Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/theori-io/pwnjs

A Javascript library for browser exploitation
https://github.com/theori-io/pwnjs

Last synced: 11 days ago
JSON representation

A Javascript library for browser exploitation

Host: GitHub
URL: https://github.com/theori-io/pwnjs
Owner: theori-io
Created: 2017-11-09T01:10:41.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2019-02-12T19:17:25.000Z (almost 6 years ago)
Last Synced: 2024-08-01T09:24:13.248Z (3 months ago)
Language: JavaScript
Size: 158 KB
Stars: 855
Watchers: 44
Forks: 122
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # pwn.js

[![CDNJS](https://img.shields.io/cdnjs/v/pwnjs.svg)](https://cdnjs.com/libraries/pwnjs)

## Basic Usage

Pre-built version of the library is located at /dist/pwn.js. API documentation is available in /docs or [here](http://theori.io/pwnjs/), and examples of complete exploits are in /examples.

If you want to implement a new Chakra exploit, you can use this basic template:

```js

var Exploit = (function() {

    var ChakraExploit = pwnjs.ChakraExploit,

        Integer = pwnjs.Integer;

    function Exploit() {

        ChakraExploit.call(this);

        // TODO: implement your exploit

        // TODO: leak any Chakra.dll address (e.g. a vtable)

        this.initChakra(vtable);

    }

    Exploit.prototype = Object.create(ChakraExploit.prototype);

    Exploit.prototype.constructor = Exploit;

    Exploit.prototype.read = function (address, size) {

        switch (size) {

            case 8:

            case 16:

            case 32:

            case 64:

                // TODO: implement memory read of address

        }

    }

    Exploit.prototype.write = function (address, value, size) {

        switch (size) {

            case 8:

            case 16:

            case 32:

            case 64:

                // TODO: implement memory write of value to address

        }

    }

    return Exploit;

})();

```

Using an exploit in a payload is easier if you use the deprecated _with_ statement:

```js

with (new Exploit()) {

    var malloc = importFunction('msvcrt.dll', 'malloc', Uint8Ptr);

    // ...

}

```

You can also define an Exploit object (non-deprecated, but more verbose):

```js

var e = new Exploit();

var malloc = e.importFunction('msvcrt.dll', 'malloc', Uint8Ptr);

// ...

```

## Build Instructions

You can rebuild the library using webpack:

```

$ npm install

$ npm run build

```

You can rebuild the documentation using jsdoc:

```

$ npm run jsdoc

```

Also, you can run a small HTTP server to host the documentation and examples:

```

$ npm start

```