com/2022/03/31/spring4shell-capture-file/
如有侵权请联系:admin#unsafe.sh