all InfoSec news
Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code
Nov. 2, 2022, 11:30 a.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled.
Tested and working against Visual Studio Code, Discord, any Node.js application and more!
How
- Locate the target process.
- Send SIGUSR1 signal to the process, this will enable the debugger on a port (depending on the software, sometimes it's random, sometimes it's not).
- Determine debugging port by diffing open ports before and after sending SIGUSR1. …
abuse code electron javascript node node.js open ports order process websocket
More from www.kitploit.com / KitPloit - PenTest Tools!
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research
1 day, 17 hours ago |
www.kitploit.com
Cookie-Monster - BOF To Steal Browser Cookies & Credentials
2 days, 17 hours ago |
www.kitploit.com
Sicat - The Useful Exploit Finder
1 week, 3 days ago |
www.kitploit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Junior Cybersecurity Triage Analyst
@ Peraton | Linthicum, MD, United States
Associate Director, Operations Compliance and Investigations Management
@ Legend Biotech | Raritan, New Jersey, United States
Analyst, Cyber Operations Engineer
@ BlackRock | SN6-Singapore - 20 Anson Road
Working Student/Intern/Thesis: Hardware based Cybersecurity Training (m/f/d)
@ AVL | Regensburg, DE