Exploiting Node.js deserialization bug for Remote Code Execution

Kevin Moore
Kevin Moore

with the first steps completed, how is this suppose to work if you are not connected locally. How would someone run the steps after the python script without local access?

7 개월 전
nico yuri
nico yuri

comment utiliser nod. js

8 개월 전
ninja ryan and Matt vlogs clumsy ninja
ninja ryan and Matt vlogs clumsy ninja

I keep getting invalid username type as a response. Any suggestions?

9 개월 전
Behnam Anisi
Behnam Anisi

yeah u get that but then you will get a shell straight after :)

4 개월 전
Nuno Pinto
Nuno Pinto

I also get that message, but the remote shell opens. So, objective accomplished...

6 개월 전
Marbew
Marbew

the same dude... have you solved it?

6 개월 전
Akshay Jain
Akshay Jain

SyntaxError: Unexpected token at Object.parse (native) at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16) at /home/sun/server.js:11:24 at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5) at next (/home/sun/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5) at /home/sun/node_modules/express/lib/router/index.js:281:22 at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12) at next (/home/sun/node_modules/express/lib/router/index.js:275:10)

9 개월 전
Михаил Толкачев
Михаил Толкачев

so this trick only works for nodejs... eval almost like evil

년 전
tamir tian
tamir tian

prefer

년 전
Letian Chou
Letian Chou

good

년 전
Hak Asadasdas
Hak Asadasdas

do you mind sharing your burp suite with me ?

년 전
Rudra Pratap
Rudra Pratap

lmao

4 개월 전
Behnam Anisi
Behnam Anisi

hahahahah

4 개월 전
IOANNIS FOLIAS
IOANNIS FOLIAS

wtf

9 개월 전
Pr0ton
Pr0ton

L O L

년 전

다음 것