Tags: rsa
Rating:
After archive downloading, see the output (**c** and **n**) and python script, which we see **e**.
> n = 48564396752059338791464352725210493148212425902751190745668164451763507023284970474595680869078726765719920168392505794415687815488076204724659643390252172928332322944711949999326843460702414647825442748821062427474599006915155109396213406624079900714394311217571510958430682853948004734434233860146109894977
> e = 31337
>
> c = 28767981118696173499362412795754123415661648348744243377735885542432968964926551295510845917978847771440173910696607195964650864733310997503291576565605508828208679238871651079005335403223194484223700571589836641593207297310906538525042640141507638449129445170765859354237239005410738965923592173867475751585
Okay, check the **n** in [factordb.com](http://factordb.com) and see p and q:
> p = 6072510988286929264894086362835077173625040072601309544494353950350290130736379974160352667353769493236336930449438771170009858935018137670526822423479179
> q = 7997416035266735376949323633693044943877117000985893501813767052682242347917960725109882869292648940863628350771736250400726013095444943539503502901307363
Yes, we have got the p and q, calculate phi(n) and private key d:
> phin = (p - 1) * (q - 1) = 48564396752059338791464352725210493148212425902751190745668164451763507023284970474595680869078726765719920168392505794415687815488076204724659643390252158858405299391047308155916846932580297145668369161618016119353595974382676455055514136388543254295960211252290289783409112118075974271353023829820785108436
> d = inverse(e, n) = 41320883000930470376769123933761603816918910931009828600432404785951762701019471160741125155957688730714179131692548169783498236090199312205175992332204528565008153226648829733580460470478618335991183806880721313154575404951504685232956997112924938229351473102716150125890709270327718096725457905176360000837
Decrypt the c:
> m = pow(c, d, n) = 839273094895600834232040203648983510662675144687910005669552377561640754534620973448186907529875633826145122951079469437
And get the flag:
> unhexlify(hex(m)[2:])
>
> b'S4CTF{Wh3n_mY_BrA1n_w45_UltR4_4CtIVe_ABOut_RSA!!!}'
Flag: **S4CTF{Wh3n_mY_BrA1n_w45_UltR4_4CtIVe_ABOut_RSA!!!}**
