bjrjk/pwn-learning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Level 1 of PwnCollegeV8Exploitation

Browse Source
This commit is contained in:
Jack Ren
2024-09-07 10:12:57 +08:00
parent d368897714
commit 409a2d60cd
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
JavaScript/PwnCollegeV8Exploitation/Level1/README.md Normal file
View File

@@ -0,0 +1,20 @@
# Level 1
## Problem
Directly execute amd64 machine code by calling `run()` on an array receiver.
The array should have elements kind `PACKED_DOUBLE_ELEMENTS`.
The `run()` is installed on `Array.prototype`.
## Key Knowledge
- [Inheritance and the prototype chain in JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Inheritance_and_the_prototype_chain)
- `Receiver` Object
- [How to understand sender and receiver in Ruby?](https://stackoverflow.com/questions/15592268/how-to-understand-sender-and-receiver-in-ruby)
- [Could you explain sender and receiver in OOP and give examples?](https://stackoverflow.com/questions/45474802/could-you-explain-sender-and-receiver-in-oop-and-give-examples)
- [Elements Kinds in V8](https://v8.dev/blog/elements-kinds)
- IEEE754 Standard
- Conversion between double & int64 representation using IEEE754
- ShellCode