The only prerequisite knowledge required to understand this writeup will be an understanding of how Linux userspace exploitation works. If you have any questions about anything in this writeup, feel free to DM me through Twitter DMs will always be open. I wanted to bring together all of that information in a single post, so that the reader will not need to read from multiple sources to understand the writeup. The other reason I wanted to create this writeup is because most of the prerequisite knowledge required is scattered around a bunch of different places. I spent a lot of time debugging and understanding every part of my exploit, and popped calc in two separate ways. They either assume a bunch of prerequisite knowledge, or just don’t explain things well.
I picked the challenge oob-v8 from *CTF 2019, because it seems as though all the writeups for it are fairly incomplete. Being a CTF player myself, I thought doing a fairly recent CTF challenge might help me wrap my head around some of the exploitation techniques that are widely used provided a vulnerability does exist. I’ve recently been researching browsers, specifically JavaScript Engine exploitation in Chrome’s v8.
0 kommentar(er)
