 Hello, what is going on everybody? My name is John Hammond and welcome back to the YouTube video of mine and in this video and the next couple I'm gonna try and get into the Leviathan war game on Over the wire an online war gaming website So we just finished up Bandit in a previous series now I want to move into Leviathan. It's kind of at least seemingly the next or quote-unquote one of the suggested next games to play There's a little bit of description as to what the game is not terribly difficult on the rating scale Doesn't require any knowledge of programming just a little bit of common sense and some knowledge about basic Unix commands Some of these are kind of clever and you may not have been used to that syntax or seen them before So that's why I wanted to showcase them and You'll see in the web interface that all of the levels level one all the way through level seven here or level six I guess I don't know They don't have any information So we're probably just going to be only in the terminal the entire time no real need to have this web browser so I'm hop over to the terminal and you can see that I have a change my theme a little bit just to Hopefully attract some. I don't know maybe some others that might see these blue and green not not blue with the heck black and green hacker stuff in the thumbnail and I Don't know maybe get some more viewers that way. I don't know just low hanging fruit to get the script kiddies so Let's make a connection to the war game Leviathan It's a it says here in the description of the of the war game The username is Leviathan zero as usual same with how it was for Bandit zero and the password is Leviathan zero for just his first level make sure we use that as our username and the host name remember we're using the new port is 2223 for this war game for Leviathan and Once we can make a connection it will want to ask for the password it. Let's start to use that SSH pass setup that we had before so I'll create a file for this user and put the password in there and I actually learned from a Comment in the last series for Bandit that the command substitution in bash is normally I had learned it through back ticks However, that's really old and it's pretty much deprecated So the more common style that has superseded is to use a dollar sign like you would for kind of variables, but replace Or surround your command in single parentheses So that will do the same thing and it's at least more proper or at least more common these days So I'm just going to copy paste that whole command because I'm lazy and Now we are connected Eventually, okay, cool. So you can see the logo here over the wire and we are in so let's see what we got Nothing by default in the home directory so let's list out all things backup is a Different-looking directory that we aren't usually seen before it's hidden because of that period there So there's a bookmarks at HTML in here. Let's just see what that is And it's a lot of HTML. Holy crap super gross stuff Um Knowing that we want to have a password, let's just try and grep for password in this and we get a hit. Okay, cool Looks like password for life and one is this thing. Okay Kind of a cheap hack whatever but that got us a password let's put this in our Leviathan one file and Now let's modify our connection line to move to Leviathan one So all we did for that one was just find the file It was hidden hidden directory And then grep through it for just a string password because that we know that's all we wanted to find was the password for the next level That's how these war games work. So now we're in Leviathan one and what is this thing check password? What Wrong password. Goodbye. All right So it's probably asking for a kind of string in what this password may be So I'm gonna run strings on it on that file on that binary to see what else might be in here Right, what other plain text and readable strings might be present in the binary? There's the prompt. There's probably the shell command It'll execute once we get it correct and it doesn't look like it's doing anything else or anything that we can really see in here So let's look at some other tools L trace is a good one for simple command line binary like Reconnaissance I need the dot in the forward side here to actually run the binary because L trace will Follow along with it. So it looks like it's gonna run printf and then the gate character for our input. So Hello, I enter And we can see that okay, it runs get character a couple times and then string compare str compare hell So the first three letters if I guess what I entered and then the word sex, okay? I suppose that is the password. So let's try and run With that input and we get a dollar sign. We get a bash prompt Well, not so much bash Maybe just a regular shell as we saw in the string up there just been sh So who am I? I'm Leviathan 2 now cool. That means I can cat out the password for the next Level by one Leviathan 2 and this directory here. It's that real life and pass is just noted in the Noted in the prompt that okay You can look in the center Leviathan pass folder for the various password levels So, okay, that is the token to get us to the next level. Let's break out of this Put this in a Leviathan 2 file so we can save it for later and now we can move into Leviathan 2 for the next wargame Cool. All right That's all for now. I just want to get you guys your feet wet with the game and get us set up So I'll see you in the next video when we tackle the next level of either. Thank you guys so much for watching Hope you're enjoying the series and please maybe if you want to like comment subscribe do what you got to do All right. See you later