Skip to content

Instantly share code, notes, and snippets.

diff --git a/Cloud/Docker/Dockerfile b/Cloud/Docker/Dockerfile
index 093e342..c2005ef 100644
--- a/Cloud/Docker/Dockerfile
+++ b/Cloud/Docker/Dockerfile
@@ -16,10 +16,12 @@ WORKDIR /home/fuzzer
ADD FuzzilliBuilder/out/Fuzzilli Fuzzilli
# Add JavaScriptCore binary
-ADD JSCBuilder/out jsc
+#ADD JSCBuilder/out jsc
From 93c6087b83243b02f1dae28964732215782c5df4 Mon Sep 17 00:00:00 2001
From: n30m1nd <j******@gmail.com>
Date: Sat, 21 Mar 2020 14:09:14 +0000
Subject: [PATCH] Patch fuzzilli
---
BUILD.gn | 2 +
src/d8/cov.cc | 61 ++++++++++++++++++++++++
src/d8/cov.h | 6 +++
src/d8/d8.cc | 126 ++++++++++++++++++++++++++++++++++++++++++++++++++
REM =========================================================================
REM | THIS SCRIPT IS TOTALLY UNSAFE TO USE IF YOU'RE PLANNING TO COMPILE V8!! |
REM =========================================================================
REM Script to build a vulnerable v8 version on Windows (produces d8.exe)
REM This script is a variation from: http://www.lfdm.net/development/5-how-to-compile-v8-on-windows.html
REM https://bugs.chromium.org/p/project-zero/issues/detail?id=1710
REM It is important to compile a release build (debug=false) and to
REM disable v8_untrusted_code_mitigations to prevent unwanted boundary checks :)
REM https://twitter.com/NeomindMusic/status/1210536157815148544
import requests
from sys import argv
from random import randint
from time import sleep
headers = {
'Host': '192.168.1.39',
'Connection': 'close',
'Accept': '*/*',
'User-Agent': 'HueHueHue',
#!/usr/bin/python
from __future__ import print_function
from sys import argv, stdout, stderr
import struct
# 64 bit only for now
def print_chunk(chunkpos, size):
output = "\x00"*8
@n30m1nd
n30m1nd / exploit-heapheaven.py
Created October 20, 2017 15:10
Hack.lu 2017 - HeapHeaven write-up
#!/usr/bin/python
# Hack.lu CTF 2017 - HeapHeaven solution by n30m1nd
# Challenge by FluxFingers - https://flatearth.fluxfingers.net/
from pwn import *
from sys import *
from struct import *
def translate_baby(size):
@n30m1nd
n30m1nd / malloc_hook.js
Last active November 15, 2022 04:19
Frida hooks for malloc functions for further inspection.
'use strict';
var mallocPtr = Module.findExportByName("libc.so.6", "malloc");
var malloc = new NativeFunction(mallocPtr, 'pointer', ['long']);
var freePtr = Module.findExportByName("libc.so.6", "free");
var freel = new NativeFunction(freePtr, 'void', ['pointer']);
var reallocPtr = Module.findExportByName("libc.so.6", "realloc");
var reallocl = new NativeFunction(reallocPtr, 'pointer', ['pointer', 'int']);
@n30m1nd
n30m1nd / apatching_for_AFL_Persistent_fuzzing.diff
Last active August 13, 2024 18:02
Patch for Apache httpd to make it fuzzable through afl-clang-fast
Index: server/main.c
===================================================================
--- server/main.c (revision 1794475)
+++ server/main.c (working copy)
@@ -434,11 +434,157 @@
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
" -X : debug mode (only one worker, do not detach)");
- destroy_and_exit_process(process, 1);
+ destroy_and_exit_process(process, 0);
@n30m1nd
n30m1nd / apatching_apache_for_AFL_fuzzing.diff
Last active August 13, 2020 03:02
This patch adds the "-F" switch. This switch reads a file from the command line arguments and feeds it to Apache httpd server
Index: server/main.c
===================================================================
--- server/main.c (revision 1794194)
+++ server/main.c (working copy)
@@ -371,7 +371,11 @@
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
" -c \"directive\" : process directive after reading "
"config files");
+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
+ " -F : hackish file to read as request "
#!/bin/bash
PREFIX="${PREFIX:-/usr/local/apache_clean}"
echo -e " \e[32mAPR"
echo
echo "Running apr with: c-compiler:$CC $CFLAGS c++-compiler:$CXX $CXXFLAGS"
sleep 2
cd apr-1* && ./configure --prefix="$PREFIX" && apr=$(pwd) && make clean && make -j4 && sudo make install && cd ..