The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=vwlG2l0ANuc


Duration: 15:59
33,926 views
1,153

Part5: In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.

The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit
Saelo's exploit: https://github.com/saelo/cve-2018-4233/blob/master/pwn.js
Saelo's phrack paper: http://www.phrack.org/papers/attacking_javascript_engines.html

-=[ πŸ”΄ Stuff I use ]=-

β†’ Microphone:* https://geni.us/ntg3b
β†’ Graphics tablet:* https://geni.us/wacom-intuos
β†’ Camera#1 for streaming:* https://geni.us/sony-camera
β†’ Lens for streaming:* https://geni.us/sony-lense
β†’ Connect Camera#1 to PC:* https://geni.us/cam-link
β†’ Keyboard:* https://geni.us/mech-keyboard
β†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Website: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ πŸ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BrowserExploitation



Other Videos By LiveOverflow


2019-09-13Finding Player and Camera Position for Fly Hack - Pwn Adventure 3
2019-08-20How Speedrunners Use Game Hacking Tools
2019-08-04Windows Game Hacking with Ghidra and Cheat Engine
2019-07-28Minetest Circuit Challenge - Google CTF 2019 Qualifier
2019-07-21Arbitrary Read and Write in WebKit Exploit
2019-07-14Preparing for Stage 2 of a WebKit exploit
2019-07-07Speedrun Hacking Buffer Overflow - speedrun-001 DC27
2019-07-04YouTube BANNING Hacking Videos - Hot Take
2019-06-30Revisiting JavaScriptCore Internals: boxed vs. unboxed
2019-06-26Paste-Tastic! - Post Google CTF 2019 Stream
2019-06-23The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
2019-06-16Building an 8-Bit Computer From Scratch
2019-06-16WebKit RegExp Exploit addrof() walk-through
2019-06-09Just-in-time Compiler in JavaScriptCore (WebKit)
2019-06-02The Butterfly of JSObject
2019-05-26Hacking Browsers - Setup and Debug JavaScriptCore / WebKit
2019-05-19New Series: Getting Into Browser Exploitation - browser 0x00
2019-05-12The Origin of Script Kiddie - Hacker Etymology
2019-05-05Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs
2019-04-28Business, Money, 300k Subscribers and What's Next
2019-04-21GitLab 11.4.7 Remote Code Execution - Real World CTF 2018


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
webkit
phrack
browser exploitation
saelo
javascriptcore
webkitcore
addrof
fakeobj
exploit primitive
memory corruption
address leak
jscellheader
jscell
jsvalue
double
pointer
objects
jsobject
safari