{"id":30130781,"url":"https://github.com/og-mason/javascript-memory-exploitation","last_synced_at":"2026-05-06T18:34:27.971Z","repository":{"id":305062139,"uuid":"1021785346","full_name":"og-mason/JavaScript-Memory-Exploitation","owner":"og-mason","description":"Exploit :)","archived":false,"fork":false,"pushed_at":"2025-07-21T09:48:14.000Z","size":10,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-10T18:09:11.376Z","etag":null,"topics":["arm64","blue-team","ethical-hacking","exploit","explorer","forensics","hacking-tool","incident-response","infosec","javascript","m1-mac","oob","open-source","open-source-security","poc","privacy-tools","python3","red-team","shellcode","threat-detection"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/og-mason.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-18T00:33:17.000Z","updated_at":"2025-07-21T09:58:06.000Z","dependencies_parsed_at":"2025-07-21T12:39:15.956Z","dependency_job_id":null,"html_url":"https://github.com/og-mason/JavaScript-Memory-Exploitation","commit_stats":null,"previous_names":["inorisoji/f.exploit","og-mason/javascript-memory-exploitation"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/og-mason/JavaScript-Memory-Exploitation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/og-mason%2FJavaScript-Memory-Exploitation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/og-mason%2FJavaScript-Memory-Exploitation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/og-mason%2FJavaScript-Memory-Exploitation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/og-mason%2FJavaScript-Memory-Exploitation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/og-mason","download_url":"https://codeload.github.com/og-mason/JavaScript-Memory-Exploitation/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/og-mason%2FJavaScript-Memory-Exploitation/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269764976,"owners_count":24472150,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm64","blue-team","ethical-hacking","exploit","explorer","forensics","hacking-tool","incident-response","infosec","javascript","m1-mac","oob","open-source","open-source-security","poc","privacy-tools","python3","red-team","shellcode","threat-detection"],"created_at":"2025-08-10T18:05:07.092Z","updated_at":"2026-05-06T18:34:27.920Z","avatar_url":"https://github.com/og-mason.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"#  JavaScript Memory Exploitation PoC (Apple M1 ARM64)\nДанный проект содержит серию демонстрационных JavaScript PoC-эксплойтов, иллюстрирующих потенциальные техники out-of-bounds (OOB) доступа к памяти, перезаписи и исполнения shellcode, ориентированных на ARM64 (Apple Silicon M1).\n\nПроект ориентирован на исследовательские цели и предназначен исключительно для изучения поведения JavaScript-движка WebKit (JSC).\n\n##  Структура проекта\n\n```bash\n├── index.html          # Основной PoC-эксплойт с JIT Spray и ARM64 shellcode\n├── nindex.html         # Упрощённая версия эксплойта\n├── test.html           # Тестовый сценарий с OOB чтением и записью\n├── poc/\n│   ├── PoC1.js         # Минимальный OOB-пример с попыткой переписать память\n│   └── poc.js          # Расширенный OOB-пример с большим числом записей\n└── create_wasm.js      # Генератор бинарного файла exploit.wasm\n```\n\n## Основной эксплойт (index.html)\n\nЭтот [HTML-файл](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/index.html) запускает следующий пайплайн:\n\n- Выделяет буферы `ArrayBuffer` и создаёт `Float64Array`/`Uint8Array`.\n- Использует уязвимую функцию `vuln(index, value)` для OOB-записи.\n- Делает JIT-спрей функций с вшитым ARM64 shellcode.\n- Перезаписывает участки памяти и проверяет исполнение shellcode.\n \n## Shellcode (ARM64)\nВстроенный в JIT shellcode может быть адаптирован под вызов execve, либо использован как индикатор исполнения.\n\n## Дополнительные PoC-файлы\n### [test.html](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/test.html)\nПростой тест переполнения массива с попыткой изменить данные в `Float64Array` и проверить успешность записи.\n### [nindex.html](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/nindex.html)\nУпрощённый вариант основного эксплойта без JIT, но с демонстрацией записи в память и попыткой RCE через вызов функции.\n\n## Папка poc/\nСодержит два PoC-файла:\n### [PoC1.js](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/POC/PoC1.js)\nМинимальный пример:\n-\tСоздание массива oob и буфера.\n- Использование `vuln()` для записи за пределами массива.\n- Попытка модификации памяти и проверка успешности.\n### [poc.js](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/POC/poc.js)\nРасширенный пример:\n- Массив oob заполняется значениями с `index \u003e= 4`.\n- Выполняется обход всех новых значений и попытка модификации `Float64Array`.\n\n## WebAssembly\n### [create_wasm.js](https://github.com/inorisojiu/JavaScript-Memory-Exploitation/blob/main/create_wasm.js)\nСкрипт, создающий минимальный WASM-бинарник `exploit.wasm`, содержащий одну экспортируемую функцию run, которая вызывает `alert`.\n```bash\n# Генерация .wasm\nnode create_wasm.js\n```\n\n## Требования\n-\tWebKit/JavaScriptCore движок \n-\tNode.js (для генерации .wasm)\n\n## Контакт\nИсследователь: inorisojiu\n\nДля вопросов, багов и предложений - создавайте issue или pull request.\n\n\n\n\n\n\n\n\n\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fog-mason%2Fjavascript-memory-exploitation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fog-mason%2Fjavascript-memory-exploitation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fog-mason%2Fjavascript-memory-exploitation/lists"}