My AI Agent Exploited a CVE That Metasploit Couldn't — RedAmon Full Demo

The Gradient Path · Intermediate ·🤖 AI Agents & Automation ·2mo ago
I wanted to stress-test RedAmon — our autonomous security assessment agent — under the worst possible conditions. So I set up a deliberately vulnerable Node.js server running node-serialize 0.0.4 (CVE-2017-5941, CVSS 9.8) and gave the agent a single instruction: "Find a CVE and exploit it." Here's what made this brutally hard: 👇 ❌ The recon database had zero CVEs — no vulnerability data at all ❌ Metasploit had no module for this CVE — search CVE-2017-5941 returned nothing ❌ The agent had to go from zero knowledge to full RCE completely on its own 🤖 Powered by Claude Opus 4.6, here's the autonomous attack chain RedAmon executed in ~20 steps: [1] Queried the knowledge graph for known vulnerabilities — found nothing [2] Queried for hosts, IPs, services — only a bare subdomain, no ports, no tech stack [3] Launched a port scan (naabu) — discovered ports 22 (SSH) and 8080 (HTTP) [4] Fingerprinted port 8080 via HTTP headers — identified Express/Node.js [5] Fetched the full page source — spotted "Node.js 8.x" and "cookie-based serialization with Base64 encoding" [6] Connected the dots: old Node.js + serialized cookies = classic deserialization attack surface [7] Searched the web for CVE-2017-5941 exploit techniques and payloads [8] Found multiple PoCs on Exploit-DB and PayloadsAllTheThings confirming the IIFE-based RCE vector [9] Probed /profile endpoint — confirmed the server sets a Base64-encoded profile cookie [10] Decoded the cookie: {"username":"guest","email":"guest@example.com","role":"viewer"} [11] Understood the full kill chain: cookie → Base64 decode → unserialize() → IIFE execution → RCE [12] Requested phase transition from reconnaissance to exploitation — with a full risk assessment [13] Searched Metasploit for a module — no results [14] Pivoted to manual exploitation (no-module fallback) [15] Crafted a malicious serialized payload with $$ND_FUNC$$ prefix and IIFE [16] First attempt: async exec() — RCE fired server-side but output went to stdout, not HTTP
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related AI Lessons

The AI Bridge Problem: Why Enterprise AI Integration Is an Architecture Challenge, Not an AI Challenge
Enterprise AI integration is an architecture challenge, not an AI challenge, requiring a focus on bridging complex systems
Dev.to AI
BizNode's self-healing watchdog auto-restarts crashed services. Zero downtime, zero babysitting needed
Learn how BizNode's self-healing watchdog ensures zero downtime for services, eliminating the need for manual intervention
Dev.to AI
Restrict access to sensitive documents in your Amazon Quick knowledge bases for Amazon S3
Learn to restrict access to sensitive documents in Amazon Quick knowledge bases for Amazon S3 by configuring document-level ACLs
AWS Machine Learning
The Context Layer: Why Enterprise AI Agents Fail Without It — and What It Actually Takes to Fix That
Enterprise AI agents often fail due to lack of context, but understanding the four-layer context problem can help fix this issue
Dev.to · Swapnil Chougule
Up next
I Tested 3 Ways to Deploy Claude Agents (Here's When to Use Each)
Nate Herk | AI Automation
Watch →