1. Leviathan6 목표
There is no information for this level, intentionally.
2. Leviathan6 구현
# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2223
chown root:root /home/leviathan6
chmod 755 /home/leviathan6
chown -R root:root /home/leviathan6/.[!.]*
# leviathan7 유저를 생성하여 준다.
useradd leviathan7 && echo -e "qEs5Io5yM8\nqEs5Io5yM8" | passwd leviathan7
chown root:root /home/leviathan7
chmod 755 /home/leviathan7
chown -R root:root /home/leviathan7/.[!.]*
echo 'Well Done, you seem to have used a *nix system before, now try something more serious.' > /home/leviathan7/CONGRATULATIONS
echo $'(Please don\'t post writeups, solutions or spoilers about the games on the web. Thank you!)' >> /home/leviathan7/CONGRATULATIONS
chown leviathan7:leviathan7 /home/leviathan7/CONGRATULATIONS
chmod 440 /home/leviathan7/CONGRATULATIONS
cat <<'EOF' > /tmp/leviathan6.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int secret_value = 7123; // 0x1bd3
int input_value;
if (argc < 2)
{
printf("usage: %s <4 digit code>\n", argv[0]);
exit(-1);
}
input_value = atoi(argv[1]);
if (input_value == secret_value)
{
uid_t uid = geteuid();
setreuid(uid, uid);
system("/bin/sh");
}
else
{
puts("Wrong");
}
return 0;
}
EOF
gcc -o /home/leviathan6/leviathan6 /tmp/leviathan6.c
chown leviathan7:leviathan6 /home/leviathan6/leviathan6
chmod 4550 /home/leviathan6/leviathan6
# 다음 패스워드가 담긴 파일을 생성한다.
echo 'qEs5Io5yM8' > /etc/leviathan_pass/leviathan7
chown leviathan7:leviathan7 /etc/leviathan_pass/leviathan7
chmod 400 /etc/leviathan_pass/leviathan7
exit
3. Leviathan6 문제풀의
# 비밀번호 : szo7HDB88w
ssh leviathan6@localhost -p 2223
# 호출 라이브러리 확인
ltrace /home/leviathan6/leviathan6 1234
# pin 번호 확인
gdb -batch -ex "set disassembly-flavor intel" -ex "disassemble main" /home/leviathan6/leviathan6 | grep mov | awk '{ print $6 }' | awk -F ',' '{ print $2 }' | grep 0x | xargs printf "%d\n"
# leviathan7 쉘 접속
/home/leviathan6/leviathan6 7123
# 다음 문제 비밀번호를 확인
# qEs5Io5yM8
cat /etc/leviathan_pass/leviathan7
'Wargame > Leviathan' 카테고리의 다른 글
| [ Docker ] Leviathan Wargame 만들기 - 5번 문제 ( 7 / 8 ) (0) | 2024.09.10 |
|---|---|
| [ Docker ] Leviathan Wargame 만들기 - 4번 문제 ( 6 / 8 ) (0) | 2024.09.10 |
| [ Docker ] Leviathan Wargame 만들기 - 3번 문제 ( 5 / 8 ) (0) | 2024.09.10 |
| [ Docker ] Leviathan Wargame 만들기 - 2번 문제 ( 4 / 8 ) (0) | 2024.09.10 |
| [ Docker ] Leviathan Wargame 만들기 - 1번 문제 ( 3 / 8 ) (0) | 2024.09.10 |