OverTheWire — Krypton (Cryptography) Challenges

Just started solving the krypton challenges and loving them as they have been so nicely designed and there is ton of learning outcomes especially when it comes to mastering the concepts of crypto algos (to some extent) and also mastering the commands to do your work in seconds.

The challenges can be found @ http://overthewire.org/wargames/krypton/

Let’s begin solving the challenges!

Level 0

This level is pretty simple all we need is to log into the system via ssh and the password is encrypted by base64 algorithm. Remember the command to decrypt?

Well, that was easy. Right?

Level 1

The password for the level 2 is present in the krypton2 file and is encrypted. We need to get it resolved to plain text. The encryption was ROT13.

That was pretty easy too!

Level 2

This level is bit advance than the previous one. Once we are logged into the system via SSH we are provided with different files and encrypt program which turns a plain text into a ciphertext.

Let’s try reading the README file.

According to this file this level is about Caesar Cipher and also we have ben provided with the example.

Let’s move everything to a temporary folder.

It’s time to see how the plain text is being converted into the Caesar Cipher. I’ve added “ABC” to a keyfile and ran the ./encrypt on it. The result shows that “ABC” was converted into “MNO”.

The things become clear. Now all we need is to car the encrypted key and pass it to “tr” command according to the method being used by “encrypt” program to perform encryption.

That’s all. We got the password!

Level 3

Let’s look onto the README file.

We are provided with 2 hints and 3 found files. All three found files contains the cipher text and were created from the same key. The hints are as follows.

Now all we need is to solve this challenge!

Learning Resources

https://en.wikipedia.org/wiki/Frequency_analysis

https://www.cryptool.org/en/jct-downloads/stable

https://crypto.interactive-maths.com/frequency-analysis-breaking-the-code.html

https://learncryptography.com/attack-vectors/frequency-analysis

http://www.richkni.co.uk/php/crypta/freq.php

The frequency of English letters is given as below.

This tells the frequency of the letters in ENGLISH communication that how much of these words occur (percentage given). Let’s check the percentage of the characters in found1.

As the letter “s” has occurred the most we can say that it is substituted by “e”. “c” by “t” and so on. But this will not be giving us the exact information of the key. There can be multiple results. So let’s try to look for the combination of 3.

We can conclude that “JDS” == “the”. Let’s try to find out all the substitutions.

We can see that we have got the key. Now all we need is to pass this to “tr” command and we are done with the challenge!

We are done with the challenge!

Level 4

This challenge is all about Vigenère Cipher. Let’s read the README

Now let’s check the cipher text! We also know that the pass is of 6 characters. Using @ http://f00l.de/hacking/vigenere.php to decrypt the pass

We got the Key: frekey now let’s decrypt the pass!

We have successfully decrypted the password!

Level 5

This challenge is same as challenge 4 but now we don’t know about the length of the key. So we need to guess it :))

We have the cipher. Let’s try the same website as of before!

The key we got is “xeylencth” suppose it is “keylength” and let’s try to decrypt everything!

We finally got it and the password is “RANDOM”.

Level 6

So we made it finally to the last level. In this level we are provided with a stream cipher! and some files in the directory!

We are going to solve this challenge in the same we we did the challenge two.

When we try to use the encrypt program on the file we can see that the pattern is being replicated each after 30 characters. So we can easily break it.

A simple python script to do all of our work!

That’s all for these challenges. It was fun learning more about cryptography and they way they can be solved.

NOTE: There can be more ways to solve these challenges although the techniques shared in this article are the one which i have used to solve these challenges!

Thanks for reading :)

Cyber Security Enthusiast