Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Atom is an Electron based text editor by Github. Electron is a JavaScript based Desktop application creator. One downside (upside for a hacker) of Electron is that XSS essentially creates an RCE!

In order to prevent XSS, there is filtering going on for different elements. Additionally, there is a CSP (content security policy) that prevents inline JavaScript from running but allowed for text from other pages to run inside of it.

Two key observations: the action attributes were not well filtered and Atom runs under the file URI. Although, the action attributes (onclick or something along those lines) were not filtered properly, JS in this would still be caught by the CSP. Instead, let us embed on iFrame from a local file, which triggered XSS!

The local file being ran was not enough though... So, the author found an Atom bundled JS file that took input directly into an Eval in JS, allowing for XSS. As stated before, this XSS turned into an easy RCE with some Atom JS black magic.

Finally, to make this even worse...This could be done remotely! The settings for Atom also allowed for markdown. By viewing the description of a malicious package remote code execution could be achieved.

Obviously, this article is pretty badass. I particularly enjoy the ability to take a single small bug (that allowed for self XSS with a file) into an RCE. Going down the rabbit hole is worth it!