OverTheWire Leviathan Wargame Solution 1

Leviathan 1 presents us with a binary in our home directory.  If we run it we see that is a utility that ask and checks for a password. Knowing this, the binary is either reading the correct password from somewhere else or has it stored within the binary. In this case, the password is stored within the binary. We need to trace the binary. Many of you might catch the small hint to the movie Hackers within the binary. When Plague states the 4 most common passwords are love, sex, secret, and god.

Leviathan 1->2

leviathan1@melissa:~$ ls
check

#Let's run the binary to see how it functions:

leviathan1@melissa:~$ ./check
password: love
Wrong password, Good Bye ...

#Now let's try to see what functions it is calling:

leviathan1@melissa:~$ ltrace ./check
__libc_start_main(0x80484d4, 1, -10220, 0x80485a0, 0x8048600 <unfinished ...>
printf("password: ")                             = 10
getchar(0x8048660, 0x8049ff4, -10392, 0x80485b9, 0xf7ea2c3dpassword: love
) = 108
getchar(0x8048660, 0x8049ff4, -10392, 0x80485b9, 0xf7ea2c3d) = 111
getchar(0x8048660, 0x8049ff4, -10392, 0x80485b9, 0xf7ea2c3d) = 118
strcmp("lov", "sex")                             = -1
puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)             = 29
+++ exited (status 0) +++

#We can see it is using strcmp() to check if an entered password is the same as it's stored string, "sex".
#Running the binary again we can now try entering "sex" as the password to test what will happen:

leviathan1@melissa:~$ ./check
password: sex
$ whoami
leviathan2

#A quick cat for the leviathan2's password and we are done here:

$ cat /etc/leviathan_pass/leviathan2
ougahZi8Ta

Alternate ways to solve this include running the strings command against the binary and hex dumping the binary.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s