[WriteUp] – OVERTHEWIRE – LEVIATHAN

Level 0

ssh leviathan0@leviathan.labs.overthewire.org -p 2223

User / Pass : leviathan0 / leviathan0

leviathan0@leviathan:~$ ls -la
total 28
drwxr-xr-x 4 leviathan0 leviathan0 4096 Aug 30 19:22 .
drwxr-xr-x 11 root root 4096 Aug 30 19:22 ..
drwxr-x— 2 leviathan1 leviathan0 4096 Jun 15 11:38 .backup
-rw-r–r– 1 leviathan0 leviathan0 220 Apr 9 2014 .bash_logout
-rw-r–r– 1 leviathan0 leviathan0 3637 Apr 9 2014 .bashrc
drwx—— 2 leviathan0 leviathan0 4096 Aug 30 19:22 .cache
-rw-r–r– 1 leviathan0 leviathan0 675 Apr 9 2014 .profile
leviathan0@leviathan:~$ cd .backup
leviathan0@leviathan:~/.backup$ ls
bookmarks.html
leviathan0@leviathan:~/.backup$ cat bookmarks.html | grep leviathan
<DT><A HREF=”http://leviathan.labs.overthewire.org/passwordus.html | This will be fixed later, the password for leviathan1 is rioGegei8m” ADD_DATE=”1155384634″ LAST_CHARSET=”ISO-8859-1″ ID=”rdf:#$2wIU71″>password to leviathan1</A>

Level 1

ssh leviathan1@leviathan.labs.overthewire.org -p 2223

leviathan1@leviathan:~$ ls -la
total 32
drwxr-xr-x 3 leviathan1 leviathan1 4096 Aug 30 19:26 .
drwxr-xr-x 11 root root 4096 Aug 30 19:26 ..
-rw-r–r– 1 leviathan1 leviathan1 220 Apr 9 2014 .bash_logout
-rw-r–r– 1 leviathan1 leviathan1 3637 Apr 9 2014 .bashrc
drwx—— 2 leviathan1 leviathan1 4096 Aug 30 19:26 .cache
-rw-r–r– 1 leviathan1 leviathan1 675 Apr 9 2014 .profile
-r-sr-x— 1 leviathan2 leviathan1 7501 Jun 15 11:38 check

If I run the check executable file, it asks me password which I don’t have.

I tried strings on it, but too many cluttered text appeared. So I decided to use ltrace.

leviathan1@leviathan:~$ ltrace ./check
__libc_start_main(0x804852d, 1, 0xffffdd14, 0x80485f0 <unfinished …>
printf(“password: “) = 10
getchar(0x8048680, 47, 0x804a000, 0x8048642password: dfd
) = 100
getchar(0x8048680, 47, 0x804a000, 0x8048642) = 102
getchar(0x8048680, 47, 0x804a000, 0x8048642) = 100
strcmp(“dfd”, “sex”) = -1
puts(“Wrong password, Good Bye …”Wrong password, Good Bye …
) = 29
+++ exited (status 0) +++
leviathan1@leviathan:~$
leviathan1@leviathan:~$
leviathan1@leviathan:~$ ./check
password: sex
$
$ whoami
leviathan2
$
$ cat /etc/leviathan_pass/leviathan2
ougahZi8Ta

Level 2

To be continued…

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s