Hacking Suggestion CVE-2016-4622 (WebKit code execution) + Reverse TCP = ?

N

NexoCube

Well-Known Member
Member
Level 8
Joined
Nov 3, 2015
Messages
1,222
Trophies
0
Age
29
Location
France
XP
1,340
Country
France
dAVID_ said:
Let's hope this exploit can be used to run some homebrew.
Click to expand...

We need to find a writeable JIT area where we can put our binary in. Then jump to it. As the "web browser" is using a Webkit, it means Javascript and it means JIT

--------------------- MERGED ---------------------------

heyheyitsjoeway said:
Just wanted to give some test results:

Firstly, line 70 of the HTML (the SHELLCODE variable) was missing some commas. I added those back in and got the "JSC version not vulnerable" message.

Secondly, even after bypassing the vulnerability check manually, nothing really happens. The only thing that pops up is the "Script execution is taking a long time" message. I've hit continue about 10 times now and nothing has happened. No netcat connection, no freeze, no crash; nothing.

Basically, this exploit can't be used on the Switch. The JS engine isn't vulnerable to this particular exploit.
Click to expand...

You are probably right, or it means, it needs some modification to work on Switch
 
ZiggyDeer

ZiggyDeer

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
41
Trophies
0
Location
USA
Website
ziggydev.xyz
XP
304
Country
United States
heyheyitsjoeway said:
Firstly, line 70 of the HTML (the SHELLCODE variable) was missing some commas. I added those back in and got the "JSC version not vulnerable" message.
Click to expand...

Oops, I was doing that part really quickly, thanks for noticing that.

heyheyitsjoeway said:
Secondly, even after bypassing the vulnerability check manually, nothing really happens. The only thing that pops up is the "Script execution is taking a long time" message. I've hit continue about 10 times now and nothing has happened. No netcat connection, no freeze, no crash; nothing.

Basically, this exploit can't be used on the Switch. The JS engine isn't vulnerable to this particular exploit.
Click to expand...

Ah well, thanks for trying it though! Editing that JS code is beyond my league, so unless somebody else takes over, I don't think this exploit will be effective.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

Homebrew  I accidentally updated to fw 18.0 on my switch in cfw and now I am getting an error that says unknown pkg1 version. please help me find a solution

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Well start walking towards them +1