Skip to content

Instantly share code, notes, and snippets.

View GordonOus's full-sized avatar

GordonOus

0 followers · 4 following
View GitHub Profile
@GordonOus
GordonOus / weakrsa.py
Last active August 19, 2021 09:43
Code Gists for Blog Post
from Crypto.PulicKey import RSA
key = open('key.pub').read()
# STEP 1 => get the modulus and exponent
n = key.n
e = key.e
# STEP 2 => Since itis a weak rsa: we could factorise the modulus from using this site: http://factordb.com/
# after factorising we get p and q below
@GordonOus
GordonOus / 241.txt
Last active August 19, 2021 10:44
========== First =========
Lets compare both keys provided:
openssl rsa -pubin -inform PEM -text -noout < key1.pem
openssl rsa -pubin -inform PEM -text -noout < key2.pem
we can observe that both keys have SIMILAR modulus but DIFFERENT exponents:
after googling online on RSA attacks i found one for Common Modulus
Exploiting it according to me was not very trivial especially without solid background in crypto (google to the rescue)
@GordonOus
GordonOus / 241.py
Last active August 19, 2021 11:10
common modulus attack steps
from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse
from binascii import hexlify,unhexlify
from base64 import b64decode
# STEP 1 => import the public keys and get both moduli (n1,n2) and exponents (e1,e2)
key1 = RSA.import_key(open('key1.pem').read())
key2 = RSA.import_key(open('key2.pem').read())
n1,n2,e1,e2 = key1.n, key2.n, key1.e, key2.e
@GordonOus
GordonOus / xorxorxor.py
Last active August 20, 2021 15:38
from binascii import unhexlify
import math
# STEP 1 => Get the bytes of the flag
encrypted_flag = unhexlify(open('output.txt','r').read().split(' ')[1].strip('\n'))
part_flag = b'HTB{'
# STEP 2 => Get the encryption key by xoring the known string with the similar placed output bytes
key = [chr(b ^ encrypted_flag[a]) for a,b in enumerate(part_flag)]
messages = []
@GordonOus
GordonOus / babyencryption.py
Last active August 20, 2021 15:58
import string
from binascii import unhexlify
encrypted = unhexlify(open('msg.enc','r').read())
plaintext = []
#brute force the encryption logic
for b in encrypted:
for ch in string.printable:
if ((123 * ord(ch) + 18) % 256 == b):
plaintext.append(ch)
@GordonOus
GordonOus / nuclearsale.py
Created August 20, 2021 18:35
from binascii import unhexlify
enc_flag = 'Put the encrypted flag extracted from the pcap hear'
ct = 'the First Ciphertext we find'
ct2 = 'the second Ciphertext we find'
flag = ''
#Note the length of all the above texts are 36 bytes after decoding from ascii
for i,j in enumerate(ct):
flag += chr(j ^ ct2[i] ^ enc_flag[i])
@GordonOus
GordonOus / rlotto.py
Last active January 23, 2022 19:56
import time
import random
from pwn import *
def gen_seeds(s):
return list(range((s - 20),(s + 20)))
possible_seeds = gen_seeds(int(time.time()))
conn = remote('IP ADDRESS',PORT)
@GordonOus
GordonOus / lostmodulus.py
Created August 23, 2021 12:02
import gmpy2
from Crypto.Util.number import long_to_bytes, bytes_to_long
from binascii import unhexlify
flag = open('output.txt','r').read().strip().split(' ')[1]
ciphertext = bytes_to_long(flag)
e = 3
#Fist method of getting cube root of ciphertext
gmpy2.get_context().precision = 4096
@GordonOus
GordonOus / lemurxor.py
Created September 16, 2021 08:02
import numpy as np
from PIL import Image
img1 = Image.open('lemur.png')
img2 = Image.open('flag.png')
n1 = np.array(img1)*255
n2 = np.array(img2)*255
#our images have a mode of RGB which is assumed to be an 8-bit int
@GordonOus
GordonOus / ssh-pub-mod
Created September 16, 2021 20:31
ssh-keygen -e -f 'bruce_rsa_6e7ecd53b443a97013397b1a1ea30e14.pub' -m 'PKCS8' > bruce.pub
openssl rsa -pubin -in foo.pub -noout -modulus | cut -d '=' -f2 | xargs echo "ibase=16; $1"| bc | tr -d '\' | tr -d '\n'