Solving Root-me Ptrace challenge

You can find the challenge from here. The challenge is to find the password for the elf 32 binary. This is how this looks at a glance.

View post on imgur.com


Let’s fire up GDB and check this out. I’ll break main and run. We can see that arguments to ptrace() function is being pushed on the stack and ptrace is being called.

=> 0x080483fe <+14>: sub esp,0x14
0x08048401 <+17>: mov DWORD PTR [ebp-0xc],0x80c2888
0x08048408 <+24>: push 0x0
0x0804840a <+26>: push 0x1
0x0804840c <+28>: push 0x0
0x0804840e <+30>: push 0x0
0x08048410 <+32>: call 0x8058a70 <ptrace>

(more…)