Course

This lab delves into the vulnerabilities of Spring (1.4.*) applications with exposed Spring Actuators and Spring Cloud, demonstrating how an attacker can gain code execution. Spring Actuators enable monitoring and managing Spring applications, but in versions 1.4.x and below, they are unprotected, allowing reconfiguration of the application. The course guides you through the steps to exploit this vulnerability, including finding the /env endpoint, building a malicious jar and yaml file, and using POST requests to reconfigure the service and force a refresh of the configuration to achieve code execution.

The course is grounded in the impressive research published in the mbechler/marshalsec repository and Veracode's article on exploiting Spring Boot Actuators. Through hands-on exercises, participants will learn to build a malicious jar file, create a corresponding YAML file, and reconfigure a vulnerable service to gain command execution. This practical approach ensures that participants thoroughly understand the exploitation process, from identifying vulnerable endpoints to executing payloads.