bjrjk/pwn-learning

Files

History

Jack Ren 41c959a465 Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

..

args.gn

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

Exploit.js

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

patch

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

README.md

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

REVISION

Moved JavaScript/PwnCollegeV8Exploitation/ to PwnCollege/V8Exploitation/

2024-09-27 10:32:08 +08:00

README.md

Level 9

Problem

Given V8 Sandbox memory corruption API (Address Of, Cage Read & Write Primitive).

Key Knowledge

V8 (Heap) Sandbox
- The V8 Sandbox
V8 Memory Corruption API
- 4a12cb1022ba335ce087dcfe31b261355524b3bf - v8/v8 - Git at Google
- KITCTFCTF 2022 V8 Heap Sandbox Escape
V8 Sandbox Escape Technique
- Dice CTF Memory Hole: Breaking V8 Heap Sandbox
  - You can use this one!
- V8 Sandbox escape/bypass/violation and VR collection
  - Real-time update V8 Sandbox escape collection!