Breaking Weak RSA

Taking a look at how we can leverage access to a weak public RSA key, an encrypted file and the RSACTFTool (link in the post below).

This is a run through of the HackTheBox challenge called “WeakRSA”.

Before we start, clone the following git repo:

The challenge provides us with the following files:
– flag.enc
– key.pub
Our task is to gain access to the contents of the flag.enc file. Let’s go…

Navigate to the RSACTFTool directory and use pip3 to install the requirements, using:
pip3 install -r requirements.txt

Once we’re set up, use the following command to export the private key:

python3 RsaCtfTool.py --publickey key.pub --private

You could optionally redirect the output to a new file at the same time by appending > privkey to the end of the above command.

Grab the private key contents from the output and create a new file (call it whatever you like). I created a file called “privatekey” can dumped the contents of the key in there.

Armed with the private key and the encrypted flag.enc file, we can now have a go at getting to the contents.

For this, we’ll be using OpenSSL as follows:

openssl rsault -in flag.enc -out loot.txt -decrypt -inkey privatekey

Read the contents of the loot.txt file to capture the flag.