SlideShare a Scribd company logo

Node.js Deserialization

NSConclave, profile picture
NSConclave

This document discusses node.js deserialization and exploitation examples. It provides an overview of node.js as server-side JavaScript. Deserialization is converting an object from a byte stream back into memory. The document demonstrates two exploitation examples, the first using an unprotected API and the second targeting node.js deserialization. It recommends input sanitization and blocking/replacing methods as remediation techniques.

Software
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Node.js deserialization Khushal Suthar 7/5/2020
About me Security Analyst at Net-Square Khushal Suthar Twitter: @Khus369 Linkedin: /khus369
Objectives What is node.js. What is deserialization. Exploitation example 1. Exploit - 1 unprotected api 2. Exploit - 2 nodejs Remediation
In Simple words Node js is “Server-side JavaScript”
What is deserialization Serialization is a mechanism of converting the state of an object into a byte stream. Deserialization is the reverse process where the byte stream is used to recreate the actual object in memory
Exploit - 1 Unprotected API Show data Send GET request for retrieved save serialized data Create data Send POST request with json data for serialization.
Payload Create ● arbitrary code execution should occur when untrusted input is passed into unserialize() function. The best way to create a payload is to use the serialize() function of the same module.
Payload Create I created the following JavaScript object and passed it to serialize() function. Which gives the following output.
Send normal API request, intercept the request.
Replace the payload
Add the command
And get the response
Example - 2 Node.js deserialization
Payload Create
Load the website
Intercept the request
Decode cookie
Encode payload in base64
Cookie replaced by payload
Get the nc connection
Remediation ● Properly sanitize the input data ○ Use block and replace method Vulnerable Code
References ● https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-r emote-code-execution/ ● https://hd7exploit.wordpress.com/2017/05/29/exploiting-node-js-deserialization-bug-for-remote-code-ex ecution-cve-2017-5941/ ● https://github.com/hoainam1989/training-application-security/blob/master/shell/node_shell.py
Questions
Thank You!

More Related Content

PPTX
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
PPTX
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
 
PDF
New PHP Exploitation Techniques
RIPS Technologies GmbH
 
PPTX
Waf bypassing Techniques
Avinash Thapa
 
PDF
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
PDF
とある診断員と色々厄介な脆弱性達
zaki4649
 
PDF
Pentesting like a grandmaster BSides London 2013
Abraham Aranguren
 
PDF
nginx 입문 공부자료
choi sungwook
 
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
 
New PHP Exploitation Techniques
RIPS Technologies GmbH
 
Waf bypassing Techniques
Avinash Thapa
 
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
とある診断員と色々厄介な脆弱性達
zaki4649
 
Pentesting like a grandmaster BSides London 2013
Abraham Aranguren
 
nginx 입문 공부자료
choi sungwook
 

What's hot (20)

PDF
Modern Kernel Pool Exploitation: Attacks and Techniques
Michael Scovetta
 
PDF
점진적인 레거시 웹 애플리케이션 개선 과정
Arawn Park
 
PDF
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
Abraham Aranguren
 
PPTX
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
PDF
WebSocketでリアルタイム処理をする
龍一 田中
 
PDF
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
Frans Rosén
 
PPTX
Workshop Spring - Session 1 - L'offre Spring et les bases
Antoine Rey
 
PDF
카카오톡으로 여친 만들기 2013.06.29
Taehoon Kim
 
PDF
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4hackers.com
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
PPT
Bypass file upload restrictions
Mukesh k.r
 
PDF
코틀린 멀티플랫폼, 미지와의 조우
Arawn Park
 
PPTX
jQuery
Dileep Mishra
 
PDF
ORM2Pwn: Exploiting injections in Hibernate ORM
Mikhail Egorov
 
PPTX
Laravel Tutorial PPT
Piyush Aggarwal
 
PDF
ニコニコ生放送の配信基盤改善
takahiro_yachi
 
PDF
HTTP Request Smuggling via higher HTTP versions
neexemil
 
PDF
Docker + Kubernetes를 이용한 빌드 서버 가상화 사례
NAVER LABS
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
PDF
Python Deserialization Attacks
NSConclave
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Michael Scovetta
 
점진적인 레거시 웹 애플리케이션 개선 과정
Arawn Park
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
Abraham Aranguren
 
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
WebSocketでリアルタイム処理をする
龍一 田中
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
Frans Rosén
 
Workshop Spring - Session 1 - L'offre Spring et les bases
Antoine Rey
 
카카오톡으로 여친 만들기 2013.06.29
Taehoon Kim
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4hackers.com
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Bypass file upload restrictions
Mukesh k.r
 
코틀린 멀티플랫폼, 미지와의 조우
Arawn Park
 
jQuery
Dileep Mishra
 
ORM2Pwn: Exploiting injections in Hibernate ORM
Mikhail Egorov
 
Laravel Tutorial PPT
Piyush Aggarwal
 
ニコニコ生放送の配信基盤改善
takahiro_yachi
 
HTTP Request Smuggling via higher HTTP versions
neexemil
 
Docker + Kubernetes를 이용한 빌드 서버 가상화 사례
NAVER LABS
 
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Python Deserialization Attacks
NSConclave
 
Ad

Similar to Node.js Deserialization (10)

PDF
Breakfast cereal for advanced beginners
Truptiranjan Nayak
 
PPTX
Deserialization vulnerabilities
GreenD0g
 
PPTX
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
 
PDF
(De)serial Killers - BSides Las Vegas & AppSec IL 2018
Checkmarx
 
PPTX
(De)serial Killers - BSides Las Vegas & AppSec IL 2018
Dor Tumarkin
 
PPTX
Insecure Java Deserialization
Shiv Sahni
 
PDF
Deserialization with the JavaScript for the lulz
Andrew Freeborn
 
PPTX
module node jsbhgnbgtyuikmnbvcfyum2.pptx
hemalathas752360
 
PDF
Exploiting Deserialization Vulnerabilities in Java
CODE WHITE GmbH
 
PPTX
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
Breakfast cereal for advanced beginners
Truptiranjan Nayak
 
Deserialization vulnerabilities
GreenD0g
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
 
(De)serial Killers - BSides Las Vegas & AppSec IL 2018
Checkmarx
 
(De)serial Killers - BSides Las Vegas & AppSec IL 2018
Dor Tumarkin
 
Insecure Java Deserialization
Shiv Sahni
 
Deserialization with the JavaScript for the lulz
Andrew Freeborn
 
module node jsbhgnbgtyuikmnbvcfyum2.pptx
hemalathas752360
 
Exploiting Deserialization Vulnerabilities in Java
CODE WHITE GmbH
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
Ad

More from NSConclave (20)

PDF
RED-TEAM_Conclave
NSConclave
 
PPTX
Create a Custom Plugin in Burp Suite using the Extension
NSConclave
 
PPTX
IOT SECURITY ASSESSMENT Pentester's Approach
NSConclave
 
PPTX
Debugging Android Native Library
NSConclave
 
PPTX
Burp Suite Extension Development
NSConclave
 
PDF
Log Analysis
NSConclave
 
PDF
Regular Expression Injection
NSConclave
 
PDF
HTML5 Messaging (Post Message)
NSConclave
 
PDF
RIA Cross Domain Policy
NSConclave
 
PDF
LDAP Injection
NSConclave
 
PDF
Sandboxing
NSConclave
 
PDF
NoSql Injection
NSConclave
 
PDF
Thick Client Testing Advanced
NSConclave
 
PDF
Thick Client Testing Basics
NSConclave
 
PDF
Markdown
NSConclave
 
PDF
Docker 101
NSConclave
 
PDF
Security Architecture Consulting - Hiren Shah
NSConclave
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
PDF
Lets get started with car hacking - Ankit Joshi
NSConclave
 
PDF
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
NSConclave
 
RED-TEAM_Conclave
NSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
NSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
NSConclave
 
Debugging Android Native Library
NSConclave
 
Burp Suite Extension Development
NSConclave
 
Log Analysis
NSConclave
 
Regular Expression Injection
NSConclave
 
HTML5 Messaging (Post Message)
NSConclave
 
RIA Cross Domain Policy
NSConclave
 
LDAP Injection
NSConclave
 
Sandboxing
NSConclave
 
NoSql Injection
NSConclave
 
Thick Client Testing Advanced
NSConclave
 
Thick Client Testing Basics
NSConclave
 
Markdown
NSConclave
 
Docker 101
NSConclave
 
Security Architecture Consulting - Hiren Shah
NSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
 
Lets get started with car hacking - Ankit Joshi
NSConclave
 
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
NSConclave
 

Recently uploaded (20)

PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
System and Network Administration Chapter 2
jaramharo
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Introduction to Artificial Intelligence
lohedi9363
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Transform Your Business with a Software ERP System
Canada Software Company
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 

Node.js Deserialization