├── .gitignore ├── CMakeLists.txt ├── Makefile ├── README.md ├── exploit.html ├── int64.js ├── logging.js ├── make.py ├── movie.mov ├── payload.js ├── payload ├── loader │ ├── .gitignore │ ├── Makefile │ ├── entry.s │ ├── loader.cpp │ └── make.py ├── sbx │ ├── .gitignore │ ├── CMakeLists.txt │ ├── Makefile │ ├── build-threadexec.sh │ ├── build-webkit.sh │ ├── cvm.cc │ ├── cvm_side.cc │ ├── embed.py │ ├── root │ │ ├── .gitignore │ │ ├── CMakeLists.txt │ │ ├── Makefile │ │ ├── app │ │ │ └── Contents │ │ │ │ ├── Info.plist │ │ │ │ ├── MacOS │ │ │ │ └── .gitignore │ │ │ │ ├── PkgInfo │ │ │ │ └── Resources │ │ │ │ └── .gitignore │ │ ├── build-unrootless.sh │ │ ├── getroot.c │ │ ├── kext.sh │ │ └── main.c │ ├── safari.mm │ └── threadexec.diff └── stage0.asm ├── pwn.js ├── ready.js ├── tuto.pdf └── utils.js /.gitignore: -------------------------------------------------------------------------------- 1 | /stage0.bin 2 | /payload.js 3 | *.dSYM 4 | 5 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/CMakeLists.txt -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/README.md -------------------------------------------------------------------------------- /exploit.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/exploit.html -------------------------------------------------------------------------------- /int64.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/int64.js -------------------------------------------------------------------------------- /logging.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/logging.js -------------------------------------------------------------------------------- /make.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/make.py -------------------------------------------------------------------------------- /movie.mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/movie.mov -------------------------------------------------------------------------------- /payload.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload.js -------------------------------------------------------------------------------- /payload/loader/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/loader/.gitignore -------------------------------------------------------------------------------- /payload/loader/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/loader/Makefile -------------------------------------------------------------------------------- /payload/loader/entry.s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/loader/entry.s -------------------------------------------------------------------------------- /payload/loader/loader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/loader/loader.cpp -------------------------------------------------------------------------------- /payload/loader/make.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/loader/make.py -------------------------------------------------------------------------------- /payload/sbx/.gitignore: -------------------------------------------------------------------------------- 1 | /threadexec 2 | /WebKit 3 | 4 | /bundle.hh 5 | /sbx 6 | /cvm_side 7 | 8 | -------------------------------------------------------------------------------- /payload/sbx/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/CMakeLists.txt -------------------------------------------------------------------------------- /payload/sbx/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/Makefile -------------------------------------------------------------------------------- /payload/sbx/build-threadexec.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/build-threadexec.sh -------------------------------------------------------------------------------- /payload/sbx/build-webkit.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/build-webkit.sh -------------------------------------------------------------------------------- /payload/sbx/cvm.cc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/cvm.cc -------------------------------------------------------------------------------- /payload/sbx/cvm_side.cc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/cvm_side.cc -------------------------------------------------------------------------------- /payload/sbx/embed.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/embed.py -------------------------------------------------------------------------------- /payload/sbx/root/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/.gitignore -------------------------------------------------------------------------------- /payload/sbx/root/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/CMakeLists.txt -------------------------------------------------------------------------------- /payload/sbx/root/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/Makefile -------------------------------------------------------------------------------- /payload/sbx/root/app/Contents/Info.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/app/Contents/Info.plist -------------------------------------------------------------------------------- /payload/sbx/root/app/Contents/MacOS/.gitignore: -------------------------------------------------------------------------------- 1 | /popcalc 2 | -------------------------------------------------------------------------------- /payload/sbx/root/app/Contents/PkgInfo: -------------------------------------------------------------------------------- 1 | APPL???? -------------------------------------------------------------------------------- /payload/sbx/root/app/Contents/Resources/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /payload/sbx/root/build-unrootless.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/build-unrootless.sh -------------------------------------------------------------------------------- /payload/sbx/root/getroot.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/getroot.c -------------------------------------------------------------------------------- /payload/sbx/root/kext.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/kext.sh -------------------------------------------------------------------------------- /payload/sbx/root/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/root/main.c -------------------------------------------------------------------------------- /payload/sbx/safari.mm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/safari.mm -------------------------------------------------------------------------------- /payload/sbx/threadexec.diff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/sbx/threadexec.diff -------------------------------------------------------------------------------- /payload/stage0.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/payload/stage0.asm -------------------------------------------------------------------------------- /pwn.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/pwn.js -------------------------------------------------------------------------------- /ready.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/ready.js -------------------------------------------------------------------------------- /tuto.pdf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sslab-gatech/pwn2own2020/HEAD/utils.js --------------------------------------------------------------------------------