JOIN BREACHFORUMS TELEGRAM
HTB Challeneg Fork and Knives
by Computerlab - Saturday September 7, 2024 at 08:09 AM
Elite User

Posts: 104
Threads: 8
Joined: Aug 2024
Reputation: 0
#1
Sep 07, 2024, 08:09 AM
https://app.hackthebox.com/challenges/forks-and-knives
This being a PWN Challenge


Welcome to the Forks & Knives restaurant!
My name is Forky and I will be your handler tonight
Can I have your name please?
=> ComputerLab
+--------------------+
| 1) Reserve a table |
| 2) Place an order  |
| 3) Exit            |
+--------------------+
+- Manager interface (in development) -+
| 4) Login as manager                  |
| 5) View reservations                |
| 6) Clear reservations                |
+--------------------------------------+
=>


the first 3 actions can be done by the user  the next 3 are alloted for the manager. 
An escalation is required to get into the under development Manager Interface
Reply
Breached
Member
Posts: 2
Threads: 0
Joined: Jun 2024
Reputation: 0
#2
Sep 07, 2024, 09:45 AM
There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Reply
Elite User

Posts: 148
Threads: 2
Joined: Oct 2023
Reputation: 25
#3
Sep 07, 2024, 05:07 PM
(Sep 07, 2024, 09:45 AM)Bulldog7060 Wrote: There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Yup, that's right. That's how you get to manager interface.

And probably the path is reserve tables, leak canary, then place an order and buffer overflow to get shell - probably https://www.ctfrecipes.com/pwn/stack-exp...ck/ret2plt
Reply
Breached
Member
Posts: 104
Threads: 4
Joined: Oct 2023
Reputation: 0
#4
Sep 08, 2024, 10:29 AM
Can anyone provide a writeup for this challenge?
Reply
Advanced User

Posts: 87
Threads: 28
Joined: Apr 2024
Reputation: 5
#5
Sep 08, 2024, 05:04 PM
(Sep 07, 2024, 05:07 PM)peRd1 Wrote:
(Sep 07, 2024, 09:45 AM)Bulldog7060 Wrote: There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Yup, that's right. That's how you get to manager interface.

And probably the path is reserve tables, leak canary, then place an order and buffer overflow to get shell - probably https://www.ctfrecipes.com/pwn/stack-exp...ck/ret2plt

Check your dm sir
Reply
Elite User

Posts: 104
Threads: 8
Joined: Aug 2024
Reputation: 0
#6
Sep 10, 2024, 09:50 AM
hey @trevor69000  plz post it publically . It could be of more help
Reply
Advanced User

Posts: 87
Threads: 28
Joined: Apr 2024
Reputation: 5
#7
Sep 10, 2024, 05:01 PM
(Sep 10, 2024, 09:50 AM)Computerlab Wrote: hey @trevor69000  plz post it publically . It could be of more help

i am so sorry guys for the misunderstanding, i wrote check dm for hints/help
Reply
Breached
Member
Posts: 37
Threads: 1
Joined: Jul 2024
Reputation: 0
#8
Sep 11, 2024, 05:05 AM
I deeply appreciate your time and effort.
Reply
Advanced User

Posts: 70
Threads: 7
Joined: Jul 2024
Reputation: 5
#9
Sep 18, 2024, 09:29 AM
anyone got any hints ?
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Oct 2023
Reputation: 0
#10
Sep 18, 2024, 09:55 AM
Stuck on this challenge, anyone got any hints
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 367 90,984 10 hours ago
Last Post: Anon141234
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 85 7,699 Today, 05:35 AM
Last Post: Fr1Rtx23
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 1 286 Today, 05:34 AM
Last Post: Fr1Rtx23
  rev_dudidudida cavour13 1 238 Today, 12:25 AM
Last Post: 0xcreep
  [FREE] HTB HackTheBox CPTS CBBH CDSA CWEE exam preparation guide and hints Tamarisk 5 1,853 Yesterday, 08:42 PM
Last Post: Tamarisk

Forum Jump:


 Users browsing this forum: 1 Guest(s)