Solving Root-me Ptrace challenge

You can find the challenge from here. The challenge is to find the password for the elf 32 binary. This is how this looks at a glance.

Let’s fire up GDB and check this out. I’ll break main and run. We can see that arguments to ptrace() function is being pushed on the stack and ptrace is being called.

=> 0x080483fe <+14>: sub esp,0x14
0x08048401 <+17>: mov DWORD PTR [ebp-0xc],0x80c2888
0x08048408 <+24>: push 0x0
0x0804840a <+26>: push 0x1
0x0804840c <+28>: push 0x0
0x0804840e <+30>: push 0x0
0x08048410 <+32>: call 0x8058a70 <ptrace>

Continue reading

Advertisements

Protonmail Stored XSS

I found out that attachments containing Javascript or HTML will get executed in the browser once you open in a new tab. The attachment can be anything simple like .html, .svg containing our payload.

<html>
 <script>
  prompt('XSS by Osanda Malith'); 
 </script>
</html>

Continue reading