Login

SSH: ssh krypton2@krypton.labs.overthewire.org -p 2231

Task

This level contains an old form of cipher called a ‘Caesar Cipher’. The encrypt binary will look for the keyfile in your current working directory. Therefore, it might be best to create a working direcory in /tmp and in there a link to the keyfile. As the encrypt binary runs setuid krypton3, you also need to give krypton3 access to your working directory.

A little bit of Theory

The Caesar Cipher is a shift cipher, meaning the letters are shifted by a certain number (the key). For example, with k=1, you encrypt A as B, B as C and so on until Z will be encrypted as A. Calculating the encryption key is easy, when knowing just one letter pair of the message (original) and cipher text (encrypted). Taking the example from above: ‘A’ to ‘B’ is ‘1 -> 2’. The key is just the difference ‘1+x=2’ (as long as it does not wrap around). To calculate the decryption key from the encryption key, you can do the following: amount of characters - encryption_key = decryption_key. So the example would be ‘26-1=25’. Meaning, you need to shift ‘B’ by 25 to get ‘A’ again. (2+25= 27 mod 26 = 1). Here ‘mod’ is revering to the modulo operation that is the remainder of a division. It is needed because the number needs to be between 1 and 26 to be mapped to a letter of the alphabet.

Solution

Start by reading the README to get the full task description (cat README).

1
2
3
4
5
6
7
8
9

krypton2@krypton:~$ cd /krypton/krypton2/
krypton2@krypton:/krypton/krypton2$ ls -la
total 32
drwxr-xr-x 2 root     root     4096 May 19  2020 .
drwxr-xr-x 8 root     root     4096 May 19  2020 ..
-rwsr-x--- 1 krypton3 krypton2 9032 May 19  2020 encrypt
-rw-r----- 1 krypton3 krypton3   27 May 19  2020 keyfile.dat
-rw-r----- 1 krypton2 krypton2   13 May 19  2020 krypton3
-rw-r----- 1 krypton2 krypton2 1815 May 19  2020 README

This task deals with the Ceasar cipher. Specifically, we need to find the key by comparing the message and cipher. Based on the example in the ‘README’ we do the following:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

krypton2@krypton:/krypton/krypton2$ mktemp -d
/tmp/tmp.1RfnWl0zk4
krypton2@krypton:/krypton/krypton2$ cd /tmp/tmp.1RfnWl0zk4
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ ln -s /krypton/krypton2/keyfile.dat
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ chmod 777 .
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ echo "AAAAA" > encrypt.txt
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ /krypton/krypton2/encrypt encrypt.txt 
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ ls -la
total 32
drwxrwxrwx  2 krypton2 root      4096 Jul  7 14:14 .
drwxrws-wt 99 root     root     20480 Jul  7 14:14 ..
-rw-r--r--  1 krypton3 krypton2     4 Jul  7 14:14 ciphertext
-rw-r--r--  1 krypton2 krypton2     5 Jul  7 14:13 encrypt.txt
lrwxrwxrwx  1 krypton2 root        29 Jul  7 14:13 keyfile.dat -> /krypton/krypton2/keyfile.dat
krypton2@krypton:/tmp/tmp.1RfnWl0zk4$ cat ciphertext 
MMMMM

So I run the encryption executable with the text ‘AAAAA’ because it is the easiest to calculate the shift from the first letter. The result is ‘MMMMM’. Now we just need to figure out the key by calculating the amount shifts from ‘A’ to ‘M’ (1 -> 13). With ‘M’ being the 13th character, and therefore ‘12’ is the key. Since this is the encryption key, we need to convert it to do decryption, which is done the following way: 26 - 12 = 14.

We can use a similar command from the previous level to decrypt the message. We only shift by a different amount of characters (12 instead of 13):

1
2

krypton2@krypton:/krypton/krypton2$ cat krypton3 | tr 'A-Za-z' 'O-ZA-No-za-n'
XXXXXXXXXXX

https://overthewire.org/wargames/krypton/krypton2.html