1602, 1/81 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   [overthewire.org] - leviathan1

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8595 [º¹»ç]


ka0r1@ka0r1-To-Be-Filled-By-O-E-M:~$ ssh leviathan1@leviathan.labs.overthewire.org -p2223
                   _            _       _   _                
                  | | _____   _(_) __ _| |_| |__   __ _ _ __  
                  | |/ _ \ \ / / |/ _` | __| '_ \ / _` | '_ \
                  | |  __/\ V /| | (_| | |_| | | | (_| | | | |
                  |_|\___| \_/ |_|\__,_|\__|_| |_|\__,_|_| |_|
                                                              

                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

leviathan1@leviathan.labs.overthewire.org's password:
Permission denied, please try again.
leviathan1@leviathan.labs.overthewire.org's password:
Permission denied, please try again.
leviathan1@leviathan.labs.overthewire.org's password:

      ,----..            ,----,          .---.
     /   /   \         ,/   .`|         /. ./|
    /   .     :      ,`   .'  :     .--'.  ' ;
   .   /   ;.  \   ;    ;     /    /__./ \ : |
  .   ;   /  ` ; .'___,/    ,' .--'.  '   \' .
  ;   |  ; \ ; | |    :     | /___/ \ |    ' '
  |   :  | ; | ' ;    |.';  ; ;   \  \;      :
  .   |  ' ' ' : `----'  |  |  \   ;  `      |
  '   ;  \; /  |     '   :  ;   .   \    .\  ;
   \   \  ',  /      |   |  '    \   \   ' \ |
    ;   :    /       '   :  |     :   '  |--"
     \   \ .'        ;   |.'       \   \ ;
  www. `---` ver     '---' he       '---" ire.org


Welcome to OverTheWire!

If you find any problems, please report them to the #wargames channel on
discord or IRC.

--[ Playing the games ]--

  This machine might hold several wargames.
  If you are playing "somegame", then:

    * USERNAMES are somegame0, somegame1, ...
    * Most LEVELS are stored in /somegame/.
    * PASSWORDS for each level are stored in /etc/somegame_pass/.

  Write-access to homedirectories is disabled. It is advised to create a
  working directory with a hard-to-guess name in /tmp/.  You can use the
  command "mktemp -d" in order to generate a random and hard to guess
  directory in /tmp/.  Read-access to both /tmp/ is disabled and to /proc
  restricted so that users cannot snoop on eachother. Files and directories
  with easily guessable or short names will be periodically deleted! The /tmp
  directory is regularly wiped.
  Please play nice:

    * don't leave orphan processes running
    * don't leave exploit-files laying around
    * don't annoy other players
    * don't post passwords or spoilers
    * again, DONT POST SPOILERS!
      This includes writeups of your solution on your blog or website!

--[ Tips ]--

  This machine has a 64bit processor and many security-features enabled
  by default, although ASLR has been switched off.  The following
  compiler flags might be interesting:

    -m32                    compile for 32bit
    -fno-stack-protector    disable ProPolice
    -Wl,-z,norelro          disable relro

  In addition, the execstack tool can be used to flag the stack as
  executable on ELF binaries.

  Finally, network-access is limited for most levels by a local
  firewall.

--[ Tools ]--

For your convenience we have installed a few useful tools which you can find
in the following locations:

    * gef (https://github.com/hugsy/gef) in /opt/gef/
    * pwndbg (https://github.com/pwndbg/pwndbg) in /opt/pwndbg/
    * gdbinit (https://github.com/gdbinit/Gdbinit) in /opt/gdbinit/
    * pwntools (https://github.com/Gallopsled/pwntools)
    * radare2 (http://www.radare.org/)

--[ More information ]--

  For more information regarding individual wargames, visit
  http://www.overthewire.org/wargames/

  For support, questions or comments, contact us on discord or IRC.

  Enjoy your stay!

leviathan1@gibson:~$ ls -al
total 36
drwxr-xr-x  2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 83 root       root        4096 Sep 19 07:09 ..
-rw-r--r--  1 root       root         220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root       root        3771 Mar 31  2024 .bashrc
-r-sr-x---  1 leviathan2 leviathan1 15080 Sep 19 07:07 check
-rw-r--r--  1 root       root         807 Mar 31  2024 .profile






check ÆÄÀÏÀÌ ÀÖ´Ù.
SetUID°¡ °É·Á ÀÖÀ¸¸ç ÇÁ·Î¼¼½º°¡ ½ÇÇà Áß¿¡´Â
leviathan2 ±ÇÇÑÀ¸·Î ½ÇÇàµÇ°Ú±Ý µÇ¾îÀÖ´Ù°í »ý°¢ÇÏ¸é µÇ°Ú´Ù.






leviathan1@gibson:~$ ./check
password: aaaaaaa
Wrong password, Good Bye ...





Æнº¿öµå¸¦ ÀÔ·ÂÇ϶ó°í ³ª¿À´Âµ¥... ¾Æ¹« °Å³ª ÀÔ·ÂÇغ¸´Ï
À߸øµÈ Æнº¿öµå¶ó°í ¶á´Ù.








leviathan1@gibson:~$ find / -user leviathan2 2>/dev/null
/home/leviathan1/check
/etc/leviathan_pass/leviathan2
leviathan1@gibson:~$ cd /etc/leviathan_pass
leviathan1@gibson:/etc/leviathan_pass$ ls
leviathan0  leviathan1  leviathan2  leviathan3  leviathan4  leviathan5  leviathan6  leviathan7
leviathan1@gibson:/etc/leviathan_pass$ ls -al
total 48
drwxr-xr-x   2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 124 root       root       12288 Dec 21 16:42 ..
-r--------   1 leviathan0 leviathan0    11 Sep 19 07:07 leviathan0
-r--------   1 leviathan1 leviathan1    11 Sep 19 07:07 leviathan1
-r--------   1 leviathan2 leviathan2    11 Sep 19 07:07 leviathan2
-r--------   1 leviathan3 leviathan3    11 Sep 19 07:07 leviathan3
-r--------   1 leviathan4 leviathan4    11 Sep 19 07:07 leviathan4
-r--------   1 leviathan5 leviathan5    11 Sep 19 07:07 leviathan5
-r--------   1 leviathan6 leviathan6    11 Sep 19 07:07 leviathan6
-r--------   1 leviathan7 leviathan7    11 Sep 19 07:07 leviathan7
leviathan1@gibson:/etc/leviathan_pass$ ./leviathan2
-bash: ./leviathan2: Permission denied
leviathan1@gibson:/etc/leviathan_pass$ ./leviathan1
-bash: ./leviathan1: Permission denied
leviathan1@gibson:/etc/leviathan_pass$ cd /home/leviathan1
leviathan1@gibson:~$ ls -al
total 36
drwxr-xr-x  2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 83 root       root        4096 Sep 19 07:09 ..
-rw-r--r--  1 root       root         220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root       root        3771 Mar 31  2024 .bashrc
-r-sr-x---  1 leviathan2 leviathan1 15080 Sep 19 07:07 check
-rw-r--r--  1 root       root         807 Mar 31  2024 .profile





find¸í·É¾î·Î -user¸¦ leviathan1À¸·Î °Ë»öÇؼ­ µÚÁ®ºÁµµ º° Á¤º¸¸¦ °ÇÁú °Ô ¾ø¾ú´Ù.
¿©±â¼­ ÇÊÀÚ´Â °ø·«À» º¸¾Ò´Ù.

ltrace¶ó´Â ¸í·É¾î°¡ Àִµ¥ strace´Â ¾Ë°í ÀÖ¾ú´Âµ¥
ltrace¶ó´Â °Íµµ ÀÖ´Â ÁÙ ¸ô¶ú´Ù.
ltrace¿Í strace´Â ¹«¾ùÀϱî?
strace´Â ½Ã½ºÅÛ ÄÝÀ» ÃßÀûÇÏ´Â ÇÁ·Î±×·¥À̸ç
ltrace´Â ¶óÀ̺귯¸® ÇÔ¼ö¸¦ ÃßÀûÇÏ´Â ÇÁ·Î±×·¥ÀÌ´Ù.




...´õ ÀÌ»ó ±íÀº ¼³¸íÀº »ý·«ÇÑ´Ù.
¿©±â¼­ ±íÀÌ ÀÌÇØÇÏ·Á´Â °ÍÀº º° µµ¿òÀÌ µÇÁö ¾Ê´Â´Ù°í »ý°¢ÇÏ¿´±â ¶§¹®ÀÌ´Ù.
½Ã½ºÅÛ ÄÝ°ú ¶óÀ̺귯¸® ÇÔ¼öÀÇ °³³äÀº
°¢°¢ ÀÎÅÍ·´Æ®(int 0x80...)³ª ÇÁ·Î±×·¡¹ÖÀÇ °³³äÀ̱⠶§¹®¿¡
leviathan ·¹º§¿¡¼± ÀÚ¼¼ÇÑ ¼³¸íÀ» ÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù.




leviathan1@gibson:~$ ltrace -i check
Can't execute `check': Permission denied
failed to initialize process 3387972: No such file or directory
couldn't open program 'check': No such file or directory
leviathan1@gibson:~$ ltrace -i ./check
[0x80490e8] __libc_start_main(0x80490ed, 1, 0xffffd464, 0 <unfinished ...>
[0x8049227] printf("password: ")                                                                                                                             = 10
[0x804922f] getchar(0, 0, 0x786573, 0x646f67password:
)                                                                                                                = 10
[0x8049237] getchar(0, 10, 0x786573, 0x646f67
)                                                                                                               = 10
[0x804923f] getchar(0, 2570, 0x786573, 0x646f67
)                                                                                                             = 10
[0x8049256] strcmp("\n\n\n", "sex")                                                                                                                          = -1
[0x8049295] puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)                                                                                                             = 29
[0xffffffffffffffff] +++ exited (status 0) +++






¿©±â¼­ ¿ì¸®´Â ¹®ÀÚ¿­À» ºñ±³ÇÏ´Â ÇÔ¼öÀÎ strcmp¸¦ º¼ ¼ö ÀÖ´Ù.
ÀÔ·ÂµÈ °ª°ú "sex"°¡ ÀÏÄ¡ÇÏ¸é µÇ´Â °É·Î ºÁ¼± "sex"°¡ Æнº¿öµåÀÏ ¼öµµ ÀÖ°Ú´Ù ½Í¾ú´Ù.


p.s. °©ÀÚ±â sexÇÏ°í ½Í... ¾Æ´Ï´Ù... -_-;;








leviathan1@gibson:~$ ./check
password: sex
$ whoami
leviathan2
$ ls -al\
> ^Z
total 36
drwxr-xr-x  2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 83 root       root        4096 Sep 19 07:09 ..
-rw-r--r--  1 root       root         220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root       root        3771 Mar 31  2024 .bashrc
-r-sr-x---  1 leviathan2 leviathan1 15080 Sep 19 07:07 check
-rw-r--r--  1 root       root         807 Mar 31  2024 .profile
$ ls -al
total 36
drwxr-xr-x  2 root       root        4096 Sep 19 07:07 .
drwxr-xr-x 83 root       root        4096 Sep 19 07:09 ..
-rw-r--r--  1 root       root         220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root       root        3771 Mar 31  2024 .bashrc
-r-sr-x---  1 leviathan2 leviathan1 15080 Sep 19 07:07 check
-rw-r--r--  1 root       root         807 Mar 31  2024 .profile
$ cat /etc/leviathan_pass/leviathan2
NsN1HwFoyN
$





Æнº¿öµå´Â "NsN1HwFoyN"ÀÌ´Ù

  Hit : 146     Date : 2025/01/14 01:21



    
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 19610
1601   ½Ã½ºÅÛ ÄÝ ÃßÀû È®ÀåÆÇ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/19 126
1600   °£´ÜÇÑ ½Ã½ºÅÛ ÄÝ ÃßÀû ÇÁ·Î±×·¥ ¸¸µé±â     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/18 115
  [overthewire.org] - leviathan1     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 145
1598   [overthewire.org] - leviathan0     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 138
1597   [Write Up] Crypto Cat's CTF 2024 - BabyFlow     ÇØÅ·ÀßÇÏ°í½Í´Ù
12/29 206
1596   [pwnable.kr] bof     ÇØÅ·ÀßÇÏ°í½Í´Ù
12/25 192
1595   [pwnable.kr] Shellshock[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 338
1594   ShellshockÀÇ ±âº» ¿ä¾à     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 312
1593   [pwnable.kr] fd     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 306
1592   VPNÀÌ ¿¬°áµÇ¾ú´Ù°¡ µµÁß¿¡ ²¨µµ À¥ ºê¶ó¿ìÀú»ó¿¡¼­ À¯ÁöµÇ´Â ÀÌÀ¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 287
1591   ÇØÄ¿µéÀÌ ÇØÅ·½Ã »ç¿ëÇÏ´Â µð·ºÅ丮 °ø°£[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 359
1590   Keyboard Hooking -part2 - (Python3 ver)     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 337
1589   [Windows API] Keyboard Hooking     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 294
1588   [pwnable.kr] cmd1 °ø·«     ÇØÅ·ÀßÇÏ°í½Í´Ù
10/23 458
1587   netdiscover ÆÄÀ̽ãÀ¸·Î ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 714
1586   ÆÄÀ̽ãÀ» ÀÌ¿ëÇÑ ½ÉÇà À¥ Å©·Ñ·¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 583
1585   ÆÄÀ̽ã random¸ðµâÀ» ÀÌ¿ëÇÑ ¼ýÀÚ¸ÂÃ߱⠰ÔÀÓ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/30 1140
1584   ÆÄÀ̽ã äÆà ÇÁ·Î±×·¥ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/28 1061
1583   ÆÄÀ̽㠼ÒÄÏ ÇÁ·Î±×·¡¹ÖÀÇ ±âÃÊ     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/26 1239
1 [2][3][4][5][6][7][8][9][10]..[81]

Copyright 1999-2025 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org