Javier Jiménez n30m1nd
n30m1nd
/ fuzzilli-v8-profile-and-JIT-also-colored-output.patch
Last active
May 10, 2022 12:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Cloud/Docker/Dockerfile b/Cloud/Docker/Dockerfile | |
| index 093e342..c2005ef 100644 | |
| --- a/Cloud/Docker/Dockerfile | |
| +++ b/Cloud/Docker/Dockerfile | |
| @@ -16,10 +16,12 @@ WORKDIR /home/fuzzer | |
| ADD FuzzilliBuilder/out/Fuzzilli Fuzzilli | |
| # Add JavaScriptCore binary | |
| -ADD JSCBuilder/out jsc | |
| +#ADD JSCBuilder/out jsc |
n30m1nd
/ v8_fuzzilli_patch.patch
Last active
May 10, 2022 12:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 93c6087b83243b02f1dae28964732215782c5df4 Mon Sep 17 00:00:00 2001 | |
| From: n30m1nd <j******@gmail.com> | |
| Date: Sat, 21 Mar 2020 14:09:14 +0000 | |
| Subject: [PATCH] Patch fuzzilli | |
| --- | |
| BUILD.gn | 2 + | |
| src/d8/cov.cc | 61 ++++++++++++++++++++++++ | |
| src/d8/cov.h | 6 +++ | |
| src/d8/d8.cc | 126 ++++++++++++++++++++++++++++++++++++++++++++++++++ |
n30m1nd
/ build_v8_issue_1710.bat
Created
December 31, 2019 02:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM ========================================================================= | |
| REM | THIS SCRIPT IS TOTALLY UNSAFE TO USE IF YOU'RE PLANNING TO COMPILE V8!! | | |
| REM ========================================================================= | |
| REM Script to build a vulnerable v8 version on Windows (produces d8.exe) | |
| REM This script is a variation from: http://www.lfdm.net/development/5-how-to-compile-v8-on-windows.html | |
| REM https://bugs.chromium.org/p/project-zero/issues/detail?id=1710 | |
| REM It is important to compile a release build (debug=false) and to | |
| REM disable v8_untrusted_code_mitigations to prevent unwanted boundary checks :) | |
| REM https://twitter.com/NeomindMusic/status/1210536157815148544 |
n30m1nd
/ philips-hue-control.py
Last active
April 18, 2019 11:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from sys import argv | |
| from random import randint | |
| from time import sleep | |
| headers = { | |
| 'Host': '192.168.1.39', | |
| 'Connection': 'close', | |
| 'Accept': '*/*', | |
| 'User-Agent': 'HueHueHue', |
n30m1nd
/ fake_fastchunk_generator.py
Last active
January 4, 2019 21:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from __future__ import print_function | |
| from sys import argv, stdout, stderr | |
| import struct | |
| # 64 bit only for now | |
| def print_chunk(chunkpos, size): | |
| output = "\x00"*8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Hack.lu CTF 2017 - HeapHeaven solution by n30m1nd | |
| # Challenge by FluxFingers - https://flatearth.fluxfingers.net/ | |
| from pwn import * | |
| from sys import * | |
| from struct import * | |
| def translate_baby(size): |
n30m1nd
/ malloc_hook.js
Last active
November 15, 2022 04:19
Frida hooks for malloc functions for further inspection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict'; | |
| var mallocPtr = Module.findExportByName("libc.so.6", "malloc"); | |
| var malloc = new NativeFunction(mallocPtr, 'pointer', ['long']); | |
| var freePtr = Module.findExportByName("libc.so.6", "free"); | |
| var freel = new NativeFunction(freePtr, 'void', ['pointer']); | |
| var reallocPtr = Module.findExportByName("libc.so.6", "realloc"); | |
| var reallocl = new NativeFunction(reallocPtr, 'pointer', ['pointer', 'int']); |
n30m1nd
/ apatching_for_AFL_Persistent_fuzzing.diff
Last active
October 10, 2021 15:12
Patch for Apache httpd to make it fuzzable through afl-clang-fast
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Index: server/main.c | |
| =================================================================== | |
| --- server/main.c (revision 1794475) | |
| +++ server/main.c (working copy) | |
| @@ -434,11 +434,157 @@ | |
| ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, | |
| " -X : debug mode (only one worker, do not detach)"); | |
| - destroy_and_exit_process(process, 1); | |
| + destroy_and_exit_process(process, 0); |
n30m1nd
/ apatching_apache_for_AFL_fuzzing.diff
Last active
August 13, 2020 03:02
This patch adds the "-F" switch. This switch reads a file from the command line arguments and feeds it to Apache httpd server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Index: server/main.c | |
| =================================================================== | |
| --- server/main.c (revision 1794194) | |
| +++ server/main.c (working copy) | |
| @@ -371,7 +371,11 @@ | |
| ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, | |
| " -c \"directive\" : process directive after reading " | |
| "config files"); | |
| + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, | |
| + " -F : hackish file to read as request " |
n30m1nd
/ compile_httpd_with_flags.sh
Last active
June 6, 2020 22:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PREFIX="${PREFIX:-/usr/local/apache_clean}" | |
| echo -e " \e[32mAPR" | |
| echo | |
| echo "Running apr with: c-compiler:$CC $CFLAGS c++-compiler:$CXX $CXXFLAGS" | |
| sleep 2 | |
| cd apr-1* && ./configure --prefix="$PREFIX" && apr=$(pwd) && make clean && make -j4 && sudo make install && cd .. |