circusmonkey404's Security Site

Leviathan 1 Objective Solution ok so lets see whats in the home direcotry leviathan1@leviathan:~$ ls check leviathan1@leviathan:~$ file ./check ./check: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c735f6f3a3a94adcad8407cc0fda40496fd765dd, not stripped ok so there is a binary there lets see what it does.. leviathan1@leviathan:~$ ./check password: jjj Wrong password, Good Bye ... It's checking for a password  I assume if given the correct password it will give us the password to the next level I orignally solved this a much different way looking a the text contained in the binary file but then found out about ltrace which make this much simplier leviathan1@leviathan:~$ ltrace ./check __libc_start_main(0x804853b, 1, 0xffffd784, 0x8048610 <unfinished ...> printf("password: ")                              = 10 getchar(1, 0, 0x65766f6c, 0x646f

leviathan 0 Objectives ok so the website supplies us with the user pass for level 0 leviathan0 for both Solution let's ssh over to it and see what we see ssh leviathan0@leviathan.labs.overthewire.org -p 2223 Let's see whats in the home directory leviathan0@leviathan:~$ ls leviathan0@leviathan:~$  Nothing, nothing is in the home direcorty.... or is there let's try ls -a leviathan0@leviathan:~$ ls -a .  ..  .backup  .bash_logout  .bashrc  .profile OOOO there is a hidden directory named backup lets see whats in there leviathan0@leviathan:~$ ls -a .backup .  ..  bookmarks.html a file called bookmarks let's see what kind of file it is leviathan0@leviathan:~$ file ./.backup/bookmarks.html ./.backup/bookmarks.html: HTML document, ASCII text, with very long lines here is some of cat output of the file <DT><A HREF="http://www.goshen.edu/art/DeptPgs/Hazards.html" ADD_DATE="1117951366" LAST_CHARSET="ISO-8859-1