Leviathan Level 3 to Level 4 | Basic Exploitation Techniques


Learn linux command by playing Leviathan wargame from OverTheWire. This wargame doesn’t require any knowledge about programming - just a bit of common sense and some knowledge about basic *nix commands.

Below is the solution of Level 3 → Level 4 and Level 4 → Level 5. In this post we will learn how to use a debugging tool ltrace to exploit a program and how to convert binary to ASCII in Python 3.

Leviathan OverTheWire

Previous Posts

Leviathan Level 0 to Level 1
Leviathan Level 2 → Level 3

Leviathan Level 3 → Level 4

Command to login is ssh leviathan3@leviathan.labs.overthewire.org -p 2223 and password is Ahdiemoo1j .

This level is same as the level 1. We have a binary file level. When we execute it, it asks for a password and we do not know that password.

Leviathan OverTheWire

We will use ltrace command to find the system call executed. The command is ltrace ./level3 and when we are prompted for the password we enter test.

The function strcmp compares test with snlprintf means the password is snlprintf.

Leviathan OverTheWire

After entering this password we are into the root shell and from here can see the password for the next level using command cat /etc/leviathan_pass/leviathan4 and the password is vuH0coox6m .

Leviathan OverTheWire


Leviathan Level 4 → Level 5

Command to login is ssh leviathan4@leviathan.labs.overthewire.org -p 2223 and password is vuH0coox6m .

We have only .trash directory which is new, so change into that directory using cd .trash

In .trash directory there is bin binary file and executing it outputs in 0s and 1s. Maybe this is our password, so lets convert it into ASCII.

Leviathan OverTheWire

Open another terminal and enter python3 and then import binascii.

The binascii module contains a number of methods to convert between binary and various ASCII-encoded binary representations.

The function int(‘binary_data’, 2) returns an integer object.

bit_length() return the number of bits necessary to represent an integer in binary, excluding the sign and leading zeros.

to_bytes(length, byteorder, *, signed=False) return an array of bytes representing an integer.

To convert bytes to string use decode() function, which creates string from the bytes.

These lines will output our password

1
2
3
4

>>> import binascii
>>> n = int('0101010001101001011101000110100000110100011000110110111101101011011001010110100100001010',2)
>>> n.to_bytes((n.bit_length() + 7) // 8, 'big').decode()
'Tith4cokei\n'

and the password is Tith4cokei .

Leviathan OverTheWire

Reference : ASCII to Binary and Binary to ASCII conversion tools?
binascii — Convert between binary and ASCII
Built-in Functions – int()
Built-in Types
Unicode HOWTO

Next Posts

Leviathan Level 5 to Level 6

Other Wargames

Bandit Wargame from OverTheWire All Level Solutions
Krypton Wargame from OverTheWire All Level Solutions