 What's up everybody? Welcome back to the YouTube video. My name is John Hammond And we're still looking at Leviathan from the over-the-wire war game So we just got the password for Leviathan level three the third level in the war game. So let's go ahead and Connect to this level. All right now that we are in let's see what we've got here We've got a another set UID binary We can tell because it's noted red here And if we check out the permissions with LSTACL and see the S-bit so it is set UID binary Leviathan four is the command or the the user that we will elevate to Once we kind of run that binary as a command so level three enter the password What I don't know the password. Okay It's probably wanting a string so let's run strings on this We can pipe that to less so we can look through a little bit better. There's a you've got shell notification a Word called secret Maybe secret is the password. Let's find out. Nope. Okay, let's run L trace on it. Just had we had in some other levels string compare hono three three and cock what Why is that happening? We didn't do anything with that whatsoever. We never supplied that data. Whatever Whatever enter the password. Hello. It compares Hello with some hex values and runs string compare SCR CMP string compare. Hello new line and SNL print def new line Okay, well obviously that these two are not equal. So if we let's try and run it with SNL print def Level three Press the word. Oh, and we've got shell. Okay. Who am I? I'm Leviathan four perfect Let us check out the password and Move on it's kind of a simple solution on that one again a little bit of L trace Let's break out of this note this has Leviathan four and Connect now to Leviathan four Let's jump in nothing in the home directory. So let's check out it with hidden throw the hidden fag. Oh gosh the hidden flag I Could end my end my YouTube career just like that All right CD dot trash. Let's check out that hidden folder. There is a file called bin okay And bin is a set UID binary. We can tell what it's red and when we run it it just prints out Some binary things. Okay. It doesn't look like it changes. So what is this spelling out? It's a but of zero and ones. It's clearly a message in binary. It looks like these are sets of eight So it looks like these are bytes Let's do some command line kung fu to Figure out what this stuff really is we can throw this to like ask it a hex calm But what's the fun in that? Let's Go ahead and replace all of these spaces with new line characters so we can process them on each line and then let's Do a little while read line So we can work with each of these in its own iteration and let's Convert them with BC if you haven't heard of BC it I Consider it like binary conversion, but it is just a command line. I don't know it whatever it will convert between bases Base converter. I like to think of this We can say I want The ending base so output base equals 16 while the input base or I base equals 2 and then we'll pass in the line that we're working with here and Then we will give that to BC. Cool. So now I've got a bunch of hex and if we Bring our lines back Or if we remove those new lines just like we had before So now it's all one line. We can pass this to xxt tack R to reverse and tack P for the printable stuff and Now we have some seemingly Password like string here Let's go ahead and save this. Oh, I don't want that new shell. Let's let's go ahead and break out I'm pretty confident. That's the password. That is what Leviathan 5, right? Yes. So Paste that in let's try to connect to Leviathan 5 with that as our password and We are in perfect. Okay. So that was the password So I did a little bit of a command line kung fu there just read through each of those Bites that were displayed in binary converted them from base 2 to hexadecimal base 16 And I did that so I could just give them back to xxd And xxd as we've seen in at least bandit and other videos other tutorials and guides and stuff like that That will take a hex dump So we were able to use the tack R and the tack B to reverse it and put it back into ASCII and That got us to string. So now we're into level 5 and we'll jump into that in the next video So thank you guys for watching. Hope you're enjoying these. I hope I'm not going too fast Hope you're enjoying the content. Hope you were learning a little bit if you haven't seen that stuff before but thanks again. See you soon