Monius Mon-ius

## Exploiting Lua 5.1 bytecode.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Mon-ius
                / Exploiting Lua 5.1 bytecode.md
            
            
              Created
              December 9, 2022 21:40
                — forked from ulidtko/Exploiting Lua 5.1 bytecode.md
            
          
    Exploiting Lua 5.1 on x86_64

The following Lua program generates a Lua bytecode program called lua-sandbox-rce.luac, which in turn spawns a shell from within Lua 5.1 sandbox. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.
function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed
  local function middle()
    local co, upval
    local ub1 = {[0] = -- Convert uint8_t to char[1]

  
## common.pac
const steamCommonList = [
    "*steamcommunity.com*",
    "*.steam-chat.com*",
    "*.cm.steampowered.com*",
    "*.steamdb.info*",
    "*.steamstatic.com*",
    "*.zoom.us*",
    "*.discord.com*"
    ]

## Cargo.toml
[package]
name = "ddns"
version = "0.1.0"
edition = "2021"

[dependencies]
reqwest = { version = "0.11", features = ["blocking", "json"] }
tokio = { version = "1.19.2", features = ["full"] }
regex = "1"
local-ip-address = "0.4.4"

## Atom
Gist
	const steamCommonList = [
	"steamcommunity.com",
	".steam-chat.com",
	".cm.steampowered.com",
	".steamdb.info",
	".steamstatic.com",
	".zoom.us",
	".discord.com"
	]
	[package]
	name = "ddns"
	version = "0.1.0"
	edition = "2021"

	[dependencies]
	reqwest = { version = "0.11", features = ["blocking", "json"] }
	tokio = { version = "1.19.2", features = ["full"] }
	regex = "1"
	local-ip-address = "0.4.4"