what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files from Istvan Kurucsai

First Active2019-04-04
Last Active2020-03-05
Google Chrome 72 / 73 Array.map Corruption
Posted Mar 5, 2020
Authored by timwr, Istvan Kurucsai, dmxcsnsbh | Site metasploit.com

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary
advisories | CVE-2019-5825
SHA-256 | 52e7894b7c0f12d602e2b66b2ab86b9e0c4591cd171e7e1ab5ee86c354cbe687
Google Chrome 80 JSCreate Side-Effect Type Confusion
Posted Mar 5, 2020
Authored by Clement LECIGNE, timwr, Istvan Kurucsai, Vignesh S Rao | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, shellcode
advisories | CVE-2020-6418
SHA-256 | a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7
Chrome 72.0.3626.119 FileReader Use-After-Free
Posted May 8, 2019
Authored by Clement LECIGNE, timwr, Istvan Kurucsai | Site metasploit.com

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.

tags | exploit, arbitrary, x86, javascript, shellcode
systems | windows
advisories | CVE-2019-5786
SHA-256 | 60039dc761905e4a2ed93286404ec19777dfd73ef434ef8a80431ab28e2ebbc1
Chrome 73.0.3683.86 Stable Proof Of Concept
Posted Apr 4, 2019
Authored by Istvan Kurucsai

Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.

tags | exploit, javascript
systems | windows
SHA-256 | ed2806699f2887002b690cf52cf4d2bf2e737c931f2b6c9116bddc399099bed4
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close