Recap of Last LessonLearned how to decode strings that have been obfuscated by base64

Bandit Level 12

Objective

Find the password to the next level

Intel Given

  • Password is in data.txt
  • The password has been changed where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions

How to

We’re still in obfuscation. Once again this is knowledge that I don’t have off of the top of my head. A quick google search of the following term “change character 13 positions obfuscation” reveals this article. You can read that article if you so wish, but I’ll explain it in my own words.

This is simply taking a letter, and moving it a pre-set amount times down to the alphabet to the new letter. The “key” to this cipher is knowing how many letters it has changed and as luck would have it we know its 13 due to our intel. This means that the letter A is actually N, G is T, u is h (It loops back around the alphabet) and so forth.

Screen Shot 2015-01-19 at 8.08.45 PM

As we can see when reading the file it looks garbled. Well *nix has a command to translate characters (letters & numbers). The command ‘tr’ when assigned with the correct switches will give us our solution. In our case, we need to tell the command that we wish to take THIS set of rules, and change them to THOSE set of rules. Look below for the solution and further explanation.

Screen Shot 2015-01-19 at 8.08.55 PM

So as you can see I’m piping the string from the data.txt file into our translate command. Breaking down the ‘tr’ command arguments in layman’s terms I’m saying “Take the Uppercase and Lowercase letters A-Z and substitute them starting with N-ZA-M”. Remember I need to include wrapping around the alphabet in my argument or it won’t work correctly.

Conclusion

We went a little more advanced into obfuscation, now we had to input a few arguments into our command rather than letting our machine do the work for us.  This gave us a little bit of insight as to how simple ciphers can be used to hide intended communications in cleartext.