Summary: Difficulty: 1/10 Levels: 8 Platform: Linux/x86 Author: Anders Tonfeldt Special Thanks: We would like to thank AstroMonk for coming up with a replacement idea for the last level, deadfood for finding a leveljump and Coi for finding a non-planned vulnerability. Description: This wargame doesn't require any knowledge about programming - just a bit of common sense and some knowledge about basic *nix commands. We had no idea that it'd be this hard to make an interesting wargame that wouldn't require programming abilities from the players. Hopefully we made an interesting challenge for the new ones.
From the home directory, there isn’t much except a hidden backup folder and a bookmark.html file in it.
ls -al total 24 drwxr-xr-x 3 root root 4096 Jun 6 2013 . drwxr-xr-x 160 root root 4096 Jul 28 17:05 .. drwxr-x--- 2 root leviathan0 4096 Jun 6 2013 .backup -rw-r--r-- 1 root root 220 Apr 3 2012 .bash_logout -rw-r--r-- 1 root root 3486 Apr 3 2012 .bashrc -rw-r--r-- 1 root root 675 Apr 3 2012 .profile cd .backup ; ls -al total 144 drwxr-x--- 2 root leviathan0 4096 Jun 6 2013 . drwxr-xr-x 3 root root 4096 Jun 6 2013 .. -rw-r----- 1 root leviathan0 133259 Jun 6 2013 bookmarks.html
If you look into the file, then you will find a legit html file with a lot of information. Since I am just freshly completed bandit, I wonder if I am looking for the password for leviathan1 in this file. There it is, the password for the next level is right next to the username for the next level.
grep "leviathan1" bookmarks.html <DT><A HREF="http://leviathan.labs.overthewire.org/passwordus.html | This will be fixed later, the password for leviathan1 is rioGegei8m" ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71"> password to leviathan1</A>
That was surprisingly easy.