Code Monkey home page Code Monkey logo

docker-webkit's Introduction

Logo

docker-webkit

Dockerized WebKit Dev/Research Environment

Dependencies

Image Tags

$ docker images

REPOSITORY           TAG               SIZE
blacktop/webkit      latest            946MB
blacktop/webkit      jsc               946MB
blacktop/webkit      minibrowser       946MB
blacktop/webkit      snapshot          946MB
blacktop/webkit      CVE-2018-4262     946MB

Getting Started

$ docker run --init -it --rm blacktop/webkit:snapshot

>>> print("HALP!");
HALP!

Run a javascript file

$ cat test.js
print(1+1);
$ docker run --init -it --rm -v `pwd`:/data blacktop/webkit:snapshot /data/test.js
2

Debugging

$ docker run --init -it --rm blacktop/webkit:snapshot gdb

pwndbg> r
Starting program: /webkit/WebKitBuild/Debug/bin/jsc
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ff0edf52700 (LWP 18)]
>>> describe([1,2,3,4])
Object: "0x7ff0acec01b0" with butterfly "0x7fe806be4010"
(Structure 0x7ff0acefe370:
      [Array, {}, CopyOnWriteArrayWithInt32, Proto:0x7ff0acec0010, Leaf]), StructureID: 64910
>>> ^C

NOTE: You might need to add --cap-add=SYS_PTRACE or --security-opt seccomp:unconfined to debug the kernel

Telescope the Object

pwndbg> tele 0x7ff0acec01b0
00:0000│   0x7ff0acec01b0 ◂— 0x10822150000fd8e
01:0008│   0x7ff0acec01b8 —▸ 0x7fe806be4010 ◂— 0xffff000000000001 <--------- 🦋
02:0010│   0x7ff0acec01c0 ◂— 0xbadbeef0
... ↓

Telescope the butterfly (minus 8 to see the length)

pwndbg> tele 0x7fe806be4010-8
00:0000│   0x7fe806be4008 ◂— 0x400000004         <--------- LENGTH
01:0008│   0x7fe806be4010 ◂— 0xffff000000000001  <--------- array values
02:0010│   0x7fe806be4018 ◂— 0xffff000000000002
03:0018│   0x7fe806be4020 ◂— 0xffff000000000003
04:0020│   0x7fe806be4028 ◂— 0xffff000000000004
05:0028│   0x7fe806be4030 ◂— 0xbadbeef0

CVE-2018-4262

$ wget https://raw.githubusercontent.com/blacktop/docker-webkit/master/CVE-2018-4262/test.js
$ docker run --init -it --rm -v `pwd`:/data blacktop/webkit:CVE-2018-4262 /data/test.js

Object: "0x7f5843db4340" 👈 with butterfly 0x7f48000e4008
      (Structure 0x7f5843df2ae0:[Array, {}, ArrayWithContiguous, Proto:0x7f5843dc80a0]),
            StructureID: 99
Leaked Address: 6.91776252510795e-310

Convert double to address

$ python -c 'import struct
print(hex(struct.unpack("Q", struct.pack("d", 6.91776252510795e-310))[0]))'

0x7f5843db4340 👍😎👍

docker-webkit's People

Contributors

blacktop avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.