OverTheWire Leviathan 1
Upon logging in, we see a file called check. Running this program, we are prompted for a password. Entering a simple password we arr told is the wrong password and booted back to prompt.
Using the ltrace command, we can see the library functions that the programming is calling in real time. After being prompted for the password, we can see that it calls strcmp, with arguments of “pas” (password) and “sex”. Entering ‘sex’ as the password the next time, we are presented with a different prompt. We are now running as lev2 and are able to read the contents of leviathsn’2 password file.
I used IDA-Pro free version to check the main function of check program. You can see it write ‘xes’ to local buffer. We are then prompted for the password. The program calls getchar 3 times, and writes to local buffer theBuffer on the stack. After which it runs the strcmp function. If there is a match, it executes system(“/bin/sh”).
Upon loggin in we see a file