krypton 0——> krypton 1
关卡提示:Welcome to Krypton! The first level is easy. The following string encodes the password using Base64:
S1JZUFRPTklTR1JFQVQ=
Use this password to log in to krypton.labs.overthewire.org with username krypton1 using SSH on port 2222. You can find the files for other levels in /krypton/
和bandit的方式一样,ssh登录即可,密码为“S1JZUFRPTklTR1JFQVQ=”的base64解码的值。切到/krypton目录下,可以看相关的文件。
krypton 1——> krypton 2
关卡提示:The password for level 2 is in the file ‘krypton2’. It is ‘encrypted’ using a simple rotation. It is also in non-standard ciphertext format. When using alpha characters for cipher text it is normal to group the letters into 5 letter clusters, regardless of word boundaries. This helps obfuscate any patterns. This file has kept the plain text word boundaries and carried them to the cipher text. Enjoy!
进入krypton1的目录下,查看文件发现krypton2和 README,打开krypton2得到如下字符:
YRIRY GJB CNFFJBEQ EBGGRA
由README知道是ROT13加密,可以使用之前bandit11的解码命令。或者搜索一个ROT13的解码网站。
echo YRIRY GJB CNFFJBEQ EBGGRA | tr 'a-zA-Z' 'n-za-mN-ZA-M'
这里我选用的是命令解码。
得到结果为:
LEVEL TWO PASSWORD ROTTEN
krypton 2——> krypton 3
关卡提示:ROT13 is a simple substitution cipher.
Substitution ciphers are a simple replacement algorithm. In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. Monoalphebetic means, literally, “one alphabet” and you will see why.
This level contains an old form of cipher called a ‘Caesar Cipher’. A Caesar cipher shifts the alphabet by a set number. For example:
plain: a b c d e f g h i j k …
cipher: G H I J K L M N O P Q …
In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so, for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.
The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy.
One shot can solve it!
Have fun.
Additional Information:
The encrypt binary will look for the keyfile in your current working directory. Therefore, it might be best to create a working direcory in /tmp and in there a link to the keyfile. As the encrypt binary runs setuid krypton3, you also need to give krypton3 access to your working directory.
Here is an example:
krypton2@melinda:~$ mktemp -d
/tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:~$ cd /tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ln -s /krypton/krypton2/keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls