Commit 27e922b

Richard Luby <richluby@gmail.com>
2016-10-12 16:35:01
added solution for level 14
this level requires the user to use a flash of intuition in order to approach the problem
master
1 parent 119fa3c
Changed files (2)
exploit_exercises
nebula
level14
readme.md
completions.md
exploit_exercises/nebula/level14/readme.md
@@ -1,11 +1,50 @@
 
-----------------------------------------------
+# Nebula - Level 14 - Intuitive Encryption
 
-About
-Source code
-This program resides in /home/flag14/flag14. It encrypts input and writes
+## About
+
+This program resides in `/home/flag14/flag14`. It encrypts input and writes
 it to standard output.  An encrypted token file is also in that home directory,
 decrypt it :)
-To do this level, log in as the level14 account with the password
-level14. Files for this level can be found in /home/flag14.
-There is no source code available for this level
+To do this level, log in as the `level14` account with the password
+`level14`. Files for this level can be found in `/home/flag14`.
+
+## Solution
+
+Entering the line `echo "0123456789" | /home/flag14/flag14 -e` returns `02468:<>@B`. Examining the
+ASCII table with `man ascii` gives us the follwing insight.
+
+
+Original  | Modified | Input | Output | Difference
+----------|----------|-------|--------|------------
+0         | 0        | 48    | 48     | 0
+1         | 2        | 49    | 50     | 1
+2         | 4        | 50    | 52     | 2
+3         | 6        | 51    | 54     | 3
+4         | 8        | 52    | 56     | 4
+5         | :        | 53    | 58     | 5
+6         | <        | 54    | 60     | 6
+7         | >        | 55    | 62     | 7
+8         | @        | 56    | 64     | 8
+9         | B        | 57    | 66     | 9
+
+The `Difference` column shows that the character shifts based on the index in which it occurs in the
+input. Armed with this knowledge, create a program to reverse the algorithm.
+
+```
+#!/usr/bin/python
+
+tokenFile = open("/home/flag14/token", "r")
+token = tokenFile.readlines()[0]
+tmp = ''
+index = 0
+for char in token:
+	if 0 <= ord(char) - index <= 255:
+		tmp += chr(ord(char) - index)
+		index += 1
+		print tmp, index
+print tmp
+```
+
+Save the file as `decrypt.py`, run `chmod +x decrypt.py`, and then execute the file with
+`./decrypt.py`. This token serves as the password for the `flag14` account.
exploit_exercises/nebula/completions.md
@@ -3,4 +3,4 @@
 Handle               |Level00 |Level01 |Level02 |Level03 |Level04 |Level05 |Level06 |Level07 |Level08 |Level09 |Level10 |Level11 |Level12 |Level13 |Level14 |Level15 |Level16 |Level17 |Level18 |Level19
 ---------------------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|--------|-------
 **bryfry**           | [x]    |        | [x]    |        | [x]    |        | [x]    |        |        |        |        |        |        |        |        |        |        |        |        |        
-**richluby**         |        | [x]    |        | [x]    |        | [x]    |        | [x]    |        | [x]    | [x]    | [x]    | [x]    | [x]    |        |        |        |        |        |        
+**richluby**         |        | [x]    |        | [x]    |        | [x]    |        | [x]    |        | [x]    | [x]    | [x]    | [x]    | [x]    | [x]    |        |        |        |        |