https://app.hackthebox.com/challenges/6

Description

Can you decrypt the message and get the flag?

Exploitation

#!/usr/bin/env python3
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import binascii, re

with open('priv.key', 'r') as f:
    private_key = RSA.import_key(f.read())
with open('flag.enc', 'rb') as f:
    encrypted_data = f.read()
decrypted_int = pow(int.from_bytes(encrypted_data, 'big'), private_key.d, private_key.n)
decrypted_bytes = decrypted_int.to_bytes((decrypted_int.bit_length() + 7) // 8, 'big')
ascii_data = decrypted_bytes.decode('ascii', errors='ignore')
if 'HTB{' in ascii_data:
    print(re.search(r'HTB{[^}]+}', ascii_data).group(0))

Summary

Weak RSA: exploit the RSA structure, recover the missing secret, and decrypt the flag.