Chrome V8 CVE exploits and proof-of-concept scripts written by me, for educational and research purposes only.
hash: 568979f4d891bafec875fab20f608ff9392f4f29
env: Linux
details: https://xz.aliyun.com/t/13075
http://p4nda.top/2019/06/11/%C2%96CVE-2018-17463/
https://bugs.chromium.org/p/chromium/issues/detail?id=888923
hash: e1e92f8ba77145568e781b47b31ad82535e868bf
env: Windows
https://bugs.chromium.org/p/chromium/issues/detail?id=1307610
https://paper.seebug.org/1955/
ver: 10.6.194.12
env: linux
race condition, use lock to make it easy to trigger.
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
hash: f7a3499f6d7e50b227a17d2bbd96e4b59a261d3c
env: Linux
https://github.com/mistymntncop/CVE-2023-2033
https://bugs.chromium.org/p/chromium/issues/detail?id=1445008
https://bugs.chromium.org/p/chromium/issues/detail?id=1432210
https://h0meb0dy.me/entry/TheHole-Exploit-from-TheHole-to-Shellcode
https://cwresearchlab.co.kr/entry/CVE-2023-2033-JIT-optimisation-issue
https://cwresearchlab.co.kr/entry/Chrome-v8-Hole-Exploit
hash: 610c1976fe17b5bfb12eefe1e6dc7c3a5bd5141a
出在了强网杯的决赛,当时只在本地打通了,赛后修改了一下,用一个新线程来稳定内存布局,还是不太稳定,不确定是否为预期解。
POC analysis: https://rycbar77.github.io/2023/12/01/CVE-2023-4427%E5%88%86%E6%9E%90%E4%B8%8E%E5%A4%8D%E7%8E%B0/
bi0sctf 2024 ezv8
https://chromium.googlesource.com/v8/v8.git/+/d65423559f2ed0f24f69994906fbad0860501799%5E!/
xctf-final 0ob
See https://github.com/rycbar77/writeups/tree/master/2024/xctf-final/0ob
V8CTF M122
V8CTF M123
hijack wasm jump_table_start to control rip.
See https://github.com/rycbar77/writeups/tree/master/2024/plaidctf/maglev
See https://github.com/rycbar77/writeups/tree/master/2024/htb-bussiness/pwn_pyrrhus
See https://github.com/rycbar77/writeups/tree/master/2024/google-ctf/heat
See https://github.com/rycbar77/writeups/tree/master/2024/hitconctf/V8%20SBX
See https://github.com/rycbar77/writeups/blob/master/2024/sekaictf/ContextReducer/