RSA-decipher-oracle

1. import re
2. import socket
3. from telnetlib import Telnet
4. from Crypto.Util import number
5.  
6. ip,port = 'challenge01.root-me.org',51031
7. n = 456378902858290907415273676326459758501863587455889046415299414290812776158851091008643992243505529957417209835882169153356466939122622249355759661863573516345589069208441886191855002128064647429111920432377907516007825359999
8. e = 65537
9. c = 41662410494900335978865720133929900027297481493143223026704112339997247425350599249812554512606167456298217619549359408254657263874918458518753744624966096201608819511858664268685529336163181156329400702800322067190861310616
10. rx_flag = re.compile(b'The corresponding plaintext is: (.*)\n')
11. class Hacker:
12. def __init__(self):
13. self.target = (ip,port)
14.  
15. def reconnect(self):
16. self.s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
17. self.s.connect(self.target)
18. self.t = Telnet()
19. self.t.sock=self.s
20.  
21. def close_connection(self):
22. self.s.close()
23.  
24. def banner(self):
25. resp = self.t.read_until(b'to decrypt?');print(resp)
26.  
27. def recon(self):
28. self.t.interact()
29.  
30. def attack(self):
31. self.banner()
32. self.t.write(f"{c*pow(2,e,n)}\n".encode())
33. resp = self.t.read_until(b'\n\n');print(resp)
34. plaintint = int(rx_flag.search(resp).group(1))
35. inv_2 = number.inverse(2,n)
36. plaintint = (plaintint*inv_2)%n
37. print(plaintint.to_bytes((plaintint.bit_length()+7)//8,'big'))
38. self.banner()
39.  
40. ## Well done! The flag is S1d3Ch4nn3l4tt4ck
41. if __name__=='__main__':
42. hacker = Hacker()
43. hacker.reconnect()
44. # hacker.recon()
45. hacker.attack()
46. hacker.close_connection()