Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3134] No subject

Browse source
This commit is contained in:
CPol 2022-04-28 13:46:37 +00:00 committed by gitbook-bot
parent c315f8c82d
commit 23e2c9bb5d
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
linux-unix/privilege-escalation/electron-cef-chromium-debugger-abuse.md
View file

@ -89,7 +89,7 @@ The tool [**https://github.com/taviso/cefdebug**](https://github.com/taviso/cefd
Note that **NodeJS RCE exploits won't work** if connected to a browser via [**Chrome DevTools Protocol**](https://chromedevtools.github.io/devtools-protocol/) **** (you need to check the API to find interesting things to do with it).
{% endhint %}
## RCE
## RCE in NodeJS Debugger/Inspector
{% hint style="info" %}
If you came here looking how to get [**RCE from a XSS in Electron please check this page.**](../../pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/)****
@ -124,6 +124,10 @@ ws.send(JSON.stringify({
}));
```
### Webdriver RCE and exfiltration
According to this post: [https://medium.com/@knownsec404team/counter-webdriver-from-bot-to-rce-b5bfb309d148](https://medium.com/@knownsec404team/counter-webdriver-from-bot-to-rce-b5bfb309d148) it's possible to obtain RCE and exfiltrate internal pages from theriver.
### Post-Exploitation
In a real environment and **after compromising** a user PC that uses Chrome/Chromium based browser you could launch a Chrome process with the **debugging activated and port-forward the debugging port** so you can access it. This way you will be able to **inspect everything the victim does with Chrome and steal sensitive information**.