OVERTHEWIRE – BANDIT LEVEL 11 -> LEVEL 12
ssh bandit11@localhost
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
or if you are no longer logged in as bandit10:
ssh bandit11@bandit.labs.overthewire.org -p 2220
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPRIn this level we need to find the password which is stored in the data.txt file. We are also told that all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.
After we login into bandit11, we can see the data.txt file is found in the current working directory.
If we cat the data.txt file, we will see a string of characters that make no sense.
We know from the information that was given at the beginning of the level, that all lowercase and uppercase letter have been rotated by 13 positions.
This means that ROT13 was used to encrypt the contents of the file.
So how do we move forward? We could take a pen and a piece of paper and try to decode it but well keep this as a last option.
Linux comes to save the day, with the help of the tr command (short for translate).
The tr command will copy the standard input to the standard output with substitution or deletion of selected characters. The options specified and the string1 and string2 operands shall control translations that occur while copying characters and single-character collating elements.
tr command does no support reading a file directly, if we want to apply it to a text file, we need to pipe the file content to tr or redirect the file to stdin.
Let’s see how it works:
cat data.txt | tr "A-Za-z" "N-ZA-Mn-za-m"
we cat the file and pipe the result to the tr command
tr "A-Za-z" "N-ZA-Mn-za-m" -> will expand the AB..YZab...yz and NO...LMno...lm (remember that the letters have been moved 13 positions so A=N) and will replace the letters, giving us the password.
