Bandit Level 11-12@overthewire.org
Description
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.
Current level credentials
| Key | Value |
|---|---|
| Server-name: | bandit.labs.overthewire.org |
| Port: | 2220 |
| User: | bandit11 |
| Password: | 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM |
Current level login
Log in
1 | |
sshpass before using it. The ssh command can also be used on its own. If so, copy-paste the password when requested.
Hints And Solution
Hint(s)
It's a substitution encryption. Look it up and see if there are any that shift 13 positions.
Search for ROT13. Is there a tool you can use online, a command you can use, or an app you can install?
Solution
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | |
catoutput is piped into the commandtr.trrotates the letters by 13 positions.
The ls -al command reveals that the file data.txt is located in the home directory. The contents of the file data.txt are displayed as encrypted text. Because blank spaces are clearly visible, a substitution encryption is very likely. At the most basic level, the Caesar cipher or ROT13 is used. In a basic Latin alphabet, such as the English alphabet, this cipher replaces a letter with the 13th letter of the alphabet. Because the alphabet is 26 characters long, ROT13 can simply inverse an encoded string by repeating the algorithm on the encoded output. You can decode the string using tr or an online encoder/decoder.
In this example, the output of cat data.txt is piped to tr 'A-Za-z' 'N-ZA-Mn-za-m'.
Resources
Resources
Bandit-level12@overthewire
Rot13 on Wikipedia
man page for tr command @man7.org
How to decode rot13 @askubuntu.com
rot13 encoder/decoder @rot13.com
rot13 encoder/decoder @cyberchef
Comments
Any feedback and suggestions are welcome. This website was created using mkdocs and the material plugin. If you want, you can make a pull request. The repository is https://github.com/dabonzo/itsec_hp