Linux Hacking: Binary & Hex | Leviathan: OverTheWire (Levels 3-4)

John Hammond · Intermediate ·🔐 Cybersecurity ·8y ago

Key Takeaways

Solves Linux Hacking: Binary & Hex challenges in Leviathan: OverTheWire Levels 3-4

Full Transcript

what's up everybody welcome back to their YouTube video my name is John Hammond and we're still looking at Leviathan from the over the wire war game so we just got the password for Leviathan level 3 the third level on the war game so let's go ahead and connect to this level alright now that we are in let's see what we've got here we've got a another set UID binary we can tell because it's noted red here and if we check out the permissions with LS tak helm and see the S bit so it is set UID binary Leviathan 4 is the command or the user that we will elevate to once we kind of run that binary as a command so level 3 enter the password what I don't know the password ok it's probably wanting a string so let's run strings on this we can pipe that to less so we can look through a little bit better there's a you've got shell notification a word Karl secret maybe secret is the password let's find out nope okay let's run L trace on it just had we had in some other levels string compare ho no 3-3 and what why is that happening we didn't do anything with that whatsoever though we never supplied that data whatever whatever enter the password hello it compares hello with some hex values and runs string compare strcmp string compare hello newline and SNL printf new line okay well obviously that these two are not equal so if we let's try and run it with SNL printf level 3 password oh and we've got shell okay Who am I I'm Leviathan for perfect let us check out the password and move on it's kind of a simple solution on that one again a little bit of L trees let's break out of this note this has Leviathan for and connect now to Leviathan for let's jump in nothing in the home directory so let's check out it with hidden throught the hidden flag oh gosh the hidden flag I could end my and my youtube career just like that alright CD dot fresh let's check out that hidden folder there is a file called bin ok and bin is a set UID binary we can tell what it's red and when we run it it just prints out some binary thinks ok it doesn't look like it changes so what is this spelling out it's a but of 0 and ones it's clearly a message in binary it looks like these are sets of eight so it looks like these are bytes let's do some command-line kung-fu to figure out what this stuff really is we can throw this to a like ask you to hex calm but what's the fun in that let's go ahead and replace all of these spaces with newline characters so we can process them on each line and then let's do a little Wow read line so we can work with each of these in its own iteration and let's convert them with BC if you haven't heard of BC it I consider it like binary conversion but it is just a command-line I don't know whatever it will convert between basis base converter I like to think of it as we can say I want the ending base so output base equals 16 while the input base or I base equals 2 and then we'll pass in the line that we're working with here and then we will give that to BC cool so now we've got a bunch of hex and if we bring our lines back or if we remove those new lines just like we had before so now it's all online we can pass this to X X T attack or to reverse and tack P for the printable stuff and now we have some seemingly password like string here let's go ahead and save this oh I don't want that new shell let's let's go ahead and break out I'm pretty confident that's the password that is what life and 5 right yes so paste that in let's try to connect to Leviathan 5 with that as our password and we are in perfect ok so that was the password so I did a little bit of a command-line kung-fu there just read through each of those bytes that were displayed in binary converted them from base to to hexadecimal base 16 and I did that so I could just give them back to X XD and X XD as we've seen in at least bandit and other videos of other tutorials and guides and stuff like that that will take a hex dump so we were able to use the tax or and attack B to reverse it and put it back into ASCII and that got us the string so now we're into level 5 and we'll jump into that in the next video so thank you guys for watching I hope you're enjoying these I hope I'm not going too fast so if you're enjoying the content I hope you're learning a little bit if you haven't seen that stuff before but uh thanks again see you soon

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related Reads

📰
Protecting Your Digital Life: The Ultimate Guide to Cybersecurity
Learn to protect your digital life from hackers and scammers with this ultimate guide to cybersecurity
Medium · AI
📰
Your Scanner Reads One Workflow at a Time. The Attack Lives in the Chain.
Learn about a new class of CI/CD vulnerability that exploits the difference between detection controls and governance decisions
Medium · Cybersecurity
📰
Oracle Manipulation: How a $392K Silo Finance Loss Happened in 2026
Learn how a misconfigured oracle led to a $392K loss in Silo Finance and how to prevent similar attacks in your own protocols
Dev.to AI
📰
Beyond MFA: Why Identity Security Has Become the Foundation of Modern Cyber Resilience
Investing in identity security is crucial for modern cyber resilience, going beyond traditional MFA approaches
Medium · Cybersecurity
Up next
NordVPN Vs ExpressVPN 2026 | Which VPN Should You Choose?
Tutorial Stack
Watch →