The same flag is encrypted 5 times with RSA small public exponent and linear padding. The generalization of Håstad’s broadcast attack and the Coppersmith method allow to recover the flag.