Leviathan is a one of the easiest wargames hosted by the famous website OTW (overthewire.org).
Here is a short walktrough of it’s 7 levels :)
For the first level you will easily find the pass inside this file: ~/.backup/bookmarks.html
check has SUID rights on leviathan2, we need to find the right string in order to pass the level. This can be easily done using ltrace (this command will shows the calls to the standard library, and with them the string we are searching) or even disassembling it. The string is “sex” (eheh) now we pass it to
check and we get the good rights to access the password.
The password is in: /etc/leviathan_pass/leviathan2
In order to pass this level we need to win the race condition changing the rights to access the file between access() and system(). More informations about race conditions: https://www.win.tue.nl/~aeb/linux/hh/hh-9.html#ss9.1
I wrote a small script that will do the job:
while true; do
ln -sf /tmp/myfile132142 /tmp/mylink132142 &
/home/leviathan2/printfile /tmp/mylink132142 &
ln -sf /etc/leviathan_pass/leviathan3 /tmp/mylink132142 &
We can finally see the password
As the previous level we can use ltrace to get the correct string, this time:
snlprintf and now we can get a terminal and the password to the next level.
The program bin under the directory .trash opens the file /etc/leviathan_pass/leviathan5 and translate it in binary, we just need to translate it back.
In order to pass this level just make a link from /tmp/file.log to /etc/leviathan_pass/leviathan6 and run the program ./leviathan5.
We need to get the correct number, for this we have 2 ways: brute force the program or find the number directly analysing the code. The number is 7123.