There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
leesh3288
/ vm2_3.9.16_sandbox_escape.md
Last active
April 7, 2024 01:14
Sandbox Escape in vm2@3.9.16
vocaeq
/ inject.c
Last active
April 2, 2024 09:09
— forked from knightsc/inject.c
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 12.5 M1 Pro.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copyright (C) 2022 Evan McBroom | |
| // | |
| // Permission is hereby granted, free of charge, to any person obtaining a copy | |
| // of this software and associated documentation files (the "Software"), to deal | |
| // in the Software without restriction, including without limitation the rights | |
| // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| // copies of the Software, and to permit persons to whom the Software is | |
| // furnished to do so, subject to the following conditions: | |
| // | |
| // The above copyright notice and this permission notice shall be included in |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/stat.h> | |
| #include <unistd.h> | |
| #include <mach/mach.h> | |
| #include <mach/mach_vm.h> | |
| #include <dlfcn.h> | |
| #include <objc/runtime.h> | |
jeremiahsnapp
/ MITM -SSL-Proxies.md
Last active
November 14, 2023 07:48
Man In The Middle (MITM) SSL Proxies - Simple ways to see traffic between an SSL server and client in clear text.
mitmproxy is an excellent console app written in Python.
It is easy to use on Linux and OS X.
Use brew install mitmproxy to install it on OS X.