Level 1
find a hidden directory .backup, print the html document inside and grep password
Level 2
run the given executable with ltrace, observe the program compares the input string with “sex”; rerun the program and input “sex”, get into some shell as the next level user, print the password under /etc/leviathan_pass directly
Level 3
observe that the executable checks if the current user has read permission to the specified file before it prints the file, and call to access would treat argv[1] as one filename while call to execute cat would treat it as filenames separated by spaces => we can create two files a b and a, where a b is a regular file for passing access and a is a soft link to the password for being printed by cat; run the program with a b as argv[1]
Level 4
same as level 2 except the executable password is “snlprintf”
Level 5
find a hidden directory .trash which contains a file encoding the password in bytes, decode these bytes to get the password
Level 6
it seems the executable would print whatever in /tmp/file.log as the next level user => soft link the filename to the password file and run the executable
Level 7
just brute force the 4-digit code; after get into the next level shell, print the password directly