bjrjk/pwn-learning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

Browse Source
This commit is contained in:
Jack Ren
2024-09-27 10:32:08 +08:00
parent ed5918f284
commit 41c959a465
52 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
PwnCollege/V8Exploitation/Level1/README.md Normal file
View File

@@ -0,0 +1,20 @@
# Level 1
## Problem
Directly execute amd64 machine code by calling `run()` on an array receiver.
The array should have elements kind `PACKED_DOUBLE_ELEMENTS`.
The `run()` is installed on `Array.prototype`.
## Key Knowledge
- [Inheritance and the prototype chain in JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Inheritance_and_the_prototype_chain)
- `Receiver` Object
- [How to understand sender and receiver in Ruby?](https://stackoverflow.com/questions/15592268/how-to-understand-sender-and-receiver-in-ruby)
- [Could you explain sender and receiver in OOP and give examples?](https://stackoverflow.com/questions/45474802/could-you-explain-sender-and-receiver-in-oop-and-give-examples)
- [Elements Kinds in V8](https://v8.dev/blog/elements-kinds)
- IEEE754 Standard
- Conversion between double & int64 representation using IEEE754
- ShellCode