Level 5 Username : leviathan5 Password : Tith4cokei SSH leviathan.labs.overthewire.org:2223
To solve this level, we first ssh into the leviathan5 server using the credentials provided above.
As we can see, there is an executable named ” leviathan5 ” which checks for the existence of ” /tmp/file.log ” file. Let’s see how the executable works by using the ltrace command and putting some content in the file ” /tmp/file.log “.
As we can see, the executable opens the file ” /tmp/file.log “, get’s a character, prints it on the screen until end of file has been reached. It then gets the real uid of the user, sets the uid of the file to the real uid and unlinks the file. To read more about unlink(), click here.
As the executable prints the content of the file, let’s create a symbolic link between the file and the password file and see if the executable prints it.
As we can see above, the executable prints the password due to the symbolic link existing between the file without checking proper access permission.
Level 6 Username : leviathan6 Password : UgaoFee4li SSH : leviathan.labs.overthewire.org:2223