This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.PulicKey import RSA | |
key = open('key.pub').read() | |
# STEP 1 => get the modulus and exponent | |
n = key.n | |
e = key.e | |
# STEP 2 => Since itis a weak rsa: we could factorise the modulus from using this site: http://factordb.com/ | |
# after factorising we get p and q below |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
========== First ========= | |
Lets compare both keys provided: | |
openssl rsa -pubin -inform PEM -text -noout < key1.pem | |
openssl rsa -pubin -inform PEM -text -noout < key2.pem | |
we can observe that both keys have SIMILAR modulus but DIFFERENT exponents: | |
after googling online on RSA attacks i found one for Common Modulus | |
Exploiting it according to me was not very trivial especially without solid background in crypto (google to the rescue) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.PublicKey import RSA | |
from Crypto.Util.number import inverse | |
from binascii import hexlify,unhexlify | |
from base64 import b64decode | |
# STEP 1 => import the public keys and get both moduli (n1,n2) and exponents (e1,e2) | |
key1 = RSA.import_key(open('key1.pem').read()) | |
key2 = RSA.import_key(open('key2.pem').read()) | |
n1,n2,e1,e2 = key1.n, key2.n, key1.e, key2.e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from binascii import unhexlify | |
import math | |
# STEP 1 => Get the bytes of the flag | |
encrypted_flag = unhexlify(open('output.txt','r').read().split(' ')[1].strip('\n')) | |
part_flag = b'HTB{' | |
# STEP 2 => Get the encryption key by xoring the known string with the similar placed output bytes | |
key = [chr(b ^ encrypted_flag[a]) for a,b in enumerate(part_flag)] | |
messages = [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import string | |
from binascii import unhexlify | |
encrypted = unhexlify(open('msg.enc','r').read()) | |
plaintext = [] | |
#brute force the encryption logic | |
for b in encrypted: | |
for ch in string.printable: | |
if ((123 * ord(ch) + 18) % 256 == b): | |
plaintext.append(ch) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from binascii import unhexlify | |
enc_flag = 'Put the encrypted flag extracted from the pcap hear' | |
ct = 'the First Ciphertext we find' | |
ct2 = 'the second Ciphertext we find' | |
flag = '' | |
#Note the length of all the above texts are 36 bytes after decoding from ascii | |
for i,j in enumerate(ct): | |
flag += chr(j ^ ct2[i] ^ enc_flag[i]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import time | |
import random | |
from pwn import * | |
def gen_seeds(s): | |
return list(range((s - 20),(s + 20))) | |
possible_seeds = gen_seeds(int(time.time())) | |
conn = remote('IP ADDRESS',PORT) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import gmpy2 | |
from Crypto.Util.number import long_to_bytes, bytes_to_long | |
from binascii import unhexlify | |
flag = open('output.txt','r').read().strip().split(' ')[1] | |
ciphertext = bytes_to_long(flag) | |
e = 3 | |
#Fist method of getting cube root of ciphertext | |
gmpy2.get_context().precision = 4096 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import numpy as np | |
from PIL import Image | |
img1 = Image.open('lemur.png') | |
img2 = Image.open('flag.png') | |
n1 = np.array(img1)*255 | |
n2 = np.array(img2)*255 | |
#our images have a mode of RGB which is assumed to be an 8-bit int |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssh-keygen -e -f 'bruce_rsa_6e7ecd53b443a97013397b1a1ea30e14.pub' -m 'PKCS8' > bruce.pub | |
openssl rsa -pubin -in foo.pub -noout -modulus | cut -d '=' -f2 | xargs echo "ibase=16; $1"| bc | tr -d '\' | tr -d '\n' |
OlderNewer