PwnFunction

PwnFunction

I make pwn videos.

  • 14 posts

Finding Player and Camera Position for Fly Hack - Pwn Adventure 3

We will find the player's coordinates and also find the camera's position. This should help us to create a proper fly hack!

Pwn Adventure 3
LiveOverflow

How Speedrunners Use Game Hacking Tools

In this post we will look at time splitters used by speedrunners and how it's related to game hacking.

Pwn Adventure 3
LiveOverflow

Arbitrary Read and Write in WebKit Exploit - browser 0x08

We achieve arbitrary read/write in the JavaScriptCore of WebKit

Browser Exploitation
LiveOverflow

Preparing for Stage 2 of a WebKit exploit - browser 0x07

Setting the foundation for an arbitrary read/write (and re-implementing addrof and fakeobj).

Browser Exploitation
LiveOverflow

Speedrun Hacking Buffer Overflow - speedrun-001 DC27

Simple buffer overflow speedrun challenge, exploited with a ROP chain generated by Ropper. And analyse the timeline.

Capture The Flag
LiveOverflow

The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption - browser 0x05

In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.

Browser Exploitation
LiveOverflow

WebKit RegExp Exploit addrof() walk-through - browser 0x04

We finally look at the actual exploit code! We start with the addrof() primitive, which can leak the address of a JavaScript object in memory.

Browser Exploitation
LiveOverflow

Just-in-time Compiler in JavaScriptCore - browser 0x03

Looking at the WebKit JIT compiler - the part that converts JavaScript bytecode to machine code.

Browser Exploitation
LiveOverflow

Setup and Debug JavaScriptCore / WebKit - browser 0x01

We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.

Browser Exploitation
LiveOverflow