Open in app

Sign in

Write

Sign in

Krypton

Megha Kumari
8 min readJun 21, 2020

--

This is in continuation of my wargames series, to follow up from beginning, click me!

Krypton Level 0 → Level 1

Level Info

Welcome to Krypton! The first level is easy. The following string encodes the password using Base64:

S1JZUFRPTklTR1JFQVQ=

Use this password to log in to krypton.labs.overthewire.org with username krypton1 using SSH on port 2231. You can find the files for other levels in /krypton/

apsychogirl@dell~ echo "S1JZUFRPTklTR1JFQVQ=" | base64 -d
KRYPTONISGREAT                                                                                                                   apsychogirl@dell~apsychogirl@dell~ ssh krypton1@krypton.labs.overthewire.org -p 2231krypton1@krypton:~$

Krypton Level 1 → Level 2

Level Info

The password for level 2 is in the file ‘krypton2’. It is ‘encrypted’ using a simple rotation. It is also in non-standard ciphertext format. When using alpha characters for cipher text it is normal to group the letters into 5 letter clusters, regardless of word boundaries. This helps obfuscate any patterns. This file has kept the plain text word boundaries and carried them to the cipher text. Enjoy!

krypton1@krypton:~$ cd /
krypton1@krypton:/$ cd krypton/
krypton1@krypton:/krypton$ ls 
krypton1  krypton2  krypton3  krypton4  krypton5  krypton6
krypton1@krypton:/krypton$ cd krypton1krypton1@krypton:/krypton/krypton1$ ls
krypton2  READMEkrypton1@krypton:/krypton/krypton1$ cat krypton2 
YRIRY GJB CNFFJBEQ EBGGRA

Let’s see inside Readme file for more info

krypton1@krypton:/krypton/krypton1$ cat README 
Welcome to Krypton!This game is intended to give hands on experience with cryptography
and cryptanalysis.  The levels progress from classic ciphers, to modern,
easy to harder.Although there are excellent public tools, like cryptool,to perform
the simple analysis, we strongly encourage you to try and do these
without them for now.  We will use them in later excercises.** Please try these levels without cryptool first **The first level is easy.  The password for level 2 is in the file 
'krypton2'.  It is 'encrypted' using a simple rotation called ROT13.  
It is also in non-standard ciphertext format.  When using alpha characters for
cipher text it is normal to group the letters into 5 letter clusters, 
regardless of word boundaries.  This helps obfuscate any patterns.This file has kept the plain text word boundaries and carried them to
the cipher text.Enjoy!

So, now we know, this is encrypted by rot13 (we decrypted similar file in bandit level 11->12 ). Applying the same here

krypton1@krypton:/krypton/krypton1$ cat krypton2 | tr 'A-Za-z' 'N-ZA-Mn-za-m'LEVEL TWO PASSWORD ROTTEN
krypton1@krypton:/krypton/krypton1$

Krypton Level 2 → Level 3

Level Info

ROT13 is a simple substitution cipher.

Substitution ciphers are a simple replacement algorithm. In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. Monoalphebetic means, literally, “one alphabet” and you will see why.

This level contains an old form of cipher called a ‘Caesar Cipher’. A Caesar cipher shifts the alphabet by a set number. For example:

plain: a b c d e f g h i j k ...
cipher: G H I J K L M N O P Q ...

In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so, for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.

The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy.

One shot can solve it!

apsychogirl@dell~ ssh krypton2@krypton.labs.overthewire.org -p 2231

Just like the previous level, we move to the directory /krypton/krypton2 immediately to see how we can start from there.

krypton2@krypton:~$ cd /krypton/krypton2
krypton2@krypton:/krypton/krypton2$ ls
README  encrypt  keyfile.dat  krypton3
krypton2@krypton:/krypton/krypton2$ ls -al
total 32
drwxr-xr-x 2 root     root     4096 Apr  1 04:20 .
drwxr-xr-x 8 root     root     4096 Apr  1 04:20 ..
-rw-r----- 1 krypton2 krypton2 1815 Apr  1 04:20 README
-rwsr-x--- 1 krypton3 krypton2 9010 Apr  1 04:20 encrypt
-rw-r----- 1 krypton3 krypton3   27 Apr  1 04:20 keyfile.dat
-rw-r----- 1 krypton2 krypton2   13 Apr  1 04:20 krypton3

Check out the README file. It’s the same content with what we get from the webpage.

krypton2@krypton:/krypton/krypton2$ cat README
Krypton 2ROT13 is a simple substitution cipher.Substitution ciphers are a simple replacement algorithm.  In this example
of a substitution cipher, we will explore a 'monoalphebetic' cipher.
Monoalphebetic means, literally, "one alphabet" and you will see why.
...

The password for level 3 is in the file krypton3, let’s check it out first.

krypton2@krypton:/krypton/krypton2$ cat krypton3
OMQEMDUEQMEK

Even we can read the ciphertext, we still don’t know which rotation has been used to encrypt the plaintext, i.e., ROT1, ROT2, …, ROT25. Therefore, we need to do a test to find out which rotation is used for encryption.

Let’s follow the instructions to create a temporary directory and check out the encryption result from the program.

krypton2@krypton:/krypton/krypton2$ mktemp -d
/tmp/tmp.PVPxfVYdTf
krypton2@krypton:/krypton/krypton2$ cd /tmp/tmp.PVPxfVYdTf
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ ln -s /krypton/krypton2/keyfile.dat
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ ls
keyfile.dat
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ chmod 777 .
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ /krypton/krypton2/encrypt /etc/i
identd.conf      inetd.d/         initramfs-tools/ insserv/         iproute2/        
identd.key       init/            inittab          insserv.conf     issue            
inetd.conf       init.d/          inputrc          insserv.conf.d/  issue.net        
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ /krypton/krypton2/encrypt /etc/issue
krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ ls
ciphertext  keyfile.dat

The ciphertext file stores the encryption result from the content of /etc/issue. So, we may figure out the rotation from comparing these two files.

krypton2@krypton:/tmp/tmp.PVPxfVYdTf$ cat /etc/issue
Devuan GNU/Linux ascii \n \lkrypton2@krypton:/tmp/tmp.PVPxfVYdTf$ cat ciphertext
PQHGMZSZGXUZGJMEOUUZX

From the first six alphabets, we got the following mapping relationship:

plain:  D E V U A N ...
cipher: P Q H G M Z...

Okay, it’s time to recover the password.

krypton2@krypton:/tmp/tmp.N7xrgnv6Od$ cat /krypton/krypton2/krypton3 | tr a-zA-Z o-za-nO-ZA-NCAESARISEASY

Krypton Level 3 → Level 4

Level Info

Well done. You’ve moved past an easy substitution cipher.

The main weakness of a simple substitution cipher is repeated use of a simple key. In the previous exercise you were able to introduce arbitrary plaintext to expose the key. In this example, the cipher mechanism is not available to you, the attacker.

However, you have been lucky. You have intercepted more than one message. The password to the next level is found in the file ‘krypton4’. You have also found 3 other files. (found1, found2, found3)

You know the following important details:

The message plaintexts are in English (*** very important) — They were produced from the same key (*** even better!)

Enjoy.

apsychogirl@dell~ ssh krypton3@krypton.labs.overthewire.org -p 2231

Again we’ll move to the directory /krypton/krypton3 immediately to see how we can start from there.

krypton3@krypton:~$ cd /krypton/krypton3
krypton3@krypton:/krypton/krypton3$ ls
found1  found2  found3  HINT1  HINT2  krypton4  README

If we try to see the krypton4 file

krypton3@krypton:/krypton/krypton3$ cat krypton4 
KSVVW BGSJD SVSIS VXBMN YQUUK BNWCU ANMJS

If I try to cat other files, they contain similar texts

krypton3@krypton:/krypton/krypton3$ cat found1

In the directory there are found1, found2 and found3 files which are encrypted using same key. These files contains the encrypted text like krypton4.

Using these files and an automated cryptogram solver quipquip, we can crack the password.

Paste all the content of all the three files altogether in quipquip and some readable data was found.

Now in another tab I tried putting up the content of krypton4 but got multiple combinations of results.

Since the quipquip produced only one output when we ran it with the content of found1, found2 and found3. So we can add the content of krypton4 with the content of these files. We have added the content of krypton4 file at the end, so our password will be at the end. The decrypted text at the end is DONE THE LEVEL FOUR PASSWORD IS BRUTE. So password for next level is BRUTE .

Krypton Level 4 → Level 5

Level Info

Good job!

You more than likely used some form of FA and some common sense to solve that one.

So far we have worked with simple substitution ciphers. They have also been ‘monoalphabetic’, meaning using a fixed key, and giving a one to one mapping of plaintext (P) to ciphertext ©. Another type of substitution cipher is referred to as ‘polyalphabetic’, where one character of P may map to many, or all, possible ciphertext characters.

An example of a polyalphabetic cipher is called a Vigenère Cipher. It works like this:

If we use the key(K) ‘GOLD’, and P = PROCEED MEETING AS AGREED, then “add” P to K, we get C. When adding, if we exceed 25, then we roll to 0 (modulo 26).

P P R O C E E D M E E T I N G A S A G R E E D\
K G O L D G O L D G O L D G O L D G O L D G O\

becomes:

P 15 17 14 2 4 4 3 12 4 4 19 8 13 6 0 18 0 6 17 4 4 3\
K 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14\
C 21 5 25 5 10 18 14 15 10 18 4 11 19 20 11 21 6 20 2 8 10 17\

So, we get a ciphertext of:

VFZFK SOPKS ELTUL VGUCH KR

This level is a Vigenère Cipher. You have intercepted two longer, english language messages. You also have a key piece of information. You know the key length!

For this exercise, the key length is 6. The password to level five is in the usual place, encrypted with the 6 letter key.

Have fun!

apsychogirl@dell~ ssh krypton4@krypton.labs.overthewire.org -p 2231

As usual, heading to /krypton/krypton4 directory

krypton4@krypton:~$ cd /krypton/krypton4
krypton4@krypton:/krypton/krypton4$ ls
found1  found2  HINT  krypton5  README
krypton4@krypton:/krypton/krypton4$ cat krypton5 
HCIKV RJOX

Now let’s check the cipher text! We also know that the pass is of 6 characters. Using @ http://f00l.de/hacking/vigenere.php to decrypt the pass

First using the content of file found1

We got the Key: frekey now let’s decrypt the pass!

Got the pass -> CLEARTEXT

Krypton Level 5 → Level 6

Level Info

FA can break a known key length as well. Lets try one last polyalphabetic cipher, but this time the key length is unknown.

Enjoy.

This challenge is same as challenge 4 but now we don’t know about the length of the key. So we need to guess it :))

We have the cipher. Let’s try the same website as of before!

Analysing the above two keys : KEYLENGTH is the actual key that we were trying to find out.

Using the above key to decrypt the pass in file krypton4

So our pass is : RANDOM

And we completed this one….

Infosec
Krypton
War Games
Bandit
Linux

--

--

Megha Kumari

Written by Megha Kumari

34 Followers

Linux gal + Currently DevOps Engineer @ Virsec

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams