Introduction ????????
In this post, You will learn how to CTF the Krypton challenge from over the wire and below is the video format of the post, do check that also.
To view the Krypton challenge go to [OTW] by clicking here ????????
Video
Let’s Hack Krypton
Before we get into the content if you have any doubts you can comment down below or you can watch the youtube video made for you guys ❤️
Advertisement
Krypton Level 0 – Level 1
To complete the first level of the Krypton wargame on OverTheWire, you will need to do the following:
ssh krypton1@krypton.labs.overthewire.org -p 2231
It will ask for the password to find that, We have to decrypt the string in base64.
echo "S1JZUFRPTklTR1JFQVQ=" | base64 -d Password: KRYPTONISGREAT
Now we can enter the password and move on to next level.
Krypton Level 1 – Level 2
On the OTW site, it clearly says we can access the next-level password using the /krypton directory. Which means there is a hidden directory.
cd /krypton ls cd krypton1 cat README cat krypton2
I have wrote a simple python code to rotate the letters and to find the proper password here it is.
import string
charset = string.ascii_uppercase
enc = "YRIRY GJB CNFFJBEQ EBGGRA"
for k in range(26):
dec = ""
for c in enc:
if c in charset:
idx = charset.find(c)
idx += k
if idx >= len(charset):
idx -= len(charset)
elif idx < 0:
idx += len(charset)
dec += charset[idx]
else:
dec = dec + c
print(dec)
Seemingly these are the only English words LEVEL TWO PASSWORD ROTTEN.
password: ROTTEN
Krypton Level 2 – Level 3
For this level we should enumerate the /krypton/krypton2/krypton3 files
cat /krypton/krypton2/krypton3 OMQEMDUEQMEK
We can use the previous python script to find the password.
import string
charset = string.ascii_uppercase
enc = "OMQEMDUEQMEK"
for k in range(26):
dec = ""
for c in enc:
if c in charset:
idx = charset.find(c)
idx += k
if idx >= len(charset):
idx -= len(charset)
elif idx < 0:
idx += len(charset)
dec += charset[idx]
else:
dec = dec + c
print(dec)
Seems CAESARISEASY is an English word.
Krypton Level 3 – Level 4
Let’s open the below directory so that we will find a string which is encrypted. In this level we are going to do a frequency analysis test.
cd /krypton/krypton3 ls cat krypton4
I have created a python script to find the frequency and sort out…
import string
ciphertext = "KSVVWBGSJDSVSISVXBMNYQUUKBNWCUANMJS"
#engligh_freq = "ETAOINSHRDLCUMWFGYPBVKJXQZ"
modified_freq = "EQTSORINHCLDUPMFWGYBKVXQJZ"
ciphert_freq = "SQJUBNCGDZVWMYTXKELAFIOHRP"
cleartext = ''
for l in ciphertext:
i = ciphert_freq.index(l)
cleartext += modified_freq[i]
print(cleartext)
Password: BRUTE
Krypton Level 4 – Level 5
For the next level we are using the Vigenère square or the table.
cd /krypton/krypton4 ls cat krypton5
Now, all we have to do is to write a script that :
- Create 6 Strings containing respectively all the 1st, 2nd, 3rd, 4th, 5th and 6th chars of a ciphertext
- Do every Caesar shifts on each of those strings
- Do frequency analysis on each of the Caesar shift results
import string
def split(key_length, ciphertext):
res = []
for x in range(key_length):
tmp_str = ''
for c in range(x, len(ciphertext), key_length):
tmp_str += ciphertext[c]
res.append(tmp_str)
return res
def caesar(ciphertext, shift):
charset = string.ascii_uppercase
dec = ""
for c in ciphertext:
if c in charset:
idx = charset.find(c)
idx += shift
if idx >= len(charset):
idx -= len(charset)
elif idx < 0:
idx += len(charset)
dec += charset[idx]
else:
dec = dec + c
return dec
def frequency(text):
letter_freq = {}
for c in string.ascii_uppercase:
letter_freq[c] = 0
for l in text:
if l in string.ascii_uppercase:
letter_freq[l] +=1
s = [(k, letter_freq[k]) for k in sorted(letter_freq, key=letter_freq.get, reverse=True)]
return s
charset = string.ascii_uppercase
engligh_freq = "ETAOINSHRDLUCMWFYGPBVKXJQZ"
# Too long. Result of cat found1 | sed 's/ //g'
ciphertext = "... snip ..."
key_length = 6
data = split(key_length, ciphertext)
key = ''
for line in data:
for shift in range(26):
t = caesar(line, shift)
if frequency(t)[0][0] == 'E':
c = charset.find(line[0])
c -= charset.find(t[0])
c %= len(charset)
key += charset[c]
print(key)
Which will give an output of FREAKY if we decrypt using the Vigenère square table then we will get the actual password.
Password: CLEARTEXT
Krypton Level 5 – Level 6
For this level we are using the previous script as well.
cd /krypton/krypton5 ls cat krypton6
Which will given an output of XEYLENCTH which seems to be like the KEYLENGTH
Password: RANDOM
Krypton Level 6 – Level 7
For this level let’s just enumerate and play around.
cd /krypton/krypton6 ls cat krypton7
Let’s try to encrypt a cleartext of our choice.
python3 -c 'print("A" * 40)' > /tmp/plain.txt
./encrypt6 /tmp/plain.txt /tmp/cipher.txt
cat /tmp/cipher.txt
For after 30 character the string repeats itself.
So I wrote the below script to find the password.
crypt = 'EICTDGYIYZKTHNSIRFXYCPFUEOCKRN'
ciphertext = "PNUKLYLWRQKGKBE"
for i in range(len(ciphertext)):
k = ord(ciphertext[i]) - ord(crypt[i])
if k < 0: k += 26
k += ord('A')
print(chr(k), end='')
The password is LFSRISNOTRANDOM
Conclusion
According to me, it is one of the easiest challenges I have come across and hope you like the post. See you guys in the next post.
Advertisement
