Skip to content

theori-io/pwnjs

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 

pwn.js

CDNJS

Basic Usage

Pre-built version of the library is located at /dist/pwn.js. API documentation is available in /docs or here, and examples of complete exploits are in /examples.

If you want to implement a new Chakra exploit, you can use this basic template:

var Exploit = (function() {
    var ChakraExploit = pwnjs.ChakraExploit,
        Integer = pwnjs.Integer;

    function Exploit() {
        ChakraExploit.call(this);
        // TODO: implement your exploit
        // TODO: leak any Chakra.dll address (e.g. a vtable)
        this.initChakra(vtable);
    }
    Exploit.prototype = Object.create(ChakraExploit.prototype);
    Exploit.prototype.constructor = Exploit;
    Exploit.prototype.read = function (address, size) {
        switch (size) {
            case 8:
            case 16:
            case 32:
            case 64:
                // TODO: implement memory read of address
        }
    }
    Exploit.prototype.write = function (address, value, size) {
        switch (size) {
            case 8:
            case 16:
            case 32:
            case 64:
                // TODO: implement memory write of value to address
        }
    }
    return Exploit;
})();

Using an exploit in a payload is easier if you use the deprecated with statement:

with (new Exploit()) {
    var malloc = importFunction('msvcrt.dll', 'malloc', Uint8Ptr);
    // ...
}

You can also define an Exploit object (non-deprecated, but more verbose):

var e = new Exploit();
var malloc = e.importFunction('msvcrt.dll', 'malloc', Uint8Ptr);
// ...

Build Instructions

You can rebuild the library using webpack:

$ npm install
$ npm run build

You can rebuild the documentation using jsdoc:

$ npm run jsdoc

Also, you can run a small HTTP server to host the documentation and examples:

$ npm start