 Hey, what's going on guys? My name is John Hammond and welcome back in the YouTube video still looking at Leviathan the wargame from over The wire an online wargaming website, so we just got the password for level five We can go ahead and use our connection command to SSH in again using SSH pass passing the username Password etc in the right port so once we are connected and logged in We can check out what's in the home directory, and we have this set UID binary We can tell because it is red and if we check out the Privileges and permissions and stuff like that we see the s-bit So it is owned by Leviathan 6 then we get his privileges and permissions when we run this binary So let's go ahead and run this binary suit. It does Leviathan 5. It says cannot find temp file log Okay, let's Is there a temp file log it would help if I could type There is no such file directory. Okay, so let's create the file. Let's just echo Hello into temp file log Now now it exists we can see it What will the Leviathan 5 program do? Okay, it just prints it out What and then it's and then it deletes it it goes away. Okay, whatever um Well, if it's just going to read out a file with the permissions of Leviathan 5 or I suppose Leviathan 6 right because that's the privileges. That's the next level that we want Yeah, it is running with Leviathan 6 privileges So we want to get the password for Leviathan 6 and if we can read from a file Can we have a file kind of reflect what is? In the password file like can we can we just kind of fake read it? Yeah The answer to that question is yes. So Kind of like I don't really know a good way to explain this so Google might do a better thing for us but There are links between files and symbolic links are the word The words that you will hear that will kind of be helpful in Linux that will I I For a while. I thought of them as like a shortcut in Windows like okay This will just link to another file, but it keeps some some kind of properties. So it lets you literally read through that file and Other users or set you ID binaries will follow these links and really read the files as we need them So we can create a symbolic link that will act like it will refer to The password that we want the Leviathan 6 password and then we can level up or kind of get past this level so the way we make one of these if you checked out in the man pages there is the tack tack symbolic and The shorthand for that is just tack s so We can make a symbolic link with Ellen tack s For the Leviathan password Leviathan 6 and we'll put that in the file log file that this program wants to read for us. So Now if we LS temp file log You can see it's kind of a special property here. It's kind of blue ish And LS hack how you can see it's a symbolic link. So it's redirecting to that password It's still owned by me. I can still read it Leviathan 5 we can still read it But Leviathan 6 when it views this file will follow the path to its own password This is interesting thing because we own this file file log But we don't own Leviathan 6 password. So we can't read this But we can read the Symbolic link the shortcut and weird interesting thing, but it's a gimmick that will let us level up here So let's check this out. Let's do Leviathan 5 run the program and Okay, it just prints out the password for us because all that program does by default is print out the contents of temp file log So now it's gone because it removed it, but we've already got the password So let's go ahead and take a note of that Leviathan 6 paste it in here and Let's keep moving. Let's get to level 6 Connects here over the wire war game Connected and we have Leviathan 6 as a UID binary. Oh, and it's just another 4-digit pin code. Okay. Well We can do the same thing we did kind of at the end of Bandit in the previous series I just do a for loop brute force this for I in let's go 000 and let's go 9 9 9 9. I learned my lesson from last time Let's do Leviathan with that I key and let's actually echo out what we are on what what iteration we're on just so we know and We'll start to run through it. Okay It's just steaming along Looks like it's actually moving pretty quick and we got a shell We got the dollar sign here. We have my I'm Leviathan 7. All right. Let's uh, let's check out the password here Leviathan 7 I spelt that wrong Leviathan 7 and we got it. All right, cool. Oh break it out of that and In our shell save here now we can connect to level 7 and I believe level 7 is The last level you can check it out in the website over the wire This is the very end. So cool. We did it We just completed Leviathan from over the wire of their online war games. Cool. Pretty pretty easy pretty simple We just ran through a lot of them. I hope you guys learned a few things if you haven't seen some of these tactics or techniques before I gave you Again have alternate solutions or other ways of going about some of these how to solve them Please share them in the comments. I don't know talk do some community stuff like share Do great things. Thank you guys for watching. Hope you're enjoying these videos. I'll see you later