Skip to content
This repository has been archived by the owner on Dec 27, 2023. It is now read-only.
/ blazefox Public archive

Blazefox exploits for Windows 10 RS5 64-bit.

License

MIT license
148 stars 53 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0vercl0k/blazefox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
exploits
exploits
 
 
scripts
scripts
 
 
sm
sm
 
 
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
blaze.patch
blaze.patch
 
 

Repository files navigation

Blazefox exploits for Windows 10 RS5 64-bit

This the repository associated with the article Introduction to SpiderMonkey exploitation.

Overview

Blazefox is an exploitation challenge written by itszn for Blaze CTF 2018. The author added a blaze method to JavaScript Arrays that sets the size of the backing buffer to 420. This gives the attacker an out-of-bounds memory primitive.

ifrit.js

Organization

  • Three exploits are documented and available in exploits,
  • A WindDbg JavaScript extension that allows to dump js::Value and JSObject objects in sm,
  • Various scripts built during the research in scripts,
  • An x64 debug build of the JavaScript shell (along private symbol information) in js-asserts, and an x64 release build in js-release,
  • The sources matching js-release private symbol information in src/js,
  • Last but not least, 7z archives of the Firefox binaries (along with xul.dll private symbol information) I compiled for Windows 64-bit in ff-bin.7z.

About

Blazefox exploits for Windows 10 RS5 64-bit.

Topics

firefox exploitation blazefox

Resources

Readme

License

MIT license
Activity

Stars

148 stars

Watchers

12 watching

Forks

53 forks
Report repository

Releases 1

Binaries Latest
Dec 9, 2019

Packages

No packages published

Languages