Level 3 Username : krypton3 Password : CAESARISEASY SSH : krypton.labs.overthewire.org:2222
Well done. You’ve moved past an easy substitution cipher.
The main weakness of a simple substitution cipher is repeated use of a simple key. In the previous exercise you were able to introduce arbitrary plaintext to expose the key. In this example, the cipher mechanism is not available to you, the attacker.
However, you have been lucky. You have intercepted more than one message. The password to the next level is found in the file ‘krypton4’. You have also found 3 other files. (found1, found2, found3)
You know the following important details:
The message plaintexts are in English (*** very important) – They were produced from the same key (*** even better!)
To solve this level, we first ssh into the krypton3 server using the credentials provided above.
We can see the content of the files and the hints given. On looking into the frequency of letters in english text, I came across the following image:
To understand the frequency of letters in the found files, I wrote a small python module to find it.
As we can see above, the letter “S” seems to be the most occurring letter in all the three files followed closely by letters “Q” and “J”. While searching for most common two letter words in english, I came across this link. Based on this, we now know the frequency of two letter words and three letter words. We can use this information to complete a mapping of ciphertext letters to plaintext letters.
Ciphertext : a b c d e f g h i j k l m n o p q r s t u v w x y z Plaintext : b o i h g k n q v t w y u r x z a j e m s l d f p c
Based on the above mapping, we can decrypt the password file.
” WELL DONE THE LEVEL FOUR PASSWORD IS BRUTE ”
Level 4 Username : krypton4 Password : BRUTE SSH : krypton.labs.overthewire.org:2222