Today we're gonna give a try Leviathan wargame which requires some common sense and a little bit of knowledge about Unix commands.
Let's get started!
0 –> 1
First thing is to login into the leviathan0 account using SSH. Then we're gonna take a look at home directory using ls -la command.
Rresults show us an hidden backup folder, containing a file called bookmarks.html.
Searching the file manually will probably take us years so why not to grep string with a word password?
1 –> 2
Once again let's view the files in the main directory, but now we have a file called check.
After running, it asks us for a password, maybe running ltrace will find anything useful.
Yeah, it's comparing our password with 'sex' using strcmp function, so 'sex' is desired password.
After entering pass correctly, we are given a shell where we can view the password for the next level.
2 –> 3
We are given a printfile file, which usage is printing files (obviously :D). We can try, and check a simple trick.
Now we have to try something different. Firstly create a directory in /tmp.Next step will be creating 2 files: first called pass which is symbolic link to our password file and then file called pass qwer, you can name them however you want but the trick is that second file needs to have first file name in the first half of the second one like this.
Then we can use our printfile on previously created pass qwer. What the trick does, is that it firstly allows us to access because the pass qwer exists and then cat command treats them as two seperate files so we can view the password through previously created symbolic link.
3 –> 4
In this one, we get file called level3 that after executing asks us for a password.
Let’s once again use ltrace to check for anything useful.
In this level, it uses strcmp between our string and ‘snlprintf’.
And it works perfectly!
4 –> 5
From this one, we get a binary string which after converting to ASCII gives: ******* – password for next level.
5 –> 6
Now we get a file that is somehow looking for /tmp/file.log
Creating link in /tmp/file.log to leviathan pass let’s us see a password.
6 –> 7
This time we’ve got executable which asks for a 4 digit code.
Only way to get access will be brute forcing the pass code. We can use any programming language but this time I’ll try to write simple bash script.
And here we go! We’ve got the password!
Thanks for the challenge! Hope you enjoyed solving this problems as much as I had.
If you have any suggestions regarding this post or just want to chat together check out these ways to reach out to me.