Leviathan 6 wants us to guess a four digit pin. Strings reveals nothing, and ltrace confirms that it’s calling atoi on the parameter we pass, so this is definitely a numeric comparison. In other words, I’m pretty sure that we can’t figure out the pin purely by examining the compiled code. Again, we could always load up gdb, but that would probably go against the spirit of the challenge.
Since I can’t debug it, the only thing I can think to do is brute force it. This again kind of leans towards the programmer side of things, but it’s still accomplished entirely within unix/linux commands, so I think it’s fair. We can actually do this with a one liner: leviathan6@leviathan:~$ for i in $(seq 1000 9999); do ./leviathan6 $i; done
A couple of things to note here - I’m just assuming that the pin is probably going to be over 1000. I guess it could be in the first 999 numbers, but it seems unlikely. We luck out though, and at some point (I have no idea what the actual pin was), I find myself with a shell running as leviathan7.
.
.
Numerous failed attempts
.
.
Wrong
Wrong
$ whoami
leviathan7
$ cat /etc/leviathan_pass/leviathan7
XXXXXXXXXXXXXX
$