JOIN BREACHFORUMS TELEGRAM
HTB Challeneg Fork and Knives
by Computerlab - Saturday September 7, 2024 at 08:09 AM
Elite User

Posts: 104
Threads: 8
Joined: Aug 2024
Reputation: 0
#1
Sep 07, 2024, 08:09 AM
https://app.hackthebox.com/challenges/forks-and-knives
This being a PWN Challenge


Welcome to the Forks & Knives restaurant!
My name is Forky and I will be your handler tonight
Can I have your name please?
=> ComputerLab
+--------------------+
| 1) Reserve a table |
| 2) Place an order  |
| 3) Exit            |
+--------------------+
+- Manager interface (in development) -+
| 4) Login as manager                  |
| 5) View reservations                |
| 6) Clear reservations                |
+--------------------------------------+
=>


the first 3 actions can be done by the user  the next 3 are alloted for the manager. 
An escalation is required to get into the under development Manager Interface
Reply
Breached
Member
Posts: 2
Threads: 0
Joined: Jun 2024
Reputation: 0
#2
Sep 07, 2024, 09:45 AM
There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Reply
Elite User

Posts: 148
Threads: 2
Joined: Oct 2023
Reputation: 25
#3
Sep 07, 2024, 05:07 PM
(Sep 07, 2024, 09:45 AM)Bulldog7060 Wrote: There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Yup, that's right. That's how you get to manager interface.

And probably the path is reserve tables, leak canary, then place an order and buffer overflow to get shell - probably https://www.ctfrecipes.com/pwn/stack-exp...ck/ret2plt
Reply
Breached
Member
Posts: 104
Threads: 4
Joined: Oct 2023
Reputation: 0
#4
Sep 08, 2024, 10:29 AM
Can anyone provide a writeup for this challenge?
Reply
Advanced User

Posts: 87
Threads: 28
Joined: Apr 2024
Reputation: 5
#5
Sep 08, 2024, 05:04 PM
(Sep 07, 2024, 05:07 PM)peRd1 Wrote:
(Sep 07, 2024, 09:45 AM)Bulldog7060 Wrote: There is a buffer overflow with the name input. If a 16 character string is input the bit used for the manager interface gets set to 0 instead of its default 1.
Yup, that's right. That's how you get to manager interface.

And probably the path is reserve tables, leak canary, then place an order and buffer overflow to get shell - probably https://www.ctfrecipes.com/pwn/stack-exp...ck/ret2plt

Check your dm sir
Reply
Elite User

Posts: 104
Threads: 8
Joined: Aug 2024
Reputation: 0
#6
Sep 10, 2024, 09:50 AM
hey @trevor69000  plz post it publically . It could be of more help
Reply
Advanced User

Posts: 87
Threads: 28
Joined: Apr 2024
Reputation: 5
#7
Sep 10, 2024, 05:01 PM
(Sep 10, 2024, 09:50 AM)Computerlab Wrote: hey @trevor69000  plz post it publically . It could be of more help

i am so sorry guys for the misunderstanding, i wrote check dm for hints/help
Reply
Breached
Member
Posts: 37
Threads: 1
Joined: Jul 2024
Reputation: 0
#8
Sep 11, 2024, 05:05 AM
I deeply appreciate your time and effort.
Reply
Advanced User

Posts: 70
Threads: 7
Joined: Jul 2024
Reputation: 5
#9
Sep 18, 2024, 09:29 AM
anyone got any hints ?
Reply
Breached
Member
Posts: 16
Threads: 0
Joined: Oct 2023
Reputation: 0
#10
Sep 18, 2024, 09:55 AM
Stuck on this challenge, anyone got any hints
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 34 3,112 33 minutes ago
Last Post: 0xff0day
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 93 8,505 1 hour ago
Last Post: shx
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 25 2,525 Yesterday, 02:43 PM
Last Post: cry_elite
  CBBH Write Ups hiddenhacker 25 6,590 Yesterday, 02:41 PM
Last Post: cry_elite
  [FREE] CPTS 12 FLAGS pulsebreaker 84 2,924 Yesterday, 02:33 PM
Last Post: justhelpmefly

Forum Jump:


 Users browsing this forum: 1 Guest(s)