bjrjk/pwn-learning

Files

T

History

Jack Ren 41c959a465 Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

..

args.gn

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

Exploit.js

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

patch

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

README.md

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

REVISION

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

README.md

Level 1

Problem

Directly execute amd64 machine code by calling run() on an array receiver.

The array should have elements kind PACKED_DOUBLE_ELEMENTS.

The run() is installed on Array.prototype.

Key Knowledge

Inheritance and the prototype chain in JavaScript
Receiver Object
- How to understand sender and receiver in Ruby?
- Could you explain sender and receiver in OOP and give examples?
Elements Kinds in V8
IEEE754 Standard
- Conversion between double & int64 representation using IEEE754
ShellCode