Leviathan Level 5 to Level 6 | Basic Exploitation Techniques

Publish date: 2020-01-06
Tags: Linux, OverTheWire-Leviathan, CTF

Learn linux command by playing Leviathan wargame from OverTheWire. This wargame doesn’t require any knowledge about programming - just a bit of common sense and some knowledge about basic *nix commands.

Below is the solution of Level 5 → Level 6 and Level 6 → Level 7. In this post we will learn how to use a debugging tool ltrace to exploit a program and how to bruteforce password.

Leviathan OverTheWire

Previous Posts

Leviathan Level 0 to Level 1 Leviathan Level 2 → Level 3 Leviathan Level 3 to Level 4

Leviathan Level 5 → Level 6

Command to login is ssh leviathan5@leviathan.labs.overthewire.org -p 2223 and password is Tith4cokei .

There is a binary file leviathan5 in the home directory. When we execute it, the output is “Cannot find /tmp/file.log”. Using ltrace we found that is opens the file /tmp/file.log.

Leviathan OverTheWire

If we make the file /tmp/file.log a symbolic link to /etc/leviathan_pass/leviathan6 then we can see the password. The command to do that is ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log. Then executing the binary will reveal the password and the password is UgaoFee4li .

Leviathan OverTheWire

Leviathan Level 6 → Level 7

Command to login is ssh leviathan6@leviathan.labs.overthewire.org -p 2223 and password is UgaoFee4li .

In the home directory we have a binary file leviathan6. When we execute it, the output says we need to enter 4 digit pin. We can bruteforce the 4 digit pin like we did in Bandit level 24.

Leviathan OverTheWire

We can bruteforce using command

for i in $(seq 0000 9999); do ./leviathan6 $i ; done

This logs us in as leviathan7 and we can check using command whoami.

Then we can see the password for next level using cat /etc/leviathan_pass/leviathan7 and the password is ahy7MaeBo9 .

Leviathan OverTheWire

Tags: Linux, OverTheWire-Leviathan, CTF