[ Docker ] Krypton Wargame 만들기 - 2번 문제 ( 4 / 8 )

1. Krypton2 목표

ROT13 is a simple substitution cipher.

Substitution ciphers are a simple replacement algorithm.
In this example of a substitution cipher, we will explore a ‘monoalphebetic’ cipher. 
Monoalphebetic means, literally, “one alphabet” and you will see why.

This level contains an old form of cipher called a ‘Caesar Cipher’.
A Caesar cipher shifts the alphabet by a set number. For example:

plain:  a b c d e f g h i j k ...
cipher: G H I J K L M N O P Q ...
In this example, the letter ‘a’ in plaintext is replaced by a ‘G’ in the ciphertext so,
for example, the plaintext ‘bad’ becomes ‘HGJ’ in ciphertext.

The password for level 3 is in the file krypton3.
It is in 5 letter group ciphertext.
It is encrypted with a Caesar Cipher.
Without any further information, this cipher text may be difficult to break.
You do not have direct access to the key, 
however you do have access to a program that will encrypt anything you wish to give it using the key.
If you think logically, this is completely easy.

One shot can solve it!

Have fun.

Additional Information:

The encrypt binary will look for the keyfile in your current working directory.
Therefore, it might be best to create a working direcory in /tmp and in there a link to the keyfile.
As the encrypt binary runs setuid krypton3, you also need to give krypton3 access to your working directory.

Here is an example:

krypton2@melinda:~$ mktemp -d
/tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:~$ cd /tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ln -s /krypton/krypton2/keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ chmod 777 .
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ /krypton/krypton2/encrypt /etc/issue
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
ciphertext  keyfile.dat

 

2. Krypton2 구현

# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2231

mkdir -p /krypton/krypton2

echo OMQEMDUEQMEK > /krypton/krypton2/krypton3

echo MNOPQRSTUVWXYZABCDEFGHIJKL > /krypton/krypton2/keyfile.dat

cat <<'EOF' > /krypton/krypton2/README
Krypton 2

ROT13 is a simple substitution cipher.

Substitution ciphers are a simple replacement algorithm.  In this example
of a substitution cipher, we will explore a 'monoalphebetic' cipher.
Monoalphebetic means, literally, "one alphabet" and you will see why.

This level contains an old form of cipher called a 'Caesar Cipher'.
A Caesar cipher shifts the alphabet by a set number.  For example:

plain:	a b c d e f g h i j k ...
cipher:	G H I J K L M N O P Q ...

In this example, the letter 'a' in plaintext is replaced by a 'G' in the
ciphertext so, for example, the plaintext 'bad' becomes 'HGJ' in ciphertext.

The password for level 3 is in the file krypton3.  It is in 5 letter
group ciphertext.  It is encrypted with a Caesar Cipher.  Without any
further information, this cipher text may be difficult to break.  You do
not have direct access to the key, however you do have access to a program
that will encrypt anything you wish to give it using the key.
If you think logically, this is completely easy.

One shot can solve it!

Have fun.

Additional Information:

The `encrypt` binary will look for the keyfile in your current working
directory. Therefore, it might be best to create a working direcory in /tmp
and in there a link to the keyfile. As the `encrypt` binary runs setuid
`krypton3`, you also need to give `krypton3` access to your working directory.

Here is an example:

krypton2@melinda:~$ mktemp -d
/tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:~$ cd /tmp/tmp.Wf2OnCpCDQ
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ln -s /krypton/krypton2/keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
keyfile.dat
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ chmod 777 .
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ /krypton/krypton2/encrypt /etc/issue
krypton2@melinda:/tmp/tmp.Wf2OnCpCDQ$ ls
ciphertext  keyfile.dat

EOF

chown krypton2:krypton2 /krypton/krypton2/krypton3

chown krypton2:krypton2 /krypton/krypton2/README

chmod 640 /krypton/krypton2/krypton3

chmod 640 /krypton/krypton2/README

# krypton3 유저를 생성하여 준다.
useradd krypton3 && echo -e "CAESARISEASY\nCAESARISEASY" | passwd krypton3

echo 'CAESARISEASY' > /etc/krypton_pass/krypton3

chown krypton3:krypton3 /etc/krypton_pass/krypton3

chmod 400 /etc/krypton_pass/krypton3

chown krypton3:krypton3 /krypton/krypton2/keyfile.dat

chmod 640 /krypton/krypton2/keyfile.dat

cat <<'EOF' > /tmp/encrypt.c
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>

char shift_char(char c)
{
    if (c >= 'A' && c <= 'Z')
    {
        return (c - 'A' + 12) % 26 + 'A';
    }
    else if (c >= 'a' && c <= 'z')
    {
        return (c - 'a' + 12) % 26 + 'a';
    }
    return '\0';
}

int main(int argc, char *argv[])
{
    if (argc != 2)
    {
        puts("\n usage: encrypt foo  - where foo is the file containing the plaintext");
        exit(-1);
    }

    FILE *inputFile, *outputFile, *keyFile;
    char *inputPath = argv[1];
    char *outputPath = "ciphertext";
    char *keyFilePath = "keyfile.dat";

    keyFile = fopen(keyFilePath, "r");
    if (keyFile == NULL)
    {
        puts("failed to open keyfile");
        exit(-1);
    }

    inputFile = fopen(inputPath, "r");
    if (inputFile == NULL)
    {
        puts("failed to open plaintext");
        exit(-1);
    }

    outputFile = fopen(outputPath, "w");
    if (outputFile == NULL)
    {
        puts("failed to create cipher file");
        return 1;
    }

    int c;
    while(!feof(inputFile))
    {
        c = fgetc(inputFile);
        if (c == EOF)
        {
            break;
        }

        char shifted = shift_char(toupper(c));
        if (shifted != '\0')
        {
            fputc(shifted, outputFile);
        }
    }

    return 0;
}
EOF

gcc -o /krypton/krypton2/encrypt /tmp/encrypt.c

chown krypton3:krypton2 /krypton/krypton2/encrypt

chmod 4750 /krypton/krypton2/encrypt

 

3. Krypton2 문제풀의

# 비밀번호 : ROTTEN
# ssh krypton2@krypton.labs.overthewire.org -p 2231
ssh krypton2@localhost -p 2231

# 설명 파일 확인
cat /krypton/krypton2/README | grep 'a Caesar'

TMP_DIR=$(mktemp -d)

cd $TMP_DIR

chmod 777 $TMP_DIR

echo -e 'abcdefghijklmnopqrstuvwxyz\nABCDEFGHIZKLMNOPQRSTUVWXYZ\n0123456789' > $TMP_DIR/plaintext

ltrace /krypton/krypton2/encrypt $TMP_DIR/plaintext

ln -s /krypton/krypton2/keyfile.dat

/krypton/krypton2/encrypt $TMP_DIR/plaintext

# a-z 값이 M-ZA-L 로
# 줄 바꿈은 없어지고
# A-Z 값이 M-ZA-L 로
# 숫자도 없어지는 것을 확인
cat $TMP_DIR/ciphertext

# 비밀번호 확인 : CAESARISEASY
cat /krypton/krypton2/krypton3 | tr 'M-ZA-LM-ZA-L' 'a-zA-Z'