Login

SSH: ssh bandit11@bandit.labs.overthewire.org -p 2220

Password: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Task

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.

A little bit of Theory

Substitution means replacing one character with another. Substitution ciphers have been known and used for a very long time. Some of the most known are the Caesar and Vigenère ciphers. However, these simple substitution ciphers are not secure anymore!

As the ‘Helpful Reading Material’ on the levels site mentions, rotating letters by 13 positions is the ROT13 substitution cipher. It is nice because looking at the Latin alphabet with 26 letters the encryption algorithm equals the decryption algorithm.

The Linux tr command, which stands for ’translate’, allows replacing characters with others. The base command syntax looks like the following tr <old_chars> <new_chars>.

Solution

There are a lot of websites that offer ROT13 encryption/decryption, but sadly there is no build-in ROT13 command in Linux. However, I wanted a solution for the terminal, so I used the tr command for substitution.

The substitution for ROT13 is A->N,…,Z->M. With tr it would be:

1
2

bandit11@bandit:~$ cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Addition

If we want to use ROT13 more often in the future, it might make sense to create a ‘alias’ so that we can use the name rot13 (and rot5 for numbers) as command and not tr:

1
2

alias rot13="tr 'A-Za-z' 'N-ZA-Mn-za-m'"
alias rot5="tr '0-9' '5-90-4'"

https://overthewire.org/wargames/bandit/bandit12.html