Leviathan Level 3 to Level 4 | Basic Exploitation Techniques
Learn linux command by playing Leviathan wargame from OverTheWire. This wargame doesn’t require any knowledge about programming - just a bit of common sense and some knowledge about basic *nix commands.
Below is the solution of Level 3 → Level 4 and Level 4 → Level 5. In this post we will learn how to use a debugging tool ltrace to exploit a program and how to convert binary to ASCII in Python 3.
Previous Posts
Leviathan Level 0 to Level 1
Leviathan Level 2 → Level 3
Leviathan Level 3 → Level 4
Command to login is ssh leviathan3@leviathan.labs.overthewire.org -p 2223
and password is Ahdiemoo1j
.
This level is same as the level 1. We have a binary file level. When we execute it, it asks for a password and we do not know that password.
We will use ltrace
command to find the system call executed. The command is ltrace ./level3
and when we are prompted for the password we enter test.
The function strcmp
compares test with snlprintf means the password is snlprintf.
After entering this password we are into the root shell and from here can see the password for the next level using command cat /etc/leviathan_pass/leviathan4
and the password is vuH0coox6m
.
Leviathan Level 4 → Level 5
Command to login is ssh leviathan4@leviathan.labs.overthewire.org -p 2223
and password is vuH0coox6m
.
We have only .trash directory which is new, so change into that directory using cd .trash
In .trash directory there is bin binary file and executing it outputs in 0s and 1s. Maybe this is our password, so lets convert it into ASCII.
Open another terminal and enter python3
and then import binascii
.
The binascii
module contains a number of methods to convert between binary and various ASCII-encoded binary representations.
The function int(‘binary_data’, 2)
returns an integer object.
bit_length()
return the number of bits necessary to represent an integer in binary, excluding the sign and leading zeros.
to_bytes(length, byteorder, *, signed=False)
return an array of bytes representing an integer.
To convert bytes to string use decode()
function, which creates string from the bytes.
These lines will output our password
1
2
3
4
>>> import binascii
>>> n = int('0101010001101001011101000110100000110100011000110110111101101011011001010110100100001010',2)
>>> n.to_bytes((n.bit_length() + 7) // 8, 'big').decode()
'Tith4cokei\n'
and the password is Tith4cokei
.
Reference : ASCII to Binary and Binary to ASCII conversion tools?
binascii — Convert between binary and ASCII
Built-in Functions – int()
Built-in Types
Unicode HOWTO
Next Posts
Other Wargames
Bandit Wargame from OverTheWire All Level Solutions
Krypton Wargame from OverTheWire All Level Solutions