Leviathan 1

OverTheWire Leviathan 1

lev01

Upon logging in, we see a file called check. Running this program, we are prompted for a password. Entering a simple password we arr told is the wrong password and booted back to prompt.

Using the ltrace command, we can see the library functions that the programming is calling in real time. After being prompted for the password, we can see that it calls strcmp, with arguments of “pas” (password) and “sex”. Entering ‘sex’ as the password the next time, we are presented with a different prompt. We are now running as lev2 and are able to read the contents of leviathsn’2 password file.

check-a

I used IDA-Pro free version to check the main function of check program. You can see it write ‘xes’ to local buffer. We are then prompted for the password. The program calls getchar 3 times, and writes to local buffer theBuffer on the stack. After which it runs the strcmp function. If there is a match, it executes system(“/bin/sh”).

Upon loggin in we see a file

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s