Level Info
ROT13 is a simple substitution cipher.
Substitution ciphers are a simple replacement algorithm. In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. Monoalphebetic means, literally, “one alphabet” and you will see why.
This level contains an old form of cipher called a ‘Caesar Cipher’. A Caesar cipher shifts the alphabet by a set number. For example:
plain: a b c d e f g h i j k ...
cipher: G H I J K L M N O P Q ...In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so, for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.
The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy.
One shot can solve it!
Have fun.
Additional Information:
The encrypt binary will look for the keyfile in your current working directory. Therefore, it might be best to create a working direcory in /tmp and in there a link to the keyfile. As the encrypt binary runs setuid krypton3, you also need to give krypton3 access to your working directory.
Here is an example:
krypton2@melinda:~$ mktemp -d
/tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:~$ cd /tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ln -s /krypton/krypton2/keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ chmod 777 .
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ /krypton/krypton2/encrypt /etc/issue
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
ciphertext keyfile.datSolution
Use the following information to login the server.
- Username: krypton2
- Password: ROTTEN
- Host: krypton.labs.overthewire.org
- Port: 2222
$ ssh krypton2@krypton.labs.overthewire.org -p 2222
_ _
| | ___ __ _ _ _ __ | |_ ___ _ __
| |/ / '__| | | | '_ \| __/ _ \| '_ \
| <| | | |_| | |_) | || (_) | | | |
|_|\_\_| \__, | .__/ \__\___/|_| |_|
|___/|_|
a http://www.overthewire.org wargame.krypton2@krypton.labs.overthewire.org's password:
ROTTEN
Just like the previous level, we move to the directory /krypton/krypton2 immediately to see how we can start from there.
krypton2@krypton:~$ cd /krypton/krypton2
krypton2@krypton:/krypton/krypton2$ ls
README encrypt keyfile.dat krypton3
krypton2@krypton:/krypton/krypton2$ ls -al
total 32
drwxr-xr-x 2 root root 4096 Apr 1 04:20 .
drwxr-xr-x 8 root root 4096 Apr 1 04:20 ..
-rw-r----- 1 krypton2 krypton2 1815 Apr 1 04:20 README
-rwsr-x--- 1 krypton3 krypton2 9010 Apr 1 04:20 encrypt
-rw-r----- 1 krypton3 krypton3 27 Apr 1 04:20 keyfile.dat
-rw-r----- 1 krypton2 krypton2 13 Apr 1 04:20 krypton3Check out the README file. It’s the same content with what we get from the webpage.
krypton2@krypton:/krypton/krypton2$ cat README
Krypton 2ROT13 is a simple substitution cipher.Substitution ciphers are a simple replacement algorithm. In this example
of a substitution cipher, we will explore a 'monoalphebetic' cipher.
Monoalphebetic means, literally, "one alphabet" and you will see why.
...
The password for level 3 is in the file krypton3, let’s check it out first.
krypton2@krypton:/krypton/krypton2$ cat krypton3
OMQEMDUEQMEKEven we can read the ciphertext, we still don’t know which rotation has been used to encrypt the plaintext, i.e., ROT1, ROT2, …, ROT25. Therefore, we need to do a test to find out which rotation is used for encryption.
Let’s follow the instructions to create a temporary directory and check out the encryption result from the program.
krypton2@krypton:/krypton/krypton2$ mktemp -d
/tmp/tmp.N7xrgnv6Od
krypton2@krypton:/krypton/krypton2$ cd /tmp/tmp.N7xrgnv6Od
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ ln -s /krypton/krypton2/keyfile.dat
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ ls
keyfile.dat
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ chmod 777 .
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ /krypton/krypton2/encrypt /etc/issue
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ ls
ciphertext keyfile.datThe ciphertext file stores the encryption result from the content of /etc/issue. So, we may figure out the rotation from comparing these two files.
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ cat /etc/issue
Ubuntu 14.04.5 LTS \n \lkrypton2@krypton:/tmp/tmp.N7xrgnv6Od$ cat ciphertext
GNGZFGXFEZXkrypton2@krypton:/tmp/tmp.N7xrgnv6Od$
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$
From the first six alphabets, we got the following mapping relationship:
plain: U b u n t u ...
cipher: G N G Z F G ...Okay, it’s time to recover the password.
krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ cat /krypton/krypton2/krypton3 | tr a-zA-Z o-za-nO-ZA-N
CAESARISEASYGot it!
