#webscene

#The biggest in small world

RSA Factorisation - rootme

1
Xer0Day Xer0Day

RSA Factorisation - rootme

3 Platform: Multi Platform Writeups: 2

The validation password was encrypted using this public key.

ciphertext :
e8oQDihsmkvjT3sZe+EE8lwNvBEsFegYF6+OOFOiR6gMtMZxxba/bIgLUD8pV3yEf0gOOfHuB5bC3vQmo7bE4PcIKfpFGZBA

6 years ago
2018-07-07 08:30:00
Views: 5966
Please login/register to Leave a Reply

3
AHA AHA

first, we have to extract exponent and modulus from pubkey.pem:

root@:~ # openssl rsa -pubin -inform PEM -text -noout < pubkey.pem
Modulus (576 bit):
    00:c2:cb:b2:4f:db:f9:23:b6:12:68:e3:f1:1a:38:
    96:de:45:74:b3:ba:58:73:0c:bd:65:29:38:86:4e:
    22:23:ee:eb:70:4a:17:cf:d0:8d:16:b4:68:91:a6:
    14:74:75:99:39:c6:e4:9a:af:e7:f2:59:55:48:c7:
    4c:1d:7f:b8:d2:4c:d1:5c:b2:3b:4c:d0:a3
Exponent: 65537 (0x10001)
root@:~ #

and then factorize the modulus, thanks to FactorDB.com :) ` P: 398075086424064937397125500550386491199064362342526708406385189575946388957261768583317

Q: 472772146107435302536223071973048224632914695302097116459852171130520711256363590397527

N: 188198812920607963838697239461650439807163563379417382700763356422988859715234665485319060606504743045317388011303396716199692321205734031879550656996221305168759307650257059

D: 48318251158920145864930035723053089097690375168562443830554407970661009102774592695057202204701378327623682075089028698815133956650193819978456750305738325912711134934968241

e: 65537

pass : up2l6D######## `

6 years ago
2018-09-02 08:30:00
Please login/register to Leave a Reply

1
nextco nextco 

# Python 2.7 x86 Windows
# RSA Factorization solution by @rextco
# https://webscene.ir/#/challenge/RSA-Factorisation-rootme
# pip install pycryptodome
from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse
import base64

def read_file(fn):
    with open(fn, "rb") as content_file:
        c = content_file.read()
    return c

def write_file(fn, text_):
    with open(fn, "wb") as f:
        f.write(text_)

if __name__ == "__main__":
    # Read values from provided public key
    key_public = RSA.importKey(read_file("pubkey.pem"))
    print("key_public.e = 0x%x" % key_public.e)
    print("key_public.n = 0x%x" % key_public.n)

    # Factorize n (module) using http://factordb.com/index.php
    p = 398075086424064937397125500550386491199064362342526708406385189575946388957261768583317
    q = 472772146107435302536223071973048224632914695302097116459852171130520711256363590397527
    print("p = 0x%x" % p)
    print("q = 0x%x" % q)

    # get d (private key) value
    phi_n = (p - 1)*(q - 1)             # get phi
    print("phi_n = %x" % phi_n)
    d = inverse(key_public.e, phi_n)    # multiplicative_inverse
    print("d = 0x%x" % d)

    # Generate Private Key
    key = RSA.construct((key_public.n, key_public.e, d, p, q))
    # write_file("private.pem", key.exportKey())

    cipher = read_file("data.bin")
    decipher = key.decrypt(base64.b64decode(cipher))
    print(decipher)

References

https://bitsdeep.com/posts/attacking-rsa-for-fun-and-ctf-points-part-1/

https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html

6 years ago
2018-10-16 07:30:00
Please login/register to Leave a Reply

Please login to post your answer / writeup