Skip to content

3.Leviathan 0 1 (Overthewire)

Leviathan

Dare you face the lord of theĀ oceans?

Leviathan is a wargame that has been rescued from the demise of intruded.net, previously hosted on leviathan.intruded.net. Big thanks to adc, morla and reth for their help in resurrecting this game!

Description:\ This wargame doesn't require any knowledge about programming - just a bit of common\ sense and some knowledge about basic *nix commands. We had no idea that it'd be this\ hard to make an interesting wargame that wouldn't require programming abilities from\ the players. Hopefully we made an interesting challenge for the new ones.

Leviathanā€™s levels are called leviathan0, leviathan1,Ā ā€¦ etc. and can be accessed on leviathan.labs.overthewire.org through SSH on port 2223.

To login to the first level use:

ssh -p 2223 leviathan0\@leviathan.labs.overthewire.org\ Password: leviathan0

Data for the levels can be found in the homedirectories. You can look at /etc/leviathan_pass for the various level passwords.

As usual, we did not find visible files, so we used -a, to show the files,Then we found this file named bookmarks.htmlĀ ,When I first tried to read the files, I learned that it was huge

So I used wcĀ :

Here I read the file using cat, and output anything with the name passwordĀ .

ssh -p 2223 leviathan1\@leviathan.labs.overthewire.org\ Password: PPIfmI1qsA

When you look at the permissions on this file, you will find that we are now in groupĀ :

The command **ltraceĀ ./check** is used to dynamically trace the library calls made by the programĀ **./check**. It provides information about each library function call, including:

  • Function name: The name of the library function being called.

  • Arguments: The arguments that are being passed to the function.

  • Return value: The return value of the function.

  • Error status: Any error status that was returned by the function.

  • Time: The time it took for the function to execute.

Ltrace can be a useful tool for debugging programs, as it can help you to identify which library functions are being called and what arguments are being passed to them. It can also be used to measure the performance of programs, as it can show you how long each library function is taking to execute.

Here are some additional details about ltrace:

  • It only traces library calls, not system calls. For tracing system calls, you can use the strace command.

  • It can be used to trace both statically and dynamically linked libraries.

  • It can be used to trace specific libraries or functions.

  • It can be used to filter the output based on various criteria.

Here are some examples of how to use ltrace:

  • To trace all library calls made byĀ ./check:

  • To trace only library calls made to the printf function:

So it seems that he provided the password for us to use this fileĀ :

Here, after searching the files, I found the password hereĀ :

  • **cat** is a command-line utility used to display the contents of a file.

  • **/etc/leviathan_pass/leviathan2** is a specific file path.

  • Executing this command would display the contents of the file **/etc/leviathan_pass/leviathan2** on the terminal.

passĀ : mEh5PNl10e

See you soon in other reportsā€¦.!!

Abdelwahab_Shandy

AS_Cyber