Leviathan Level 5 to Level 6 | Basic Exploitation Techniques

Learn linux command by playing Leviathan wargame from OverTheWire. This wargame doesn’t require any knowledge about programming - just a bit of common sense and some knowledge about basic *nix commands.

Below is the solution of Level 5 → Level 6 and Level 6 → Level 7. In this post we will learn how to use a debugging tool ltrace to exploit a program and how to bruteforce password.

Leviathan OverTheWire

Previous Posts

Leviathan Level 0 to Level 1
Leviathan Level 2 → Level 3
Leviathan Level 3 to Level 4

Leviathan Level 5 → Level 6

Command to login is ssh leviathan5@leviathan.labs.overthewire.org -p 2223 and password is Tith4cokei .

There is a binary file leviathan5 in the home directory. When we execute it, the output is “Cannot find /tmp/file.log”. Using ltrace we found that is opens the file /tmp/file.log.

Leviathan OverTheWire

If we make the file /tmp/file.log a symbolic link to /etc/leviathan_pass/leviathan6 then we can see the password. The command to do that is ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log. Then executing the binary will reveal the password and the password is UgaoFee4li .

Leviathan OverTheWire

Leviathan Level 6 → Level 7

Command to login is ssh leviathan6@leviathan.labs.overthewire.org -p 2223 and password is UgaoFee4li .

In the home directory we have a binary file leviathan6. When we execute it, the output says we need to enter 4 digit pin. We can bruteforce the 4 digit pin like we did in Bandit level 24.

Leviathan OverTheWire

We can bruteforce using command

for i in $(seq 0000 9999); do ./leviathan6 $i ; done

This logs us in as leviathan7 and we can check using command whoami.

Then we can see the password for next level using cat /etc/leviathan_pass/leviathan7 and the password is ahy7MaeBo9 .

Leviathan OverTheWire

Other Wargames

Bandit Wargame from OverTheWire All Level Solutions
Krypton Wargame from OverTheWire All Level Solutions

06 Jan 2020

« Leviathan Level 2 → Level 3 | Basic Exploitation Techniques Leviathan Level 3 to Level 4 | Basic Exploitation Techniques »

This blog is sponsored by:

CodeDesign.ai: Experience the power of AI website building with CodeDesign.ai! Build and deploy your stunning website in minutes, no coding is required. With its intuitive interface and advanced AI technology, you'll have a professional website up and running in no time. Don't miss out on this game-changing platform!

Scaler Academy: If you are considering enrolling in Scaler Academy and would like a referral and discount on your fees, I can help. As a Scaler alumnus, I can provide referrals. Use my referral link if you have decided to join Scaler Academy. If you want to know more about Scaler Academy, drop a mail at programmercave@gmail.com

TopCoder: Looking for short-term gigs to boost your income? Look no further! Join TopCoder's Gig platform today! As a talented programmer or freelancer, you have the skills that are in high demand. With TopCoder's Gig, you can find exciting opportunities to work on short projects and earn extra income on the side.

Geektrust: Are you passionate about development and want to find a job that utilizes your skills? Check out Geektrust for resources and opportunities in the field of development.

KuCoin: Discover the next crypto gem on KuCoin! Join the global community of crypto holders and unlock a world of investment opportunities. With 1 out of 4 crypto holders worldwide choosing KuCoin, you're in good company. Sign up now with my referral link and start your crypto journey. Don't miss out on the chance to be part of the future of finance. Join KuCoin today!

Cred: Pay credit card bills effortlessly and earn daily rewards with Cred! Download the app now and experience the ultimate convenience of bill payments. Use my referral link to join Cred and unlock exciting cashback and rewards. Don't miss out on this opportunity to make every payment rewarding. Join Cred today!

Smallcase: Invest in ideas with Smallcase! Discover simple, smart investment portfolios curated by experts. Boost your wealth and diversify your portfolio effortlessly. Ready to get started? Open a Zerodha account, the leading broker trusted by millions of investors. Sign up now and unlock the power of smallcases. Maximize your investment potential with Smallcase.

Zerodha: Invest in everything with Zerodha! Experience the power of an online platform that lets you invest in stocks, derivatives, mutual funds, and more. Seamlessly manage your portfolio, trade with ease, and unlock a world of investment opportunities. Ready to get started? Sign up with my referral link and embark on your investment journey with Zerodha. Don't miss out on this chance to take control of your finances and maximize your returns. Join Zerodha today!

Best Laptop for Programming (2023)

No Suitable Laptops? Discover More Options Here: Best Laptop for Programming (2023)

Also, don't miss out Best Sellers in Computers & Accessories

Tags

Cpp , Algorithm , Sorting , Linked-List , Data-Structure , Data-Structures , Graph-Algorithms , Project , Games , Ubuntu , Graphics , Linux , HowTo , Python , Hacking , Exploitation , C , Competitive-Programming , Bitmasking , Top-Deals , Articles , Hackerearth , Number-Theory , Operating-System , HTML , CSS , Hackerrank , Memes , OverTheWire-Bandit , CTF , OverTheWire-Leviathan , OverTheWire-Krypton , Cryptography , CodinGame , Mathematics , CodeForces , Dynamic-Programming , OpenSuse , Tumbleweed , Arch-Linux , SQL , PostgreSQL , DataBase , Go , Kafka , Array-Manipulation , Github-Actions , DevOps , C++ , Database , Software-Engineering , Technology , Cloud-Computing ,

Copyright © 2024 programmerCave