Tue. Oct 20th, 2020

Pentesting Fun Stuff

following the cyber security path…

Leviathan

Location

http://overthewire.org/wargames/leviathan/

Introduction

Dare you face the lord of the oceans?
Leviathan is a wargame that has been rescued from the demise of intruded.net, previously hosted on leviathan.intruded.net. Big thanks to adc, morla and reth for their help in resurrecting this game!
What follows below is the original description of leviathan, copied from intruded.net:
Summary:
Difficulty: 1/10
Levels: 8
Platform: Linux/x86
Author:
Anders Tonfeldt
Special Thanks:
We would like to thank AstroMonk for coming up with a replacement idea for the last level,
deadfood for finding a leveljump and Coi for finding a non-planned vulnerability.
Description:
This wargame doesn’t require any knowledge about programming – just a bit of common
sense and some knowledge about basic *nix commands. We had no idea that it’d be this
hard to make an interesting wargame that wouldn’t require programming abilities from
the players. Hopefully we made an interesting challenge for the new ones.
Leviathan’s levels are called leviathan0, leviathan1, … etc. and can be accessed on leviathan.labs.overthewire.org through SSH.
To login to the first level use:
Username: leviathan0
Passowrd: leviathan0
Data for the levels can be found in the homedirectories. You can look at /etc/leviathan_pass for the various level passwords.

Level 0 –> 1

Level 1 –> 2

Looks like an ELF. When I execute it, it asks for a password.

I use  ltrace to see what is happening behind the scenes.

strcmp is run against string  sex. When I enter that as password, I get a shell.

Level 2 –> 3

Bummer.

First function that is called is access which checks if the file is there.
Then it calls cat. I need to get access to continue and trick it into opening the desired file, which is in this case the file with the password. For this I create a symbolic link and create a file with a similar name in the first half part.

 Level 3 –> 4

Looks like snlprintf is the correct string to use.

 Level 4 –> 5

So the password is converted into binary. For decoding it, I use this site.
pass5

Level 5 –> 6

The file is looking for /tmp/file.log which is missing. To see what the program wants I create the wanted file.

So it wants to open the file and read the content. To get the password for the next level I’m going to make a symbolic link to the desired password file and let ./leviathan5 read it for me.

 Level 6 –> 7

It wants a 4 number pin.

When I check the file named ‘code’ I can see that the file hangs on ‘7123’. When I enter this pincode I get another shell, this time as leviathan7. Time for the last password.

 Level 7

Oops…….sorry for ignoring that request.
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.