Krypton · OverTheWire

Krypton Level 3 → Level 4

Level 3

Username : krypton3

Level Info

Well done. You’ve moved past an easy substitution cipher.

The main weakness of a simple substitution cipher is repeated use of a simple key. In the previous exercise you were able to introduce arbitrary plaintext to expose the key. In this example, the cipher mechanism is not available to you, the attacker.

However, you have been lucky. You have intercepted more than one message. The password to the next level is found in the file ‘krypton4’. You have also found 3 other files. (found1, found2, found3)

You know the following important details:

The message plaintexts are in English (*** very important) – They were produced from the same key (*** even better!)


To solve this level, we first ssh into the krypton3 server using the credentials provided above.

Screenshot from 2017-07-20 22-38-00.png

Screenshot from 2017-07-20 22-38-26.png

We can see the content of the files and the hints given. On looking into the frequency of letters in english text, I came across the following image:

7-21-2017 1-47-52 PM.png

To understand the frequency of letters in the found files, I wrote a small python module to find it.

Screenshot from 2017-07-21 13-42-23.png

As we can see above, the letter “S” seems to be the most occurring letter in all the three files followed closely by letters “Q” and “J”. While searching for most common two letter words in english, I came across this link.  Based on this, we now know the frequency of two letter words and three letter words. We can use this information to complete a mapping of ciphertext letters to plaintext letters.

Ciphertext    : a b c d e f g h i j k l m n o p q r s t u v w x y z
Plaintext     : b o i h g k n q v t w y u r x z a j e m s l d f p c

Based on the above mapping, we can decrypt the password file.


Level 4

Username : krypton4
Password : BRUTE
SSH : 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s