AlfaLogic

Veni, Vidi, Vici!

LeviathanOverTheWire

Level3

alfamyk

Website URL: http://overthewire.org/wargames/leviathan/leviathan3.html

Let’s login with leviathan2

Fig. 1

Let’s have a look at the contents of the current directory

Fig. 2

There is an executable file check in the directory. Let’s try and execute it.

Fig. 3

Well, it seems that we can read a file using this executable. Let’s try this on our password file.

Fig. 4

Well, you didn’t expect it to be that easy, did you? Let’s have a look at the ltrace output. But this time with leviathan2 password file, to get a clearer picture as to how the program is working.

Fig. 5

So, after ensuring that we have read-only access to the provided file name, the program gives us the output of the provided file name. Note that the filename is being passed directly to the system call. Meaning we can chain additional commands to it. Let’s try to get a shell using this.

Fig. 6

We got a shell for leviathan3. Now a simple cat command to get the password.

Fig. 7

Level completed! Credentials obtained:

Username: leviathan3

Password: **********

You May Also Like

Natas22

alfamyk

Natas19

alfamyk

Bandit29

alfamyk

Leave a Reply

Your email address will not be published. Required fields are marked *