Krypton Level 2
ssh krypton2@krypton.labs.overthewire.org -p 2231
ROTTEN
Objective
ROT13 is a simple substitution cipher.
Substitution ciphers are a simple replacement algorithm. In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. Monoalphebetic means, literally, “one alphabet” and you will see why.
This level contains an old form of cipher called a ‘Caesar Cipher’. A Caesar cipher shifts the alphabet by a set number. For example:
- plain: a b c d e f g h i j k ...
- cipher: G H I J K L M N O P Q ...
In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so, for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.
The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy.
One shot can solve it!
Have fun.
Additional Information:
The encrypt binary will look for the keyfile in your current working directory. Therefore, it might be best to create a working direcory in /tmp and in there a link to the keyfile. As the encrypt binary runs setuid krypton3, you also need to give krypton3 access to your working directory.
Here is an example:
krypton2@melinda:~$ mktemp -d
/tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:~$ cd /tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ln -s /krypton/krypton2/keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ chmod 777 .
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ /krypton/krypton2/encrypt /etc/issue
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
ciphertext keyfile.dat
CLI
kali@Kali:~$ ssh krypton2@krypton.labs.overthewire.org -p 2231
krypton2@krypton.labs.overthewire.org's password:
Welcome to OverTheWire!
Enjoy your stay!
krypton2@bandit:~$ cd /krypton/krypton2/
krypton2@bandit:/krypton/krypton2$ ls -la
total 36
drwxr-xr-x 2 root root 4096 Sep 19 07:09 .
drwxr-xr-x 9 root root 4096 Sep 19 07:10 ..
-rwsr-x--- 1 krypton3 krypton2 16328 Sep 19 07:09 encrypt
-rw-r----- 1 krypton3 krypton3 27 Sep 19 07:09 keyfile.dat
-rw-r----- 1 krypton2 krypton2 13 Sep 19 07:09 krypton3
-rw-r----- 1 krypton2 krypton2 1815 Sep 19 07:09 README
krypton2@bandit:/krypton/krypton2$ mktemp -d
/tmp/tmp.ZPMdgW6riw
krypton2@bandit:/krypton/krypton2$ cd /tmp/tmp.ZPMdgW6riw
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ ln -s /krypton/krypton2/keyfile.dat
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ chmod 777 .
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ echo "AAAAA" > encrypt.txt
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ /krypton/krypton2/encrypt encrypt.txt
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ ls -la
total 13588
drwxrwxrwx 2 krypton2 krypton2 4096 Nov 30 17:36 .
drwxrwx-wt 1 root root 13897728 Nov 30 17:36 ..
-rw-rw-r-- 1 krypton3 krypton2 5 Nov 30 17:36 ciphertext
-rw-rw-r-- 1 krypton2 krypton2 6 Nov 30 17:35 encrypt.txt
lrwxrwxrwx 1 krypton2 krypton2 29 Nov 30 17:34 keyfile.dat -> /krypton/krypton2/keyfile.dat
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ cat ciphertext
MMMMMkrypton2@bandit:/tmp/tmp.ZPMdgW6riw$
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$ cat /krypton/krypton2/krypton3 | tr a-zA-Z o-za-nO-ZA-N
CAESARISEASY
krypton2@bandit:/tmp/tmp.ZPMdgW6riw$
