Categories: Kali Linux

Nodexp – A Server Side Javascript Injection Tool Capable Of Detecting & Exploiting Node.js Vulnerabilities

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!

Nodexp Getting Started – Installation & Usage

Download NodeXP by cloning the Git repository:

git clone https://github.com/esmog/nodexp

To get a list of all options run:

python2.7 nodexp -h

Examples for POST and GET cases accordingly:

python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

Also ReadNeofetch – A command-line System Information Tool

Setting Up and Use Testbeds

In order get familiar with NodeXP you might need to set the Node.js testing services provided (/testbeds) and start using the tool. A local machine running Node.js server will be necessary.

Firstly, you should install ‘body-parser’ and ‘express’ packages, in the GET and POST directories.

Go to ‘testbeds/GET’ directory on your local machine and paste the command below in terminal:

npm install express --save

Go to ‘testbeds/POST’ directory and paste the commands below in terminal:

npm install body-parser --save
nmp install express --save

After the correct installment of the packages you could run each service by running the command ‘node’ and the desirable js file (ex. node eval.js).

After you server is up and running, you are ready to run NodeXP and test it upon those services!

Example for GET case shown below:

python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/?name=[INJECT_HERE]

Example for POST case shown below:

python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/post.js --pdata=username=[INJECT_HERE]

Maintain & Update Payload Files

Payloads used by both Blind and Results Based Injection technique are stored in “/files/blind_payloads.txt” and in “/files/payloads.txt”.

Payloads are written in every odd line number of text files and, in case of Results Based Injection, their expected responses are written in every even line number of the “payloads.txt” file as a list separeted with commas. Even line numbers of the “blind_payloads.txt” file are empty.

In order to stop the process of injection, “—end(nextline)—end” is used as a delimeter capable of stop parsing and injecting payloads, for both Blind and Result Based Injection cases.

Every user can maintain and update the payload txt files with its own payloads, as far as she/he follows the above instructions.

Disclaimer

The tool’s purpose is strictly academic and was developed in order to conduct my master’s thesis. It could also be helpful during the process of a penetration test on Node.js services. Any other malicious or illegal usage of the tool is strongly not recommended and is clearly not a part of the purpose of this research.

Credit: Dimitris Antonaropoulos

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

1 week ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

2 weeks ago