Leviathan · OverTheWire

Leviathan Level 1 → Level 2

Level 1

Username : leviathan1
Password :rioGegei8m
SSH leviathan.labs.overthewire.org:2223

Solution

To solve this level, we first ssh into the leviathan1 server using the credentials provided above.

We can see a file named check with the setuid(). For more information on it, check this page.

Screenshot from 2017-07-14 23-14-21.png

After executing the file, we can see that the application expects a password and then compares it with a stored string. To better understand how the application functions, I used gdb. Since I have some experience working with gdb, I decided to use it, however, I am sure there might be other ways of solving it without using gdb. To learn more on gdb, check this page.

Screenshot from 2017-07-14 23-04-07.png

Screenshot from 2017-07-14 23-04-15.png

As we can see the executable moves data from 2 different locations before calling the strcmp function, $esp+0x14 and $esp+0x18. The first value is the value we entered and the second value is the value that the executable compares it with. Therefore, if we enter “sex” as the password, the executable might not give us an error.

Screenshot from 2017-07-15 16-06-04.png

As we can see above, the executable logs us in as user leviathan2 and by using that, we can find the password.

Level 2

Username : leviathan2
Password : ougahZi8Ta
SSH : leviathan.labs.overthewire.org:2223 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s