pwn-learning/PwnCollege/V8Exploitation/Level1/README.md

Level 1

Problem

Directly execute amd64 machine code by calling run() on an array receiver.

The array should have elements kind PACKED_DOUBLE_ELEMENTS.

The run() is installed on Array.prototype.

Key Knowledge

• Inheritance and the prototype chain in JavaScript
• Receiver Object
  • How to understand sender and receiver in Ruby?
  • Could you explain sender and receiver in OOP and give examples?
• Elements Kinds in V8
• IEEE754 Standard
  • Conversion between double & int64 representation using IEEE754
• ShellCode