Level00 is the entry point of the Snow Crash project, focusing on system exploration and basic cryptanalysis. This challenge introduces us to file system navigation, the find command, and ROT cipher decryption.
I began by exploring the machine to understand the environment and search for any useful information. Starting in the home directory, I used ls -la to list all files:
ls -laThis revealed three files:
-r-xr-x---+ 1 level00 level00 220 Apr 3 2012 .bash_logout*
-r-xr-x---+ 1 level00 level00 3518 Aug 30 2015 .bashrc*
-r-xr-x---+ 1 level00 level00 675 Apr 3 2012 .profile*
I examined each of these files but found nothing particularly interesting or unusual. They appeared to be standard shell configuration files.
I then moved to the / directory to check if I could access other user directories. Most directories were not accessible due to permission restrictions, but I noticed I had read access to /etc. Exploring this directory, I found the /etc/passwd file and examined it. While I discovered some interesting entries (which would become relevant in later levels), nothing seemed directly related to level00.
Realizing I needed a more systematic approach, I decided to search the entire filesystem. I attempted to run find on the root directory:
find /However, this produced an overwhelming amount of output, making it difficult to identify anything useful.
I needed to make my search more specific and focused on level00. Since I was looking for the flag00 user's files, I modified my command to search for files owned by flag00:
find / -user flag00 -lsThis helped narrow down the results, but I still encountered numerous "Permission denied" errors that cluttered the output. To eliminate these access errors, I redirected standard error (stderr) to /dev/null:
find / -user flag00 -ls 2> /dev/nullThis clean output revealed two interesting files:
11050 4 ----r--r-- 1 flag00 flag00 15 Mar 5 2016 /usr/sbin/john
37740 1 ----r--r-- 1 flag00 flag00 15 Mar 5 2016 /rofs/usr/sbin/john
I examined both files and discovered they were identical, containing the same content:
cat /usr/sbin/johnThe file contained: cdiiddwpgswtgt
My initial assumption was that this string might be the password directly. I attempted to use it with su flag00, but the login failed. This meant the string required further analysis or decryption.
I analyzed the characteristics of the string "cdiiddwpgswtgt":
- It contained only lowercase letters
- No special characters or numbers
- The pattern suggested it might be encrypted with a simple substitution cipher
Given these characteristics, I suspected it might be a ROT cipher (also known as Caesar cipher), where each letter is shifted by a fixed number of positions in the alphabet. To test this hypothesis, I wrote a C++ program to try all possible ROT variations from ROT1 to ROT25:
#include <iostream>
using namespace std;
int main()
{
string flag = "cdiiddwpgswtgt";
for (int i = 1; i < 26; i++)
{
cout << "rot" << i << ": ";
for (int j = 0; j < flag.size(); j++)
cout << (char)(97 + ((flag[j] + i - 97) % 26));
cout << endl;
}
}To compile and run:
g++ -o rotx rotx.cpp
./rotxRunning the program produced all 25 possible rotations:
rot1: dejjeexqhtxuhu
rot2: efkkffyriuyviv
rot3: fgllggzsjvzwjw
rot4: ghmmhhatkwaxkx
rot5: hinniibulxbyly
rot6: ijoojjcvmyczmz
rot7: jkppkkdwnzdana
rot8: klqqllexoaebob
rot9: lmrrmmfypbfcpc
rot10: mnssnngzqcgdqd
rot11: nottoohardhere
rot12: opuuppibseifsf
rot13: pqvvqqjctfjgtg
rot14: qrwwrrkdugkhuh
rot15: rsxxsslevhlivi
rot16: styyttmfwimjwj
rot17: tuzzuungxjnkxk
rot18: uvaavvohykolyl
rot19: vwbbwwpizlpmzm
rot20: wxccxxqjamqnan
rot21: xyddyyrkbnrobo
rot22: yzeezzslcospcp
rot23: zaffaatmdptqdq
rot24: abggbbunequrer
rot25: bchhccvofrvsfs
At ROT11, the decrypted text became readable: nottoohardhere
This appeared to be a meaningful phrase ("not too hard here"), confirming it was the correct decryption. I used this as the password:
su flag00
# Password: nottoohardhere
getflagThe flag was successfully retrieved: x24ti5gi3x0ol2eh4esiuxias
Level00 demonstrated the importance of systematic exploration and problem-solving in security challenges. The process required multiple skills: effective use of Linux commands for file system navigation, understanding of file permissions, and basic cryptanalysis knowledge.
The challenge highlighted how simple encryption methods like ROT ciphers provide minimal security. ROT11 (and its more famous variant ROT13) are trivial to break through exhaustive search since there are only 25 possible keys to test. This level serves as a reminder that security through obscurity is not true security, and proper encryption algorithms must be used for protecting sensitive information.
The use of the find command with proper filtering (redirecting stderr and specifying user ownership) proved essential for discovering hidden files in a large filesystem. This technique would prove valuable in subsequent levels of the challenge.
Flag: x24ti5gi3x0ol2eh4esiuxias
Next Level: Level01