HackTheBox Lost Modulus Challenge
Explore the basics of cybersecurity in the Lost Modulus Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/232
Description
I encrypted a secret message with RSA but I lost the modulus. Can you help me recover it?
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/usr/bin/env python3
from Crypto.Util.number import long_to_bytes
import gmpy2
def int_to_bytes(n):
return n.to_bytes((n.bit_length() + 7) // 8, byteorder='big')
def hex_to_int(hex_str):
return int(hex_str, 16)
def small_exponent_attack(ct_hex, e=3):
ct = hex_to_int(ct_hex)
root, is_perfect = gmpy2.iroot(ct, e)
return int_to_bytes(root)
def main():
encrypted_flag = "05c61636499a82088bf4388203a93e67bf046f8c49f62857681ec9aaaa40b4772933e0abc83e938c84ff8e67e5ad85bd6eca167585b0cc03eb1333b1b1462d9d7c25f44e53bcb568f0f05219c0147f7dc3cbad45dec2f34f03bcadcbba866dd0c566035c8122d68255ada7d18954ad604965"
try:
decrypted = small_exponent_attack(encrypted_flag)
print(f"[+] Flag: {decrypted.decode()}")
except Exception as e:
print(f"[-] Attack failed: {str(e)}")
if __name__ == "__main__":
main()
Summary
The Lost Modulus Challenge on Hack The Box tasks participants with recovering a secret message encrypted using RSA, where the modulus is missing. By leveraging the small exponent attack on RSA, the challenge demonstrates how a low encryption exponent can lead to vulnerabilities. Participants use mathematical techniques to extract the plaintext directly from the ciphertext by finding its cube root. This challenge provides a practical introduction to cryptographic attacks and the importance of secure parameter selection in encryption systems.