Hack The Box: Beginner Track - Weak RSA


This is the third piece of the Beginner’s Track: A challenge from the category “Crypto”.


Weak RSA

After unzipping the file, we find an encrypted flag and a public key:

❯ cat key.pub
-----BEGIN PUBLIC KEY-----
MIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKBgQMwO3kPsUnaNAbUlaubn7ip
4pNEXjvUOxjvLwUhtybr6Ng4undLtSQPCPf7ygoUKh1KYeqXMpTmhKjRos3xioTy
23CZuOl3WIsLiRKSVYyqBc9d8rxjNMXuUIOiNO38ealcR4p44zfHI66INPuKmTG3
RQP/6p5hv1PYcWmErEeDewKBgGEXxgRIsTlFGrW2C2JXoSvakMCWD60eAH0W2PpD
qlqqOFD8JA5UFK0roQkOjhLWSVu8c6DLpWJQQlXHPqP702qIg/gx2o0bm4EzrCEJ
4gYo6Ax+U7q6TOWhQpiBHnC0ojE8kUoqMhfALpUaruTJ6zmj8IA1e1M6bMqVF8sr
lb/N
-----END PUBLIC KEY-----

The public key is quite short, and the challenge is called “Weak RSA”. So it makes sense to assume that this key is generated with a weak algorithm.


This task is extremely easy to solve with the Github Repository RSACtfTool:

$ python3 /opt/RsaCtfTool/RsaCtfTool.py --publickey key.pub --uncipherfile flag.enc     

reveals the flag. The attack method is called the Wieners attack. It works for small d’s, where d is part of the private key (d, N).