Restaurant
hackthebox
"Welcome to our Restaurant. Here, you can eat and drink as much as you want! Just don't overdo it.." A 64-bit ELF binary for a "Rocky Restaurant" menu program. Choose to "Fill my dish" (option 1) or "Drink something" (option 2). The `fill()` function has a classic stack buffer overflow — 32-byte buf
$ ls tags/ techniques/
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
Restaurant — HackTheBox
Description
"Welcome to our Restaurant. Here, you can eat and drink as much as you want! Just don't overdo it.."
A 64-bit ELF binary for a "Rocky Restaurant" menu program. Choose to "Fill my dish" (option 1) or "Drink something" (option 2). The fill() function has a classic stack buffer overflow — 32-byte buffer but reads up to 1024 bytes. No canary, no PIE, NX enabled, Full RELRO. Bundled libc is GLIBC 2.27 (Ubuntu 18.04).
Remote: nc 154.57.164.65:30349
Files
restaurant— ELF 64-bit LSB executable, x86-64, dynamically linked, not strippedlibc.so.6— Ubuntu GLIBC 2.27-3ubuntu1.4
Analysis
Binary Properties
| Property | Value |
|---|---|
| Arch | x86-64 |
| RELRO | Full |
| Stack Canary | None |
| NX | Enabled |
| PIE | Disabled (base 0x400000) |
| Stripped | No |
| Compiler | GCC 7.5.0 |
| Libc | GLIBC 2.27-3ubuntu1.4 |
Key Addresses (Static — No PIE)
| Symbol | Address |
|---|---|
main | 0x400f68 |
fill | 0x400e4a |
drink | 0x400eed |
puts@PLT | 0x400650 |
puts@GOT | 0x601fa8 |
pop rdi; ret | 0x4010a3 |
ret | 0x40063e |
Libc Offsets (GLIBC 2.27)
| Symbol | Offset |
|---|---|
puts | 0x80aa0 |
system | 0x4f550 |
"/bin/sh" | 0x1b3e1a |
Program Flow
...
$ grep --similar
Similar writeups
- [pwn][free]r0bob1rd— hackthebox
- [pwn][free]Portaloo— hackthebox
- [pwn][free]Regularity— hackthebox
- [pwn][free]Forks and Knives— hackthebox
- [pwn][free]Getting Started— hackthebox