Anzeige
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization
Node.js Deserialization

Check these out next

Spring Data JPA
Spring Data JPA
Cheng Ta Yeh
Compiling EdgeQL
Compiling EdgeQL
EdgeDB
Powerful persistence layer with Google Guice & MyBatis
Powerful persistence layer with Google Guice & MyBatis
simonetripodi
Connecting to a REST API in iOS
Connecting to a REST API in iOS
gillygize
JDD2015: Sharding with Akka Cluster: From Theory to Production - Krzysztof Ot...
JDD2015: Sharding with Akka Cluster: From Theory to Production - Krzysztof Ot...
PROIDEA
Sane Sharding with Akka Cluster
Sane Sharding with Akka Cluster
miciek
Constructor oopj
Constructor oopj
ShaishavShah8
HexRaysCodeXplorer: make object-oriented RE easier
HexRaysCodeXplorer: make object-oriented RE easier
Alex Matrosov
1 von 24

Node.js Deserialization

7. May 2020
Downloaden Sie, um offline zu lesen
Software

Learn the concepts of Node.js deserialization based attack scenarios.

NSConclave
NSConclave
Anzeige
Anzeige
Anzeige

Recomendados

Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave1K Aufrufe33 Folien
Mac/iOS Design PatternsMac/iOS Design Patterns
Mac/iOS Design PatternsRobert Brown7.2K Aufrufe42 Folien
EclipseCon 2011-Gemini NamingEclipseCon 2011-Gemini Naming
EclipseCon 2011-Gemini NamingShaun Smith649 Aufrufe8 Folien
Object oriented programming in JavaScriptObject oriented programming in JavaScript
Object oriented programming in JavaScriptAditya Majety180 Aufrufe13 Folien
Data perisistence in iOSData perisistence in iOS
Data perisistence in iOSmobiledeveloperpl2.9K Aufrufe129 Folien
Easy data-with-spring-data-jpaEasy data-with-spring-data-jpa
Easy data-with-spring-data-jpaStaples3.5K Aufrufe26 Folien

Más contenido relacionado

Presentaciones para ti(20)

Spring Data JPASpring Data JPA
Spring Data JPA
Cheng Ta Yeh7.8K Aufrufe
Compiling EdgeQLCompiling EdgeQL
Compiling EdgeQL
EdgeDB57 Aufrufe
Powerful persistence layer with Google Guice & MyBatisPowerful persistence layer with Google Guice & MyBatis
Powerful persistence layer with Google Guice & MyBatis
simonetripodi3.8K Aufrufe
Connecting to a REST API in iOSConnecting to a REST API in iOS
Connecting to a REST API in iOS
gillygize27.1K Aufrufe
JDD2015: Sharding with Akka Cluster: From Theory to Production - Krzysztof Ot...JDD2015: Sharding with Akka Cluster: From Theory to Production - Krzysztof Ot...
JDD2015: Sharding with Akka Cluster: From Theory to Production - Krzysztof Ot...
PROIDEA124 Aufrufe
Sane Sharding with Akka ClusterSane Sharding with Akka Cluster
Sane Sharding with Akka Cluster
miciek402 Aufrufe
Constructor oopjConstructor oopj
Constructor oopj
ShaishavShah828 Aufrufe
HexRaysCodeXplorer: make object-oriented RE easierHexRaysCodeXplorer: make object-oriented RE easier
HexRaysCodeXplorer: make object-oriented RE easier
Alex Matrosov2.6K Aufrufe
Module Ninja .JSModule Ninja .JS
Module Ninja .JS
Александър Динков440 Aufrufe
Blocks & GCDBlocks & GCD
Blocks & GCD
rsebbe2.4K Aufrufe
GCD and OperationQueue.GCD and OperationQueue.
GCD and OperationQueue.
HSIEH CHING-FAN985 Aufrufe
ElasticSearch & Elastica in Symfony2 - SfLive 2015ElasticSearch & Elastica in Symfony2 - SfLive 2015
ElasticSearch & Elastica in Symfony2 - SfLive 2015
Nicolas Badey867 Aufrufe
Introduction to Underscore.jsIntroduction to Underscore.js
Introduction to Underscore.js
André Faria Gomes2.8K Aufrufe
Javascript basics for automation testingJavascript basics for automation testing
Javascript basics for automation testing
Vikas Thange655 Aufrufe
MVC and Entity FrameworkMVC and Entity Framework
MVC and Entity Framework
James Johnson749 Aufrufe
Fun with Functional Programming in ClojureFun with Functional Programming in Clojure
Fun with Functional Programming in Clojure
Codemotion1.8K Aufrufe
{"JSON, Swift and Type Safety" : "It's a wrap"}{"JSON, Swift and Type Safety" : "It's a wrap"}
{"JSON, Swift and Type Safety" : "It's a wrap"}
Anthony Levings1.6K Aufrufe
D2 OPEN SEMINAR - WWDC 핫 이슈D2 OPEN SEMINAR - WWDC 핫 이슈
D2 OPEN SEMINAR - WWDC 핫 이슈
NAVER D23.9K Aufrufe
Persistence And DocumentsPersistence And Documents
Persistence And Documents
SV.CO813 Aufrufe
Lecture 5 javascriptLecture 5 javascript
Lecture 5 javascript
Mujtaba Haider143 Aufrufe

Similar a Node.js Deserialization(20)

Leveraging UiPath .NET integration to build JSON Leveraging UiPath .NET integration to build JSON
Leveraging UiPath .NET integration to build JSON
Cristina Vidu64 Aufrufe
Node.js 1, 2, 3Node.js 1, 2, 3
Node.js 1, 2, 3
Jian-Hong Pan1.9K Aufrufe
Top 30 Node.js interview questionsTop 30 Node.js interview questions
Top 30 Node.js interview questions
techievarsity371 Aufrufe
From C++ to Objective-CFrom C++ to Objective-C
From C++ to Objective-C
corehard_by281 Aufrufe
Java SerializationJava Serialization
Java Serialization
imypraz3.6K Aufrufe
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
OdessaJS Conf236 Aufrufe
AWS user group September 2017 - Rob Ribeiro "Seeking Solutions for Debugging ...AWS user group September 2017 - Rob Ribeiro "Seeking Solutions for Debugging ...
AWS user group September 2017 - Rob Ribeiro "Seeking Solutions for Debugging ...
AWS Chicago159 Aufrufe
soft-shake.ch - Hands on Node.jssoft-shake.ch - Hands on Node.js
soft-shake.ch - Hands on Node.js
soft-shake.ch2.3K Aufrufe
Java Hurdling: Obstacles and Techniques in Java Client Penetration-TestingJava Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Java Hurdling: Obstacles and Techniques in Java Client Penetration-Testing
Tal Melamed310 Aufrufe
Node.JS briefly introducedNode.JS briefly introduced
Node.JS briefly introduced
Alexandre Lachèze1.3K Aufrufe
How my team is applying JS framework for PHP projects.How my team is applying JS framework for PHP projects.
How my team is applying JS framework for PHP projects.
Damon Hung Tran106 Aufrufe
Why Nodejs Guilin ShanghaiWhy Nodejs Guilin Shanghai
Why Nodejs Guilin Shanghai
Jackson Tian668 Aufrufe
Why Node.jsWhy Node.js
Why Node.js
guileen2.9K Aufrufe
jQuery (intermediate)jQuery (intermediate)
jQuery (intermediate)
Madhukar Anand1.3K Aufrufe
Modern server side development with node.js - Benjamin gruenbaumModern server side development with node.js - Benjamin gruenbaum
Modern server side development with node.js - Benjamin gruenbaum
geektimecoil253 Aufrufe
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
snyff627 Aufrufe
Server Side JavaScript - You ain't seen nothing yetServer Side JavaScript - You ain't seen nothing yet
Server Side JavaScript - You ain't seen nothing yet
Tom Croucher2.9K Aufrufe
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JSFestUA814 Aufrufe
Java scriptforjavadev part2aJava scriptforjavadev part2a
Java scriptforjavadev part2a
Makarand Bhatambarekar644 Aufrufe
Introduction to Node.JSIntroduction to Node.JS
Introduction to Node.JS
Collaboration Technologies89 Aufrufe
Anzeige

Más de NSConclave(20)

RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
NSConclave69 Aufrufe
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
NSConclave42 Aufrufe
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
NSConclave54 Aufrufe
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
NSConclave128 Aufrufe
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
NSConclave122 Aufrufe
Log AnalysisLog Analysis
Log Analysis
NSConclave728 Aufrufe
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
NSConclave700 Aufrufe
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
NSConclave859 Aufrufe
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
NSConclave728 Aufrufe
LDAP InjectionLDAP Injection
LDAP Injection
NSConclave661 Aufrufe
SandboxingSandboxing
Sandboxing
NSConclave160 Aufrufe
NoSql InjectionNoSql Injection
NoSql Injection
NSConclave344 Aufrufe
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
NSConclave236 Aufrufe
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
NSConclave243 Aufrufe
MarkdownMarkdown
Markdown
NSConclave102 Aufrufe
Docker 101Docker 101
Docker 101
NSConclave131 Aufrufe
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
NSConclave126 Aufrufe
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave730 Aufrufe
Lets get started with car hacking - Ankit JoshiLets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi
NSConclave79 Aufrufe
Advanced Wireless Reconnaissance And Testing - Rohit JadavAdvanced Wireless Reconnaissance And Testing - Rohit Jadav
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
NSConclave1.1K Aufrufe

Último(20)

wordpress pluginswordpress plugins
wordpress plugins
sanjanaavivintern0 Aufrufe
Are you ready for AI? Is AI ready for you?Are you ready for AI? Is AI ready for you?
Are you ready for AI? Is AI ready for you?
KonfHubTechConferenc47 Aufrufe
operator ppt.pptoperator ppt.ppt
operator ppt.ppt
MrSharadtechnical0 Aufrufe
How to export EML files into Outlook PST formats?How to export EML files into Outlook PST formats?
How to export EML files into Outlook PST formats?
MailsDaddy0 Aufrufe
W1-Intro to python.pptxW1-Intro to python.pptx
W1-Intro to python.pptx
NaziaPerwaiz22 Aufrufe
TDD - Seriously, try it! - OpensouthcodeTDD - Seriously, try it! - Opensouthcode
TDD - Seriously, try it! - Opensouthcode
Nacho Cougil0 Aufrufe
rkp_bio_June_2023.docxrkp_bio_June_2023.docx
rkp_bio_June_2023.docx
DR. Ram Kumar Pathak2 Aufrufe
The scale-up, the autonomy and the nuclear submarineThe scale-up, the autonomy and the nuclear submarine
The scale-up, the autonomy and the nuclear submarine
Thomas Pierrain0 Aufrufe
Healthcare Mobile App Development Trends in 2023.pdfHealthcare Mobile App Development Trends in 2023.pdf
Healthcare Mobile App Development Trends in 2023.pdf
Seasia Infotech0 Aufrufe
Firewalls (1).pptFirewalls (1).ppt
Firewalls (1).ppt
adnanetnzr1 Aufruf
harnessing_the_power_of_artificial_intelligence_for_software_development.pptxharnessing_the_power_of_artificial_intelligence_for_software_development.pptx
harnessing_the_power_of_artificial_intelligence_for_software_development.pptx
sarah david0 Aufrufe
MANUAL 1.pdfMANUAL 1.pdf
MANUAL 1.pdf
Nombre Apellidos6 Aufrufe
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
06_08_emea_how_to_evaluate_rollout_and_operationalize_your_sdwan_projects_web...
ThousandEyes2 Aufrufe
0x01 - Breaking into Linux VMs for Fun and Profit0x01 - Breaking into Linux VMs for Fun and Profit
0x01 - Breaking into Linux VMs for Fun and Profit
Russell Sanford13 Aufrufe
Asdialer | How to Choose the Right Auto Dialer for Your NeedsAsdialer | How to Choose the Right Auto Dialer for Your Needs
Asdialer | How to Choose the Right Auto Dialer for Your Needs
Aresync2 Aufrufe
Customer Engagement ProgramCustomer Engagement Program
Customer Engagement Program
Prasanna Hegde3 Aufrufe
ProfitBot AIProfitBot AI
ProfitBot AI
AyanKhan4792033 Aufrufe
D&AA Lecture 2 insertion sort.pptD&AA Lecture 2 insertion sort.ppt
D&AA Lecture 2 insertion sort.ppt
HaniaKhan751 Aufruf
PPT-UEU-Basis-Data-Pertemuan-1.pptxPPT-UEU-Basis-Data-Pertemuan-1.pptx
PPT-UEU-Basis-Data-Pertemuan-1.pptx
UbaidURRahman781 Aufruf
Visual programming.pptVisual programming.ppt
Visual programming.ppt
DawoudIssa5 Aufrufe
Anzeige

Node.js Deserialization

  1. Node.js deserialization Khushal Suthar 7/5/2020
  2. About me Security Analyst at Net-Square Khushal Suthar Twitter: @Khus369 Linkedin: /khus369
  3. Objectives What is node.js. What is deserialization. Exploitation example 1. Exploit - 1 unprotected api 2. Exploit - 2 nodejs Remediation
  4. In Simple words Node js is “Server-side JavaScript”
  5. What is deserialization Serialization is a mechanism of converting the state of an object into a byte stream. Deserialization is the reverse process where the byte stream is used to recreate the actual object in memory
  6. Exploit - 1 Unprotected API Show data Send GET request for retrieved save serialized data Create data Send POST request with json data for serialization.
  7. Payload Create ● arbitrary code execution should occur when untrusted input is passed into unserialize() function. The best way to create a payload is to use the serialize() function of the same module.
  8. Payload Create I created the following JavaScript object and passed it to serialize() function. Which gives the following output.
  9. Send normal API request, intercept the request.
  10. Replace the payload
  11. Add the command
  12. And get the response
  13. Example - 2 Node.js deserialization
  14. Payload Create
  15. Load the website
  16. Intercept the request
  17. Decode cookie
  18. Encode payload in base64
  19. Cookie replaced by payload
  20. Get the nc connection
  21. Remediation ● Properly sanitize the input data ○ Use block and replace method Vulnerable Code
  22. References ● https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-r emote-code-execution/ ● https://hd7exploit.wordpress.com/2017/05/29/exploiting-node-js-deserialization-bug-for-remote-code-ex ecution-cve-2017-5941/ ● https://github.com/hoainam1989/training-application-security/blob/master/shell/node_shell.py
  23. Questions
  24. Thank You!
Anzeige