Preparing for Stage 2 of a WebKit exploit

Preparing for Stage 2 of a WebKit exploit

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=3c6nC0wdU-Q


Duration: 14:33
22,094 views
689

Part 7: In this video we use the stage 1 fakeobj() and addrof() primitives, to craft malicious objects that allow us to implement arbitrary memory read and write.

saelo's phrack paper: http://www.phrack.org/papers/attacking_javascript_engines.html
niklasb's exploit: https://github.com/niklasb/sploits/blob/master/safari/regexp-uxss.html

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ”΄ Stuff I use ]=-

β†’ Microphone:* https://geni.us/ntg3b
β†’ Graphics tablet:* https://geni.us/wacom-intuos
β†’ Camera#1 for streaming:* https://geni.us/sony-camera
β†’ Lens for streaming:* https://geni.us/sony-lense
β†’ Connect Camera#1 to PC:* https://geni.us/cam-link
β†’ Keyboard:* https://geni.us/mech-keyboard
β†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ πŸ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BrowserExploitation



Other Videos By LiveOverflow


2019-12-01Exploit Fails? Debug Your Shellcode - bin 0x2B
2019-11-27Zero-day vulnerability in Bash - Suidbash Google CTF Finals 2019 (pwn)
2019-11-02Test VLOG / Channel Updates / Building PC - loopback 0x05
2019-10-30Reading Player Position with DLL Injection - Pwn Adventure 3
2019-10-01Google Paid Me to Talk About a Security Issue!
2019-09-13Finding Player and Camera Position for Fly Hack - Pwn Adventure 3
2019-08-20How Speedrunners Use Game Hacking Tools
2019-08-04Windows Game Hacking with Ghidra and Cheat Engine
2019-07-28Minetest Circuit Challenge - Google CTF 2019 Qualifier
2019-07-21Arbitrary Read and Write in WebKit Exploit
2019-07-14Preparing for Stage 2 of a WebKit exploit
2019-07-07Speedrun Hacking Buffer Overflow - speedrun-001 DC27
2019-07-04YouTube BANNING Hacking Videos - Hot Take
2019-06-30Revisiting JavaScriptCore Internals: boxed vs. unboxed
2019-06-26Paste-Tastic! - Post Google CTF 2019 Stream
2019-06-23The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
2019-06-16Building an 8-Bit Computer From Scratch
2019-06-16WebKit RegExp Exploit addrof() walk-through
2019-06-09Just-in-time Compiler in JavaScriptCore (WebKit)
2019-06-02The Butterfly of JSObject
2019-05-26Hacking Browsers - Setup and Debug JavaScriptCore / WebKit


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
browser exploitation
browser exploit
jit compiler
addrof
exploit primitive
fakeobj
phrack
saselo
niklasb
linus
linus henze
butterfly
jscell
jsvalue
jsc
lldb
javascript
java script
unboxed
boxed
js values
cell header
oop
object oriented
classes and objects
c++
advanced exploitation
osx
linux
windows
browser hacks
arbitrary read
arbitrary write