09-03-2024, 12:24 PM
let's discuss the challenge
|
HTB - ReMeeting the Wheel (Challenge)
by x1rx - Tuesday September 3, 2024 at 12:24 PM
|
|
09-03-2024, 12:24 PM
let's discuss the challenge
09-03-2024, 04:02 PM
09-03-2024, 04:32 PM
I havent checked it out but will look into it. always love testing my weakish skills
(09-03-2024, 04:02 PM)macavitysworld Wrote:(09-03-2024, 12:24 PM)x1rx Wrote: let's discuss the challenge abolutely yes , it is the way of solving it Thanks bro from tqdm import tqdm
import gmpy2
from hashlib import sha256
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import binascii
# Constants
e = 65537
n = 72741423208033405403492275698762968936514657314823442485453559870105200118330405900858299998747406127848670334407387228444029070060538220448699667905891284937839901536444798774307744865631349770845980738192442639071823803272283670943732769371979418893953521892212745135191661138195973757608889180051128601323
c = int(
"4da0230d2b8b46e3a7065f32c46df019739cc002a208cc37767a82c3e94edfc3440fa4b24a32274e35d5ddceaa33505c4f2a57281c3a5d6d4db3a0dbdbb30dbf373241319ce4a7fdd1780b6bafc86e37d283c9f9787c567434e2fc29c988fb05fd411fe4453ea40eb45fc41a423839b485e238dd2530fba284e9b07a0bba6546",
16,
)
encrypted_flag = binascii.unhexlify(
"ce8f36aa844ab00319bcd4f86460a10d77492c060b2c2a91615f4cd1f2d0702e76b68f1ec0f11d15704ba52c5dacc60018d5ed87368464acd030ce6230efdbff7b18cba72ccaa9455a6fe6021b908dd1"
)
START = 2**20
END = 2**21
def decrypt_aes_flag(k1, k2, encrypted_flag):
"""Decrypt the AES-encrypted flag given k1 and k2."""
k = k1 * k2
if not (40 <= k.bit_length() <= 42):
return None
aes_key = sha256(str(k).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
try:
decrypted_flag = unpad(cipher.decrypt(encrypted_flag), 16)
return decrypted_flag
except ValueError:
return None
def precompute_k1_powers():
"""Precompute k1^e % n for all k1 in the range [START, END)."""
k1_powers = {}
for k1 in tqdm(range(START, END), desc="Precomputing k1^e % n"):
k1_pow_e_mod_n = pow(k1, e, n)
k1_powers.setdefault(k1_pow_e_mod_n, []).append(k1)
return k1_powers
def find_k2_for_k1(k1_pow_e_mod_n, k1, k1_powers):
"""Find all possible k2 values given k1^e % n and k1."""
k1_pow_e_inv = gmpy2.invert(k1_pow_e_mod_n, n)
if k1_pow_e_inv is None:
return []
k2_pow_e_mod_n = (c * k1_pow_e_inv) % n
return k1_powers.get(k2_pow_e_mod_n, [])
def brute_force_decryption():
"""Brute force search for k1 and k2 to decrypt the flag."""
k1_powers = precompute_k1_powers()
for k1 in tqdm(range(START, END), desc="Searching for k1 and k2"):
k1_pow_e_mod_n = pow(k1, e, n)
k2_list = find_k2_for_k1(k1_pow_e_mod_n, k1, k1_powers)
for k2 in k2_list:
decrypted_flag = decrypt_aes_flag(k1, k2, encrypted_flag)
if decrypted_flag:
return format_flag(decrypted_flag)
def format_flag(decrypted_flag):
"""Format the decrypted flag for output."""
try:
return decrypted_flag.decode('utf-8', errors='replace')
except UnicodeDecodeError:
return binascii.hexlify(decrypted_flag).decode()
if __name__ == "__main__":
flag = brute_force_decryption()
if flag:
print(f"Decrypted flag: {flag}")
else:
print("Flag not found.")
09-08-2024, 10:25 AM
^ thx dude, nice work
09-12-2024, 05:31 AM
thanks bro for the sharing
02-02-2025, 11:12 PM
Thanks for sharing, dude!
Much appreciated! |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 360 | 90,836 |
03-28-2026, 09:28 AM Last Post: |
||
| [FREE] HTB-ProLabs APTLABS Just Flags | 23 | 4,303 |
03-28-2026, 03:30 AM Last Post: |
||
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 87 | 9,466 |
03-27-2026, 07:22 PM Last Post: |
||
| HTB Eloquia User and Root Flags - Insane Box | 13 | 2,289 |
03-27-2026, 06:14 PM Last Post: |
||
| HTB - ALL Challenges you Stuck in | 2 | 2,587 |
03-27-2026, 04:24 PM Last Post: |
||