/LuaJIT

Mirror of the LuaJIT git repository

Primary LanguageCOtherNOASSERTION

https://github.com/thibaudlabat/LuaJIT/

LuaJIT 2.1 - exploitation challenge

LuaJIT is a Just-In-Time (JIT) compiler for the Lua programming language.

A few resources / hints for the challenge:

  • See our commits to understand what has been modified

  • Programming in Lua

    You need no more than basic language constructs. No fancy language feature. (The authors of this challenge had previously never written a single line of Lua)

  • Just-in-time compilation (Wikipedia)

    Worth reading if you have never heard of Just-in-time compilation before.

  • Introducing LuaJIT

    Explains concepts but it is slightly outdated (eg. jit.compile() does not exist anymore)

  • LuaJIT web inspector

    Compile and inspect LuaJIT bytecode / generated Assembly

  • Online Assembler and Disassembler

    x86_64 assembler/disassembler

  • You are in a sandbox

    • flag is in memory
    • seccomp syscall filter prevents you from just running os.execute("/bin/get_flag")
    • anyway, we deleted almost every global variable

  • Heavy workload is required to trigger JIT compilation.

This code will not be JIT-compiled:

f = function()
  for i=0, 10, 1 do
    end
end
f()

But this code will (notice loop boundaries):

f = function()
  for i=0, 100, 1 do
    end
end
f()