Do the following:
M-x package-install RET jedi
M-x jedi:install-server
and then add the following lines to ~/.emacs
:
Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
ActivityTweet | |
generic_activity_highlights | |
generic_activity_momentsbreaking | |
RankedOrganicTweet | |
suggest_activity | |
suggest_activity_feed | |
suggest_activity_highlights | |
suggest_activity_tweet |
|=-----------------------------------------------------------------------=| | |
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=| | |
|=-----------------------------------------------------------------------=| | |
|=------------------------------=[ saelo ]=------------------------------=| | |
|=-----------------------------------------------------------------------=| | |
The following are some brief notes about the changes that have taken place | |
since the release of the "Attacking JavaScript Engines" paper [1]. In | |
general, no big conceptional changes have happened since. Mitigations have | |
been added to break some of the presented techniques and, as expected, a |
(require 'subr-x) | |
(require 'fstar-mode) | |
(defun fstar-indent-file-to-string (file) | |
(string-trim | |
(with-temp-buffer (insert-file-contents file) | |
(buffer-string)))) | |
(defun fstar-indent-string (str) | |
(let* |
Whoo! This was a fun challenge with loads to learn. :)
The given code level11.c
checks whether the two inputs (as argv[1]
and argv[2]
) both MD5 hash to the same value or not. If they do, it uses both inputs as brainfuck code, and executes them. Then it checks if the outputs differ. Upon differing outputs, they are checked against the strings "io.sts Rules!"
and "io.sts Sucks!"
. If prog1's output is the first, and prog2's output is the second, we are granted shell.
!function () { | |
var global = this; | |
var old_eval = global.eval; | |
var old_const = global.Function.prototype.constructor; | |
global.Function.prototype.constructor = function (code) { | |
console.log('Function Constructor: ' + code); | |
return old_const(code); | |
}; | |
global.eval = function (code) { | |
console.log('EVIL: ' + code); |
Go to the IDAPython binaries page.
Download the latest _linux.zip
file and extract it. In my case, it was idapython-6.9.0-python2.7-linux.zip
.
Follow the instructions in its README.txt
.
For simplicity, I have copy pasted the relevant portions here: