Previous Level: Level 5
ssh firstname.lastname@example.org -p 2223
Tith4cokei (outdated - should be gathered through previous level)
A little bit of Theory
Nothing new. Theory from Level 3.
In the home directory, we find a SUID binary called ’leviathan5’. As in previous levels we first run the binary to see what it does. The binary prints
Cannot find /tmp/file.log. So we run
ltrace to understand the underlying library calls and the program better and see that it tries to open a file called ‘/tmp/file.log’ that does not seem to exist.
Since the program immediately exits, we create the file and see what will happen once the file exists.
It does not return anything. I assumed that this is because it prints the content of ‘/tmp/file.log’ that we haven’t written anything in. We can test this theory by either writing something into the file or using
Now we have a file that we created and have access to. So we create a symbolic link that leads to the password file. Now the binary will print the password for the next level.
Next Level: Level 7