# Compiling Firefox ###### tags: `Firefox` `pwn` `builder` `docker` ## DockerFile ``` FROM ubuntu:latest LABEL maintainer="James Turner" ENV SHELL /bin/bash ENV PATH="/root/.cargo/bin:${PATH}" RUN apt-get update && \ apt-get install -y wget python clang llvm python3 python python3-pip RUN wget -q https://hg.mozilla.org/mozilla-central/raw-file/default/python/mozboot/bin/bootstrap.py -O /tmp/bootstrap.py RUN pip3 install mercurial WORKDIR /usr/local/src/firefox ``` ## Execution Steps: ``` 1) Once compiled, cd /tmp. 2) Run "python3 bootstrap.py" 3) ./mach configure 4) ./mach build 5) /tmp/mozilla-unified/obj-debug-x86_64-pc-linux-gnu/dist/bin/js is output ``` ## Updated ghetto-iongraph.py ``` https://raw.githubusercontent.com/cddc12346/RandomCTFs/master/Some%20notes%20on%20IonMonkey/FF-91/ghetto-iongraph.py Changes: remove the option -s strict mode ``` ## mozconfig ``` # Build only the SpiderMonkey JS test shell ac_add_options --enable-application=js ac_add_options --enable-jitspew ac_add_options --disable-debug ac_add_options --enable-optimize mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ ``` ##
Last changed by  
n00bsh1t
167

Read more

Patch

From 9b75f0de94978a681682cf13d392b0db7fa4161a Mon Sep 17 00:00:00 2001 From: Your Name <you@example.com> Date: Thu, 17 Feb 2022 16:09:17 +0000 Subject: [PATCH] Cool new Implementation --- js/src/gc/Nursery.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/js/src/gc/Nursery.cpp b/js/src/gc/Nursery.cpp

6/23/2022
Calc

Learning Points: Fuzz it a little... +0 +10000000 +++++ 1+1*1-1 ...

8/16/2021
IJCTF2021 baby-sum

Baby-sum pwn challenge from IJCTF 2021. The author for the challenge is @whoamiT and it is solved by @thonk. Sample running of binary Take note of the red underline. The binary first takes in a name input and subsequent 3 number input. Vulnerability There are 3 main vulnerabilities:

7/28/2021
Lets learn Reverse Engineer 3!

One of the OSED student has kindly write some vulnerable server for us to practice. Below is the link and release version: https://github.com/bmdyy/signatus First deobfuscation This seems like some obfuscation but actually edi still ends up as the same value you send in little endian. Second deobfuscation .text:60AE1397 01C or edi, eax ; edi still looks like the original packet

6/18/2021
Read more from n00bsh1t
Published on HackMD