circusmonkey404's Security Site

Krypton 5 Objectives FA can break a known key length as well. Lets try one last polyalphabetic cipher, but this time the key length is unknown. Enjoy. Solution I used the same code break website to get the key https://www.guballa.de/vigenere-solver key: keylenght Krypton6 contains BELOS Z decrypted ​random

Krypton 4 Objectives You more than likely used some form of FA and some common sense to solve that one. So far we have worked with simple substitution ciphers. They have also been ‘monoalphabetic’, meaning using a fixed key, and giving a one to one mapping of plaintext (P) to ciphertext (C). Another type of substitution cipher is referred to as ‘polyalphabetic’, where one character of P may map to many, or all, possible ciphertext characters. An example of a polyalphabetic cipher is called a Vigenère Cipher. It works like this: If we use the key(K) ‘GOLD’, and P = PROCEED MEETING AS AGREED, then “add” P to K, we get C. When adding, if we exceed 25, then we roll to 0 (modulo 26). P P R O C E E D M E E T I N G A S A G R E E D\ K G O L D G O L D G O L D G O L D G O L D G O\ becomes: P 15 17 14 2 4 4 3 12 4 4 19 8 13 6 0 18 0 6 17 4 4 3\ K 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14\ C 21 5 25 5 10 18 14 15 10 18 4 11 19 20 11 21 6 20 2 8 10 17\ So, we get a ciphertext of: VF

Krypton 3 Objectives Well done. You’ve moved past an easy substitution cipher. The main weakness of a simple substitution cipher is repeated use of a simple key. In the previous exercise you were able to introduce arbitrary plaintext to expose the key. In this example, the cipher mechanism is not available to you, the attacker. However, you have been lucky. You have intercepted more than one message. The password to the next level is found in the file ‘krypton4’. You have also found 3 other files. (found1, found2, found3) You know the following important details: The message plaintexts are in English (*** very important) - They were produced from the same key (*** even better!) Solution ok so I used a bit of a cheat on this one, but as long as I have the internet available might as well use it right? I used the encrypted text of found2 a plugged it into a decrypter which used letter frequency to find the mono-alphabetic key for the text and found this is the key for t

Krypton 2 Objectives The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy. Solution ok so the first thing we did was link the file in a temp directory krypton2@krypton:/krypton/krypton2$ mkdir /tmp/asmithkryp2 krypton2@krypton:/krypton/krypton2$ cd /tmp/asmithkryp2 krypton2@krypton:/tmp/asmithkryp2$ ln -s /krypton/krypton2/keyfile.dat  Then we changed the permissions for everyone to have access to the file krypton2@krypton:/tmp/asmithkryp2$ chmod 777 . just like the example on the website now we want to create a file that we will use to run the encrypt binary against krypton2@krypton:/tmp/asmithkryp2$ echo "abcdefghijklmnopqrstuvwxyz"

Krypton 1 Objectives The password for level 2 is in the file ‘krypton2’. It is ‘encrypted’ using a simple rotation. It is also in non-standard ciphertext format. When using alpha characters for cipher text it is normal to group the letters into 5 letter clusters, regardless of word boundaries. This helps obfuscate any patterns. This file has kept the plain text word boundaries and carried them to the cipher text. Enjoy! Solution So from the description its sounds like a Cesar cipher lets cat the file to see what it contains krypton1@krypton:/krypton/krypton1$ cat krypton2 YRIRY GJB CNFFJBEQ EBGGRA I'm guessing just on experience that is probably a 13 shift Cesar cipher other wise know as ROT13 let echo it and pipe it in to the translate command echo "YRIRY GJB CNFFJBEQ EBGGRA" | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' LEVEL TWO PASSWORD ROTTEN

Krypton 0 Objectives Welcome to Krypton! The first level is easy. The following string encodes the password using Base64: S1JZUFRPTklTR1JFQVQ= Use this password to log in to krypton.labs.overthewire.org with username krypton1 using SSH on port 2222. You can find the files for other levels in /krypton/ Soltuion So here we have a base64 encoded string for the password for level 1 we are going to use the base64 -d decoding built into my os echo S1JZUFRPTklTR1JFQVQ= | base64 -d KRYPTONISGREAT​ pretty simple