Read the question carefully.
1. SSH into the server with username as krypton1 and password as KRYPTONISGREAT
$ ssh email@example.com -p 2231
2. The next step is to find the file upon which we’ll be practising. This information is provided in the previous level. So lets hop onto the location.
$ cd /krypton/
$ cd krypton1
3. Reading the README file gives us the answer to try skipping that and directly cat the other file
$ cat krypton2
OUTPUT: YRIRY GJB CNFFJBEQ EBGGRA
4. With practice you’ll be able to recognize this cipher. Also you can use an online service called boxentriq for recognizing the cipher. It’ll also help you in breaking it. As of now the cipher is rot13 which is a caesar cipher with key as 13. The way rot13 works is that it adds 13 to every character. Its decrpytion is also very simple, just add 13 again to every character. Here you can use the translate command to decrypt it although I again went to CyberChef and decrypted it there.
$ echo “YRIRY GJB CNFFJBEQ EBGGRA” | tr “a-zA-Z” “n-za-mN-ZA-M”
OUTPUT: LEVEL TWO PASSWORD ROTTEN
5. So the password of the next level is ROTTEN
README file has all your answers
1. SSH into the server with username as krypton2 and password as ROTTEN
$ ssh firstname.lastname@example.org -p 2231
2. Similar to the previous level we’ll move into the required directory
$ cd /krypton/krypton2
3. Here you’ll see the following files
encrypt – This is the algorithm which converts plaintext to cipher text.
krypton3 – This contains the ciphertext which will provide us the password for the next level
keyfile.dat – This should have contained the key for the algorithm but is now empty
README – This explains the question.
4. Bear with me for a minute as I try to explain the whole question to you. The encrypt has the usage: encrypt plaintext_file. When the encrypt command runs it uses the aforementioned file as plaintext and converts it to a cipher and places it in ciphertext file with the help of keyfile.dat which must contain the key for it to work. Now the readme file gives us an example in which it converts /etc/issue to ciphertext. Opening this will along with the krypton3 file would provide us the answer to this question.
/etc/issue: D e v u a n
krypton3: O M Q E M D
Now the issue file is the plaintext and the krypton3 file is the ciphertext for some other plaintext. But in both cases the key was same. Here every character krypton3 can be obtained by adding 12 to every character in issue file.
/etc/issue: D e v u a n
+12 +12 +12 +12 +12 +12
= = = = = =
krypton: O M Q E M D
5. So the key here is +12. Now you can manually decrypt the ciphertext OMQEMDUEQMEK by subtracting 12 from every character. This will give us the output as CAESARISEASY.
6. You can also solve this using any online utility which would bruteforce the ciphertext to obtain the answer.
7. So the password for the next level is CAESARISEASY.
Stay away from hint 2.
1. SSH into the server with username as krypton3 and password as CAESARISEASY
$ ssh email@example.com -p 2231
2. Having moved to the required directory I read the found files and krypton4 and my first step was to assume it to be a caesar cipher and thus brute forced it but this was not the case. The next step was to assume that every alphabet has been randomly mapped to another alphabet and try frequency analysis as the amount of text provided to me was very large making it a viable option. So I looked upon google and found the frequency distribution table for the english alphabets on wikipedia.
|Frequency Analysis of Image Analysis|
3. Then I performed frequency analysis on found1 text using dcode and changed the analysed characters with the characters provided in the above image according to there frequency on Boxentriq. It was something like shown below.
a b c d e f g h i j k l m n o p q r s t u v w x y z
b o i h j k n q v t w y u r x z a j e m s l d f p c
INPUT: K S V V W B G S J D S V S I S V X B M N Y Q U U K B N W C U A N M J S
OUTPUT: w e l l d o n e t h e l e v e l f o u r p a s s w o r d i s b r u t e
4. This gave us the password for level 4: BRUTE
1. Don’t bother trying to crack in manually.
1. SSH into the server with username as krypton4 and password as BRUTE
$ ssh firstname.lastname@example.org -p 2231
2. I looked a lot on google regarding the techniques to manually solve a vignere cipher but trust me the manual method is too tiring. The best approach is to use an online vignere cipher cracking tool and get it done with. So i used my favourite boxentriq but you can also try dcode, guballa or anything else that you prefer. By using these tools the key was reported to be frekey and this process was over in under a second. Pretty cool right.
3. Using frekey as the key I decrypted the krypton5 file and the result was CLEAR TEXT.
4. So the password for the next level is CLEARTEXT
1. Don’t bother trying to crack in manually.
1. SSH into the server with username as krypton5 and password as CLEARTEXT
$ ssh email@example.com -p 2231
2. Same as the previous level I used boxentriq to crack the vignere cipher and the key was returned as keylength. Then I used it to decode the ciphertext obtained from krypton6 file.
3. The password for the next level is RANDOM
Don’t bother trying to crack in manually.
1. SSH into the server with username as krypton6 and password as RANDOM
$ ssh firstname.lastname@example.org -p 2231
2. The encrypt program converts the plaintext to ciphertext with the help of a key which is placed in keyfile.dat. It has the following syntax: ./encrypt plaintext ciphertext
3. The first thing I tried is added lots of A’s into a file and encrypted it. Then did the same with B’s and the same with C’s. The output were as follows:
4. What i noticed here is that the first character from A file is same as that of B file with an addition of 1. And same goes with C. Also the characters repeat after a certain length
A: E I C T D G Y I Y Z K T H N S I R F X Y C P F U E O C K R N
B: F J D U E H Z J Z A L U I O T J S G Y Z D Q G V F P D L S O
C: G K E V F I A K A B M V J P U K T H Z A E R H W G Q E M T P
5. See. Every character is +1 the other character in a column.
6. So i used this concept and determined the number of positions changed when the plaintext of A’s was converted to its ciphertext.
A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
E I C T D G Y I Y Z K T H N S I R F X Y C P F U E O C K R N
+4 +8 +2 +19 +3 +6 +24 +8 +24 +25 +10 +19 +7 +13 +18 +8 +17 +5 +23 +24 +2 +15 +5 +20 +4 +14 +2 +10 +17 +13
7. Then I used these numbers to obtain the plaintext for the ciphertext PNUKLYLWRQKGKBE
P N U K L Y L W R Q K G K B E
-4 -8 -2 -19 -3 -6 -24 -8 -24 -25 -10 -19 -7 -13 -18
L F S R I S N O T R A N D O M
8. Although I did this manually but I feet that an automated approach would have been cleaner using some sort of programming language. Try doing it with one.
9. The last level has been completed and the password obtained is LFSRISNOTRANDOM.