The service asked for a filename and sent its contents RSA encrypted (with a fix modulus and exponent = 3).
It read the filename using the read()
function which do not zero-terminate it and then called strlen()
on it so it can append ".txt" to it. This suffix could overflow into the public exponent field, overwriting the original 3 with a 't' byte.
So we could get pow(flag, 3, N)
and pow(flag, ord(t), N)
from which we can restore the flag value.
I used this script to overwrite the exponent and get the encrypted flag.
from pwn import *
r = remote('13.112.220.64', 9999)
r.send('a'*13)
time.sleep(1)