17 lines
859 B
Markdown
17 lines
859 B
Markdown
# Level 9
|
|
|
|
## Problem
|
|
|
|
Given V8 Sandbox memory corruption API (Address Of, Cage Read & Write Primitive).
|
|
|
|
## Key Knowledge
|
|
- V8 (Heap) Sandbox
|
|
- [The V8 Sandbox](https://v8.dev/blog/sandbox)
|
|
- V8 Memory Corruption API
|
|
- [4a12cb1022ba335ce087dcfe31b261355524b3bf - v8/v8 - Git at Google](https://chromium.googlesource.com/v8/v8/+/4a12cb1022ba335ce087dcfe31b261355524b3bf)
|
|
- [KITCTFCTF 2022 V8 Heap Sandbox Escape](https://ju256.rip/posts/kitctfctf22-date/#v8s-memory-corruption-api)
|
|
- V8 Sandbox Escape Technique
|
|
- [Dice CTF Memory Hole: Breaking V8 Heap Sandbox](https://mem2019.github.io/jekyll/update/2022/02/06/DiceCTF-Memory-Hole.html)
|
|
- You can use this one!
|
|
- [V8 Sandbox escape/bypass/violation and VR collection](https://github.com/xv0nfers/V8-sbx-bypass-collection)
|
|
- Real-time update V8 Sandbox escape collection! |