Challenge based on unpadded RSA Digital Signatures
tl;dr
1. Factor `M` that you want the server to sign
2. Get signature of each factor
3. Multiply all the signatures over mod n to retrieve signature of `M`

Original solution: [https://amritabi0s.wordpress.com/2019/03/31/volga-ctf-qualifiers-crypto-write-ups/](https://amritabi0s.wordpress.com/2019/03/31/volga-ctf-qualifiers-crypto-write-ups/)
Another approach: [Blinding Attack on RSA digital signature](https://masterpessimistaa.wordpress.com/2017/07/10/blinding-attack-on-rsa-digital-signatures/)

Original writeup (https://amritabi0s.wordpress.com/2019/03/31/volga-ctf-qualifiers-crypto-write-ups/).