Level 1 Username : leviathan1 Password :rioGegei8m SSH leviathan.labs.overthewire.org:2223
To solve this level, we first ssh into the leviathan1 server using the credentials provided above.
We can see a file named check with the setuid(). For more information on it, check this page.
After executing the file, we can see that the application expects a password and then compares it with a stored string. To better understand how the application functions, I used gdb. Since I have some experience working with gdb, I decided to use it, however, I am sure there might be other ways of solving it without using gdb. To learn more on gdb, check this page.
As we can see the executable moves data from 2 different locations before calling the strcmp function, $esp+0x14 and $esp+0x18. The first value is the value we entered and the second value is the value that the executable compares it with. Therefore, if we enter “sex” as the password, the executable might not give us an error.
As we can see above, the executable logs us in as user leviathan2 and by using that, we can find the password.
Level 2 Username : leviathan2 Password : ougahZi8Ta SSH : leviathan.labs.overthewire.org:2223