Y
Hacker News
new
|
ask
|
show
|
jobs
by
rtpg
1892 days ago
The pr adding this says that you need to run chrome with —no-sandbox to get the exploit chain (since they don’t have a sandbox buster right now). Kinda feel like the PR to metasploit is more interesting as a link
1 comments
moozilla
1892 days ago
Couldn't find the PR you're referring to, unless it was this one
https://github.com/rapid7/metasploit-framework/pull/15007
which was added by the same author as the OP, but looks like a different exploit as far as I can tell?
link
rtpg
1891 days ago
I believe it's the same exploit, check out this reference here [0], and you should see the JS snippet
https://github.com/rapid7/metasploit-framework/pull/15007/fi...
link
saagarjha
1891 days ago
The code is somewhat different, although you may have recognized that most JS engine exploits look the same once basic primitives are constructed.
link