OTW – Krypton

These are security problems from OverTheWire. Krypton is a collection of challenges that teaches simple cryptography encoding and methods.

Krypton Level 2 → Level 3

Level Info

Substitution ciphers are a simple replacement algorithm. In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. Monoalphebetic means, literally, “one alphabet” and you will see why.

This level contains an old form of cipher called a ‘Caesar Cipher’. A Caesar cipher shifts the alphabet by a set number. For example:

plain:  a b c d e f g h i j k ... 
cipher: G H I J K L M N O P Q ...

In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so, for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.

The password for level 3 is in the file krypton3. It is in 5 letter group ciphertext. It is encrypted with a Caesar Cipher. Without any further information, this cipher text may be difficult to break. You do not have direct access to the key, however you do have access to a program that will encrypt anything you wish to give it using the key. If you think logically, this is completely easy.

One shot can solve it!

Have fun.

First, we need to find this ‘krypton3’ file using find again. As you can see, the pattern of the file, we’ll omit this from now on.

find / -type f -name krypton3 2</dev/null

cat /games/krypton/krypton2/krypton3

From the level info, we should use encrypt binary to find out how many characters shifted in the cipher. However, there is a permission issue, but we can copy encrypt to another directory if we have permission to write. One such area is /tmp. Create a directory (e.g. abc/) and copy encrypt into it.  Now when we execute encrypt with a file contain all the alphabet in order (let’s call this file alphabet), it will say it can’t find keyfile.dat. However, we can’t copy it because we don’t have read permission. We create a fake keyfile.dat by copying the alphabet file. Finally, execute encrypt with alpha will create another file call ciphertext in the same directory. The file contain the key


Put this as a key string in our script.

echo $cipher | tr $key $alpha

Using this in our script to translate from the key to the alphabet with the ciphertext (krypton3) will return the original plaintext. The output give us the correct password for level 3.


Additional Reference:


Krypton Level 1 → Level 2

Level Info

The password for level 2 is in the file ‘krypton2’. It is ‘encrypted’ using a simple rotation. It is also in non-standard ciphertext format. When using alpha characters for cipher text it is normal to group the letters into 5 letter clusters, regardless of word boundaries. This helps obfuscate any patterns. This file has kept the plain text word boundaries and carried them to the cipher text. Enjoy!

First, we need to find this ‘krypton2’ file. Using find, we see 1 files (-type f) with the same name (-name).

find / -type f -name krypton2 2</dev/null

cat /games/krypton/krypton1/krypton2

Another clue is that this cipher is encrypted using a simple rotation. The most notable rotation cipher is rot13. So I wrote a simple bash script to implement rot13 to test a rotation cipher and intended to use it to check all rotation possibility. Little did I know that rot13 is the correct answer.


echo $alpha
echo $cipher


echo $rot
echo $cipher | tr $alpha $rot

The output give us the correct password for level two.


Additional Reference:

Krypton Level 0 → Level 1

Level Info

Welcome to Krypton! The first level is easy. The following string encodes the password using Base64:


Use this password to log in to krypton.labs.overthewire.org with username krypton1 using SSH. You can the files for other levels in /krypton/

Simple python program to convert Base64 to ascii.

import binascii

print (binascii.a2b_base64(s))

Running the program will result in the following output and using this password to login to level1 with ssh.

python krypton1.py

ssh krypton1@krypton.labs.overthewire.org

Let do this in bash as well since we will be working in the terminal a lot in these challenges.

echo $s | base64 --decode

Additional Reference: