This folder contains solutions for the Leviathan wargame from OverTheWire.
first we check what we have in our folder. we can see the hidden folder .backup.
in the hidden folder we can find html file, let’s open it
Flag: 3QJ3TgzHDq
using radare2 we can see the password is sexsecretgodlove
Flag: NsN1HwFoyN
we will create link file for the password file in the name “link”
ln -sf /etc/leviathan_pass/leviathan3 link.
then, we will create file which named “link bla”.
touch "link bla"
and then, we’ll execute the printfile with our file:
~/printfile "link bla".
also, we need to change the permission of our directory, that the user leviathan3 will be able to access files.
chmod +x .
the exploit based on the fact that the access function returns 0 for the file “link bla”, because it’s fine.
however, it than execute /bin/cat link file, which divided to 2 different commands.
Flag: f0n8h2iWLP
using ltrace we can find the password.
so, the password is snlprintf\n
Flag: WG1egElCvO
here we can find the hidden directory which called “.trash”.
in this directory, we can run the “bin” file and use ltrace to see what it does
so, it prints the password in binary,
using online tools we can find the password
Flag: 0dyxT7F4QD
it prints the content of /tmp/file.log
so, i linked it to the password file:
ln -sf /etc/leviathan_pass/leviathan6 /tmp/file.log
Flag: szo7HDB88w
here we need to brute force the code, which is only 4 digits. i wrote short script in bash
{% include_relative scripts/level6.sh %}
Flag: qEs5Io5yM8