Challenge description
Can you decrypt the message and get the flag?
Solution
Download the zip file and unzip it.
We have two files flag.enc and key.pub
We are asked to decrypt the flag file using the given public key.
There is a convenient tool for this kind of challenge. RsaCtfTool!
Let’s first install the tool from GitHub.
And then we can even find out the private key using the tool.
./RsaCtfTool.py --publickey ../key.pub --privateThen the found private key will be displayed.
[*] Testing key ../key.pub.
attack initialized...
attack initialized...
[*] Performing nonRSA attack on ../key.pub.
[!] Timeout.
[+] Time elapsed: 60.0005 sec.
[*] Performing smallq attack on ../key.pub.
[+] Time elapsed: 0.0072 sec.
[*] Performing mersenne_primes attack on ../key.pub.
27%|█████████████████████████▊ | 14/51 [00:00<00:00, 197047.84it/s]
[+] Time elapsed: 0.0118 sec.
[*] Performing lucas_gcd attack on ../key.pub.
100%|████████████████████████████████████████████████████████████████████████████████████████████| 9999/9999 [00:01<00:00, 9468.56it/s]
[+] Time elapsed: 1.0566 sec.
[*] Performing pastctfprimes attack on ../key.pub.
[+] loading prime list file data/visa_emv.txt...
100%|█████████████████████████████████████████████████████████████████████████████████████████████████| 2/2 [00:00<00:00, 55188.21it/s]
[+] loading prime list file data/pastctfprimes.txt...
77%|█████████████████████████████████████████████████████████████████████████ | 93/121 [00:00<00:00, 5171.01it/s]
[*] Attack success with pastctfprimes method !
[+] Total time elapsed min,max,avg: 0.0072/60.0005/15.2690 sec.
Results for ../key.pub:
Private key :
-----BEGIN RSA PRIVATE KEY-----
MIICOQIBAAKBgQMwO3kPsUnaNAbUlaubn7ip4pNEXjvUOxjvLwUhtybr6Ng4undL
tSQPCPf7ygoUKh1KYeqXMpTmhKjRos3xioTy23CZuOl3WIsLiRKSVYyqBc9d8rxj
NMXuUIOiNO38ealcR4p44zfHI66INPuKmTG3RQP/6p5hv1PYcWmErEeDewKBgGEX
xgRIsTlFGrW2C2JXoSvakMCWD60eAH0W2PpDqlqqOFD8JA5UFK0roQkOjhLWSVu8
c6DLpWJQQlXHPqP702qIg/gx2o0bm4EzrCEJ4gYo6Ax+U7q6TOWhQpiBHnC0ojE8
kUoqMhfALpUaruTJ6zmj8IA1e1M6bMqVF8srlb/NAiBhwngxi+Cbie3YBogNzGJV
h10vAgw+i7cQqiiwEiPFNQJBAhfZb0hu0nborNkL/kc+xWqDFa24/mE3w4t/eiGG
iOvU2KAnBzqjrx20pJxoRDkDfe+Y2m5aoq5x5xPQcRXG4TkCQQGF86+a9ipB1Yxn
GTQi0QKF68yY1YW+5J2ROaBGKJxCPodoEErdW2r792FcYXIrE1bja5YEKOfHhm+H
PXbWNm5TAiBhwngxi+Cbie3YBogNzGJVh10vAgw+i7cQqiiwEiPFNQIgYcJ4MYvg
m4nt2AaIDcxiVYddLwIMPou3EKoosBIjxTUCQQExdOu7+RKDsSDEZFFsk+eCEPUA
JYOrDogZ/mYsEtseG7k23DtQSWQAj0KpJHYHtUWvVkqoA5NhE97C1ddgtUi6
-----END RSA PRIVATE KEY-----I just showed you how to find a private key using the tool.
Let’s move on to decrypt the flag file.
./RsaCtfTool.py --publickey ../key.pub --decryptfile ../flag.encThen the decrypted content will be printed.
Decrypted data :
HEX : 0x000221cfb29883b06f409a679a58a4e97b446e28b244bbcd0687d178a8ab8722bf86da06a62e042c892d2921b336571e9ff7ac9d89ba90512bac4cfb8d7e4a3901bbccf5dfac01b27bddd35f1ca55344a75943df9a18eadb344cf7cf55fa0baa7005bfe32f41004854427b73316d706c335f5769336e3372735f34747434636b7d
INT (big endian) : 1497194306832430076266314478305730170974165912795150306640063107539292495904192020114449824357438113183764256783752233913408135242464239912689425668318419718061442061010640167802145162377597484106658670422900749326253337728846324798012274989739031662527650589811318528908253458824763561374522387177140349821
INT (little endian) : 22546574266225300968123857704721191858671593287972919965619572675918636257464402082642870677657579044805501825719744981953609630743396909394906721219496019830622451770590549653716476856077849644487076110495020954617170743371827481017047908786316114794508942268154434710618690751442928771926238749045133355844096
STR : b'\x00\x02!\xcf\xb2\x98\x83\xb0o@\x9ag\x9aX\xa4\xe9{Dn(\xb2D\xbb\xcd\x06\x87\xd1x\xa8\xab\x87"\xbf\x86\xda\x06\xa6.\x04,\x89-)!\xb36W\x1e\x9f\xf7\xac\x9d\x89\xba\x90Q+\xacL\xfb\x8d~J9\x01\xbb\xcc\xf5\xdf\xac\x01\xb2{\xdd\xd3_\x1c\xa5SD\xa7YC\xdf\x9a\x18\xea\xdb4L\xf7\xcfU\xfa\x0b\xaap\x05\xbf\xe3/A\x00HTB{s1mpl3_Wi3n3rs_4tt4ck}'
PKCS#1.5 padding decoded!
HEX : 0x004854427b73316d706c335f5769336e3372735f34747434636b7d
INT (big endian) : 116228445871869252378692588205079217110932931184359462733572989
INT (little endian) : 51594582506285564025554597946778804341308607376857173453085886464
utf-8 : HTB{s1mpl3_Wi3n3rs_4tt4ck}
STR : b'\x00HTB{s1mpl3_Wi3n3rs_4tt4ck}'
