overthewire leviathan note

SSH Information
Host: leviathan.labs.overthewire.org
Port: 2223

level 6->level 7

leviathan7@leviathan:~$ cat CONGRATULATIONS
Well Done, you seem to have used a *nix system before, now try something more serious.
(Please don't post writeups, solutions or spoilers about the games on the web. Thank you!)

---

level 0

leviathan0@leviathan:~/.backup$ cat bookmarks.html | grep pass
<DT><A HREF="http://leviathan.labs.overthewire.org/passwordus.html | This will be fixed later, the password for leviathan1 is 3QJ3TgzHDq" ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71">password to leviathan1</A>

3QJ3TgzHDq

level 0->level 1

leviathan1@leviathan:~$ strings check
td8
secr
love
password:
/bin/sh
Wrong password, Good Bye ...
;*2$"0

leviathan1@leviathan:~$ ltrace ./check
__libc_start_main(0x80490ed, 1, 0xffffdb84, 0 <unfinished ...>
printf("password: ")                                = 10
getchar(0, 0, 0x786573, 0x646f67password: asd
)                   = 97
getchar(0, 97, 0x786573, 0x646f67)                  = 115
getchar(0, 0x7361, 0x786573, 0x646f67)              = 100
strcmp("asd", "sex")                                = -1
puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)                = 29
+++ exited (status 0) +++

password: sex

$ cat /etc/leviathan_pass/leviathan2

NsN1HwFoyN

level 1->level 2

leviathan2@leviathan:/tmp/tmp.YL8H9pOSiq$ ls -la
total 1360
drwxrwxrwx    2 leviathan2 leviathan2    4096 Aug  7 12:42 .
drwxrwx-wt 7322 root       root       1384448 Aug  7 12:43 ..
lrwxrwxrwx    1 leviathan2 leviathan2      30 Aug  7 12:42 tmp -> /etc/leviathan_pass/leviathan3
-rw-rw-r--    1 leviathan2 leviathan2       0 Aug  7 12:42 t tmp
leviathan2@leviathan:/tmp/tmp.YL8H9pOSiq$ ~/printfile 't tmp'
/bin/cat: t: No such file or directory

f0n8h2iWLP

level 2->level 3

leviathan3@leviathan:~$ ltrace ./level3
__libc_start_main(0x80490ed, 1, 0xffffdb84, 0 <unfinished ...>
strcmp("h0no33", "kakaka")                          = -1
printf("Enter the password> ")                      = 20
fgets(Enter the password> asd
"asd\n", 256, 0xf7fab5c0)                     = 0xffffd95c
strcmp("asd\n", "snlprintf\n")                      = -1
puts("bzzzzzzzzap. WRONG"bzzzzzzzzap. WRONG
)                          = 19
+++ exited (status 0) +++

password:snlprintf

leviathan4@leviathan:~$ cat /etc/leviathan_pass/leviathan4

WG1egElCvO

level 3->level 4

leviathan4@leviathan:~/.trash$ ./bin
00110000 01100100 01111001 01111000 01010100 00110111 01000110 00110100 01010001 01000100 00001010
leviathan4@leviathan:~/.trash$ ltrace ./bin
__libc_start_main(0x80490ad, 1, 0xffffdb64, 0 <unfinished ...>
fopen("/etc/leviathan_pass/leviathan5", "r")        = 0
+++ exited (status 255) +++

0dyxT7F4QD

level 4->level 5

leviathan5@leviathan:~$ ./leviathan5
Cannot find /tmp/file.log
leviathan5@leviathan:~$ ltrace ./leviathan5
__libc_start_main(0x804910d, 1, 0xffffdb74, 0 <unfinished ...>
fopen("/tmp/file.log", "r")                         = 0
puts("Cannot find /tmp/file.log"Cannot find /tmp/file.log
)                   = 26
exit(-1 <no return ...>
+++ exited (status 255) +++

leviathan5@leviathan:~$ ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log
leviathan5@leviathan:~$ ./leviathan5

szo7HDB88w

level 5->level 6

leviathan6@leviathan:~$ ./leviathan6
usage: ./leviathan6 <4 digit code>
leviathan6@leviathan:~$ ltrace ./leviathan6
__libc_start_main(0x80490dd, 1, 0xffffdb74, 0 <unfinished ...>
printf("usage: %s <4 digit code>\n", "./leviathan6"usage: ./leviathan6 <4 digit code>
) = 35
exit(-1 <no return ...>
+++ exited (status 255) +++

for i in $(seq 1000 9999); do echo "Testing $i:"; ./leviathan6 $i | grep -v Wrong; done

$ id
uid=12007(leviathan7) gid=12006(leviathan6) groups=12006(leviathan6)
$ bash
leviathan7@leviathan:~$ id
uid=12007(leviathan7) gid=12006(leviathan6) groups=12006(leviathan6)
leviathan7@leviathan:~$ cat /etc/leviathan_pass/leviathan7

qEs5Io5yM8