Welcome to Krypton! The first level is easy. The following string encodes the password using Base64:
S1JZUFRPTklTR1JFQVQ=
Use this password to log in to krypton.labs.overthewire.org with username krypton1 using SSH on port 2231. You can find the files for other levels in /krypton/
2. Understand the challenge
The page states:
“The following string encodes the password using Base64:”
S1JZUFRPTklTR1JFQVQ=
Your task is to decode this Base64 string to obtain the SSH password for user krypton1.
3. What is Base64?
Base64 is not encryption—it’s an encoding scheme used to represent binary data as ASCII text.
Key properties:
Uses characters: A–Z a–z 0–9 + /
Often ends with = padding
Easily reversible (decoded)
So the solution is simply to decode the string.
4. Practical Example: Base64 Encoding in Action
Scenario
You want to safely transmit the text:
over a channel that only supports printable ASCII characters (for example: email headers, HTTP headers, or config files).
Step 1: Start with plain text
Each character is stored as bytes (ASCII):
Character
ASCII (decimal)
Binary
H
72
01001000
E
69
01000101
L
76
01001100
L
76
01001100
O
79
01001111
Combined binary stream:
Step 2: Split into 6-bit chunks
Base64 works on 6-bit blocks (because 2⁶ = 64):
Pad with zeros to complete the last block:
Step 3: Convert 6-bit blocks to decimal
Binary
Decimal
010010
18
000100
4
010101
21
001100
12
010011
19
000100
4
111100
60
Step 4: Map to Base64 alphabet
Base64 index table starts like this:
Now map the values:
Decimal
Base64 char
18
S
4
E
21
V
12
M
19
T
4
E
60
8
Result so far:
Step 5: Add padding (=)
Original data length was not a multiple of 3 bytes, so Base64 adds padding:
Final encoded result
5. Decode the Base64 string
Option A: Using the command line (recommended)
On Linux / macOS:
Output:
6. Solution (password)
7. Log in to the next level
Use SSH with the credentials provided by the challenge.
8. Why this level exists
This level teaches you that:
Encoding ≠ encryption
Always identify the transformation used
Simple cryptography challenges often test recognition, not brute force
💖 Support Our Work
If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.
$ ssh [email protected] -p 2231
Using username "krypton1".
Pre-authentication banner message from server:
| _ _
| | | ___ __ _ _ _ __ | |_ ___ _ __
| | |/ / '__| | | | '_ \| __/ _ \| '_ \
| | <| | | |_| | |_) | || (_) | | | |
| |_|\_\_| \__, | .__/ \__\___/|_| |_|
| |___/|_|
|
| This is an OverTheWire game server.
| More information on http://www.overthewire.org/wargames
|
| backend: gibson-0
End of banner message from server
[email protected]'s password:
,----.. ,----, .---.
/ / \ ,/ .`| /. ./|
/ . : ,` .' : .--'. ' ;
. / ;. \ ; ; / /__./ \ : |
. ; / ` ; .'___,/ ,' .--'. ' \' .
; | ; \ ; | | : | /___/ \ | ' '
| : | ; | ' ; |.'; ; ; \ \; :
. | ' ' ' : `----' | | \ ; ` |
' ; \; / | ' : ; . \ .\ ;
\ \ ', / | | ' \ \ ' \ |
; : / ' : | : ' |--"
\ \ .' ; |.' \ \ ;
www. `---` ver '---' he '---" ire.org
Welcome to OverTheWire!
If you find any problems, please report them to the #wargames channel on
discord or IRC.
--[ Playing the games ]--
This machine might hold several wargames.
If you are playing "somegame", then:
* USERNAMES are somegame0, somegame1, ...
* Most LEVELS are stored in /somegame/.
* PASSWORDS for each level are stored in /etc/somegame_pass/.
Write-access to homedirectories is disabled. It is advised to create a
working directory with a hard-to-guess name in /tmp/. You can use the
command "mktemp -d" in order to generate a random and hard to guess
directory in /tmp/. Read-access to both /tmp/ is disabled and to /proc
restricted so that users cannot snoop on eachother. Files and directories
with easily guessable or short names will be periodically deleted! The /tmp
directory is regularly wiped.
Please play nice:
* don't leave orphan processes running
* don't leave exploit-files laying around
* don't annoy other players
* don't post passwords or spoilers
* again, DONT POST SPOILERS!
This includes writeups of your solution on your blog or website!
--[ Tips ]--
This machine has a 64bit processor and many security-features enabled
by default, although ASLR has been switched off. The following
compiler flags might be interesting:
-m32 compile for 32bit
-fno-stack-protector disable ProPolice
-Wl,-z,norelro disable relro
In addition, the execstack tool can be used to flag the stack as
executable on ELF binaries.
Finally, network-access is limited for most levels by a local
firewall.
--[ Tools ]--
For your convenience we have installed a few useful tools which you can find
in the following locations:
* gef (https://github.com/hugsy/gef) in /opt/gef/
* pwndbg (https://github.com/pwndbg/pwndbg) in /opt/pwndbg/
* gdbinit (https://github.com/gdbinit/Gdbinit) in /opt/gdbinit/
* pwntools (https://github.com/Gallopsled/pwntools)
* radare2 (http://www.radare.org/)
--[ More information ]--
For more information regarding individual wargames, visit
http://www.overthewire.org/wargames/
For support, questions or comments, contact us on discord or IRC.
Enjoy your stay!
krypton1@krypton:~$
