picoCTF-WP

來夢桃子發表於2020-10-17

目錄

The Numbers

Description:The numbers… what do they mean?
Hints:The flag is in the format PICOCTF{}

在這裡插入圖片描述

a-1 b-2 c-3 d-4 e-5 f-6 g-7 h-8 
i-9 j-10 k-11 l-12 m-13 n-14 o-15 p-16 
q-17 r-18 s-19 t-20 u-21 v-22 w-23 x-24 
y-25 z-26

大括號前數字對應的字母是PICOCTF

GET FLAG!

PICOCTF{THENUMBERSMASON}

caesar

Description:Decrypt this message
Hints:caesar cipher tutorial

picoCTF{gvswwmrkxlivyfmgsrhnrisegl}

凱撒加密線上解密網站
在這裡插入圖片描述
GET FLAG!

picoCTF{crossingtherubicondjneoach}

Easy1

Description:The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We’ve given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPTO. Can you use this table to solve it?
Hints:
1.Submit your answer in our flag format. For example, if your answer was ‘hello’, you would submit ‘picoCTF{HELLO}’ as the flag.
2.Please use all caps for the message.

一看附件我們就知道這是考察維吉尼亞密碼
在這裡插入圖片描述
維吉尼亞加密線上解密網站

GET FLAG!

picoCTF{CRYPTOISFUN}

13

Description:Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}
Hints:This can be solved online if you don’t want to do it by hand!

ROT13線上解密網站
在這裡插入圖片描述
GET FLAG!

picoCTF{not_too_bad_of_a_problem}

2Warm

Description:Can you convert the number 42 (base 10) to binary (base 2)?
Hints:Submit your answer in our competition’s flag format. For example, if your answer was ‘11111’, you would submit ‘picoCTF{11111}’ as the flag

直接將十進位制轉化為二進位制

GET FLAG!

picoCTF{101010}

Lets Warm Up

Description:If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?
Hints:Submit your answer in our flag format. For example, if your answer was ‘hello’, you would submit ‘picoCTF{hello}’ as the flag

0x70為十六進位制70,轉化為ASCII碼為字母p

GET FLAG!

picoCTF{p}

Warmed Up

Description:What is 0x3D (base 16) in decimal (base 10)?
Hints:Submit your answer in our flag format. For example, if your answer was ‘22’, you would submit ‘picoCTF{22}’ as the flag

GET FLAG!

picoCTF{61}

Bases

Description:What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases
Hints:Submit your answer in our flag format. For example, if your answer was ‘hello’, you would submit ‘picoCTF{hello}’ as the flag

在這裡插入圖片描述
GET FLAG!

picoCTF{l3arn_th3_r0p35}

plumbing

Description:Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to jupiter.challenges.picoctf.org 22058
Hints:
1.Remember the flag format is picoCTF{XXXX}
2.What’s a pipe? No not that kind of pipe… This kind

nc jupiter.challenges.picoctf.org 22058 | grep pico

在這裡插入圖片描述
GET FLAG!

picoCTF{digital_plumb3r_5ea1fbd7}

flag_shop

Description:There’s a flag shop selling stuff, can you buy a flag?
Source. Connect with nc jupiter.challenges.picoctf.org 60804
Hints:Two’s compliment can do some weird things when numbers get
really big!

((1<<31)//900)*1.5
3579138.0

在這裡插入圖片描述
GET FLAG!

picoCTF{m0n3y_bag5_65d67a74}

Glory of the Garden

Description:This garden contains more than it seems
Hints:What is a hex editor?

在這裡插入圖片描述
使用010 editor開啟
在這裡插入圖片描述
GET FLAG!

picoCTF{more_than_m33ts_the_3y33dd2eEF5}

Insp3ct0r

Description:Kishor Balan tipped us off that the following code may
need inspection: https://jupiter.challenges.picoctf.org/problem/51418/
(link) or http://jupiter.challenges.picoctf.org:51418 Hints:
1.How do you inspect web code on a browser?
2.There’s 3 parts
在這裡插入圖片描述
在這裡插入圖片描述
在這裡插入圖片描述

GET FLAG!

picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?2e7b23e3}

dont-use-client-side

Description:Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/61882/ (link) or
http://jupiter.challenges.picoctf.org:61882 Hints:Never trust the
client

在這裡插入圖片描述
GET FLAG!

picoCTF{no_clients_plz_b706c5}

So Meta

Description:Find the flag in this picture.
Hints:
1.What does meta mean in the context of files?
2.Ever heard of metadata?

在這裡插入圖片描述

在這裡插入圖片描述
010 editor開啟

GET FLAG!

picoCTF{s0_m3ta_d8944929}

extensions

Description:This is a really weird text file TXT? Can you find the
flag? Hints:
1.How do operating systems know what kind of file it is? (It’s not just the ending!
2.Make sure to submit the flag as picoCTF{XXXXX}

$ file flag.txt
flag.txt: PNG image data, 1697 x 608, 8-bit/color RGB, non-interlaced

GET FLAG!

picoCTF{now_you_know_about_extensions}

Flags

在這裡插入圖片描述
國際訊號旗
在這裡插入圖片描述
GET FLAG!

PICOCTF{F1AG5AND5TUFF}

Tapping

Description:Theres tapping coming in from the wires. What’s it saying nc jupiter.challenges.picoctf.org 28927
Hints:
1.What kind of encoding uses dashes and dots?
2.The flag is in the format PICOCTF{}

在這裡插入圖片描述
在這裡插入圖片描述

GET FLAG!

PICOCTF{M0RS3C0D31SFUN1261438181}

la cifra de

Description:I found this cipher in an old book. Can you figure out what it says? Connect with nc jupiter.challenges.picoctf.org 50523
Hints:
1.There are tools that make this easy
2.Perhaps looking at history will help

在這裡插入圖片描述
https://github.com/d4rkvaibhav/picoCTF-2018-Writeups/tree/master/Cryptography/blaise

hgqqpohzCZK{m311a50_0x_a1rn3x3_h1ah3x6kp60egf}

維吉尼亞密碼

key = FLAG

在這裡插入圖片描述
GET FLAG!

picoCTF{b311a50_0r_v1gn3r3_c1ph3r6fe60eaa}

what’s a net cat?

Description:Using netcat (nc) is going to be pretty important. Can you connect to jupiter.challenges.picoctf.org at port 29138 to get the flag?
Hints:nc tutorial

在這裡插入圖片描述
GET FLAG!

picoCTF{nEtCat_Mast3ry_3214be47}

WhitePages

Description:I stopped using YellowPages and moved onto WhitePages…
but the page they gave me is all blank!

# coding=utf8
text = '                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                '
firstType = ' '
secondType =  ' '
binaryString = ''
for char in text: 
	if char == firstType: 
		binaryString += '0' 
	else:
		binaryString += '1' 

print(binaryString)

輸出

00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111001101110011000100110000001100000011100000110110001100000110001000110000011001100110000100110111001101110011100101100001001101010110001001100100001110000110001101100101001100100011100101100110001100100011010001100110001101010011100000110110011001000110001101111101000010100000100100001001

轉ASCII碼 工具網站

GET FLAG!

picoCTF{not_all_spaces_are_created_equal_7100860b0fa779a5bd8ce29f24f586dc}

What Lies Within

Description:There’s something in the building. Can you retrieve the
flag?
Hints:There is data encoded somewhere… there might be an
online decoder.

在這裡插入圖片描述
工具網站
在這裡插入圖片描述
GET FLAG!

picoCTF{h1d1ng_1n_th3_b1t5}

WebNet1

Description:We found this packet capture and key. Recover the flag
Hints:
1.Try using a tool like Wireshark
2.How can you decrypt the TLS stream?

GET FLAG!

picoCTF{honey.roasted.peanuts}

WebNet0

Description:We found this packet capture and key. Recover the flag
Hints:
1.Try using a tool like Wireshark
2.How can you decrypt the TLS stream?

GET FLAG!

picoCTF{nongshim.shrimp.crackers}

where are the robots

Description:Can you find the robots? https://jupiter.challenges.picoctf.org/problem/39894/ (link) or http://jupiter.challenges.picoctf.org:39894
Hints:What part of the website could tell you where the creator doesn’t want you to look?

訪問robots.txt
在這裡插入圖片描述

根據提示

在這裡插入圖片描述
GET FLAG!

picoCTF{ca1cu1at1ng_Mach1n3s_1bb4c}

vault-door-1

Description:This vault uses some complicated arrays! I hope you can
make sense of it, special agent. The source code for this vault is
here: VaultDoor1.java Hints:Look up the charAt() method online

在這裡插入圖片描述
按照角標順序排列flag

GET FLAG!

picoCTF{d35cr4mbl3_tH3_cH4r4cT3r5_f6daf4}

b00tl3gRSA2

Description:In RSA d is a lot bigger than e, why don’t we use d to
encrypt instead of e? Connect with nc jupiter.challenges.picoctf.org
42900 Hints:What is e generally?

在這裡插入圖片描述

c: 92463390472800087192779180555276580211051758237753990093467988753236538925883757175417786475785221755573537602631074151210657360317799967259884659949392552159838621678804670612766985877974655351984488131211987107682381778065275421745056196897499631525959085217314939336166215734168532140939021392881405389286
n: 95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
e: 11059744591715910578070340621547437785588438727097211605814758009779325773449576760956039130507852117111832187863992376677414916384846199388996358637108859690080713845763365325065050579354007467047781033177175443033195253442490388200752078155010002629110176868787028938174146082210324003736225329259711461473

維納攻擊

1.求d

import gmpy2

def transform(x, y):  # 使用輾轉相處將分數 x/y 轉為連分數的形式
    res = []
    while y:
        res.append(x // y)
        x, y = y, x % y
    return res

def continued_fraction(sub_res):
    numerator, denominator = 1, 0
    for i in sub_res[::-1]:  # 從sublist的後面往前迴圈
        denominator, numerator = numerator, i * numerator + denominator
    return denominator, numerator  # 得到漸進分數的分母和分子,並返回

# 求解每個漸進分數
def sub_fraction(x, y):
    res = transform(x, y)
    res = list(map(continued_fraction, (res[0:i] for i in range(1, len(res)))))  # 將連分數的結果逐一擷取以求漸進分數
    return res

def get_pq(a, b, c):  # 由p+q和pq的值通過維達定理來求解p和q
    par = gmpy2.isqrt(b * b - 4 * a * c)  # 由上述可得,開根號一定是整數,因為有解
    x1, x2 = (-b + par) // (2 * a), (-b - par) // (2 * a)
    return x1, x2

def wienerAttack(e, n):
    for (d, k) in sub_fraction(e, n):  # 用一個for迴圈來注意試探e/n的連續函式的漸進分數,直到找到一個滿足條件的漸進分數
        if k == 0:  # 可能會出現連分數的第一個為0的情況,排除
            continue
        if (e * d - 1) % k != 0:  # ed=1 (mod φ(n)) 因此如果找到了d的話,(ed-1)會整除φ(n),也就是存在k使得(e*d-1)//k=φ(n)
            continue

        phi = (e * d - 1) // k  # 這個結果就是 φ(n)
        px, qy = get_pq(1, n - phi + 1, n)
        if px * qy == n:
            p, q = abs(int(px)), abs(int(qy))  # 可能會得到兩個負數,負負得正未嘗不會出現
            d = gmpy2.invert(e, (p - 1) * (q - 1))  # 求ed=1 (mod  φ(n))的結果,也就是e關於 φ(n)的乘法逆元d
            return d
    print("該方法不適用")

e = 11059744591715910578070340621547437785588438727097211605814758009779325773449576760956039130507852117111832187863992376677414916384846199388996358637108859690080713845763365325065050579354007467047781033177175443033195253442490388200752078155010002629110176868787028938174146082210324003736225329259711461473
n =  95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
d = wienerAttack(e, n)
print("d=", d)
#d= 65537

2.求m

from libnum import *
n = 95121060539013862408792114608182996083216470978709968111585537491720167088525579026611015288201194776792407624152554906864532988860061072094049128084016205535744089898911569550115624351765848370110271405247108730913256738180327626530801745345045727051668026574995075414983372358924041213124599983439849741191
d = 65537
c = 92463390472800087192779180555276580211051758237753990093467988753236538925883757175417786475785221755573537602631074151210657360317799967259884659949392552159838621678804670612766985877974655351984488131211987107682381778065275421745056196897499631525959085217314939336166215734168532140939021392881405389286
m = pow(c,d,n)
print(n2s(m))

在這裡插入圖片描述
GET FLAG!

picoCTF{bad_1d3a5_2152720}

miniRSA

Description:Let’s decrypt this: ciphertext? Something seems a bit small
Hints:
1.RSA tutorial
2.How could having too small an e affect the security of this 2048 bit key?
3.Make sure you don’t lose precision, the numbers are pretty big (besides the e value)

N: 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
e: 3

ciphertext (c): 2205316413931134031074603746928247799030155221252519872650080519263755075355825243327515211479747536697517688468095325517209911688684309894900992899707504087647575997847717180766377832435022794675332132906451858990782325436498952049751141

e =3時的RSA題目

from Crypto.Util.number import *
from gmpy2 import *
from libnum import *
n = 29331922499794985782735976045591164936683059380558950386560160105740343201513369939006307531165922708949619162698623675349030430859547825708994708321803705309459438099340427770580064400911431856656901982789948285309956111848686906152664473350940486507451771223435835260168971210087470894448460745593956840586530527915802541450092946574694809584880896601317519794442862977471129319781313161842056501715040555964011899589002863730868679527184420789010551475067862907739054966183120621407246398518098981106431219207697870293412176440482900183550467375190239898455201170831410460483829448603477361305838743852756938687673
c = 2205316413931134031074603746928247799030155221252519872650080519263755075355825243327515211479747536697517688468095325517209911688684309894900992899707504087647575997847717180766377832435022794675332132906451858990782325436498952049751141
m=gmpy2.iroot(c, 3)[0]
print(n2s(m))

在這裡插入圖片描述
GET FLAG!

picoCTF{n33d_a_lArg3r_e_d0cd6eae}

Irish-Name-Repo 1

Description:There is a website running at
https://jupiter.challenges.picoctf.org/problem/3726/ (link) or
http://jupiter.challenges.picoctf.org:3726. Do you think you can log
us in? Try to see if you can login! Hints:
1.There doesn’t seem to be many ways to interact with this. I wonder if the users are kept in a database?
2.Try to think about how the website verifies your login
在這裡插入圖片描述
在這裡插入圖片描述

SQL隱碼攻擊

payload:' or '1' = '1'

在這裡插入圖片描述

GET FLAG!

picoCTF{s0m3_SQL_c218b685}

Irish-Name-Repo 2

和上題同理

payload:admin' --

GET FLAG!

picoCTF{m0R3_SQL_plz_fa983901}

Irish-Name-Repo 3

Description:There is a secure website running at
https://jupiter.challenges.picoctf.org/problem/50530/ (link) or
http://jupiter.challenges.picoctf.org:50530. Try to see if you can
login as admin!
Hints:Seems like the password is encrypted.

在這裡插入圖片描述
與1、2兩道題同理

curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=test&debug=1"

curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=' or 1=1--&debug=1" 

curl "https://jupiter.challenges.picoctf.org/problem/50530/login.php" --data "password=' be 1=1--&debug=1" && echo

GET FLAG!

 picoCTF{3v3n_m0r3_SQL_06a9db19}

waves over lambda

Description:We made a lot of substitutions to encrypt this. Can you
decrypt it? Connect with nc jupiter.challenges.picoctf.org 1981
Hints:Flag is not in the usual flag format

在這裡插入圖片描述
詞頻分析
在這裡插入圖片描述
GET FLAG!

frequency_is_c_over_lambda_agflcgtyue

b00tl3gRSA3

Description:Why use p and q when I can use more? Connect with nc jupiter.challenges.picoctf.org 39728.
Hints:There’s more prime factors than p and q, finding d is going to be different.

在這裡插入圖片描述
分解素數的工具網站

from Crypto.Util.number import inverse, long_to_bytes

c = 9110463223047560768627983185837291013065984026979122246691670641693507921911138714471825503351416502181538612084759216298024080954635276369884872819045865694323415877393380666698659188786433206204829651839486083439227167739782947380858763016074244533538230626997602679997768419742108438809488997378745885135231397275005541829697447680796841905
n = 11425538401584819806163706604657610172775157597028277103094952137160380635225159026064395321087981712633906712739001816221425882068990717800986885493997067188586022750570022795672674475873925525922555950273900533287986298704530406011201812424577382906358024265538261377845497251332824866711211660311638977500554447447450274961748409116197814869
e = 65537

a = "11 425538 401584 819806 163706 604657 610172 775157 597028 277103 094952 137160 380635 225159 026064 395321 087981 712633 906712 739001 816221 425882 068990 717800 986885 493997 067188 586022 750570 022795 672674 475873 925525 922555 950273 900533 287986 298704 530406 011201 812424 577382 906358 024265 538261 377845 497251 332824 866711 211660 311638 977500 554447 447450 274961 748409 116197 814869 (344 digits) = 9254 199419 × 9611 386963 × 9656 971573 × 9734 674853 × 9814 413929 × 10172 377043 × 10412 171879 × 10599 912247 × 10639 162679 × 10727 233411 × 10801 893607 × 10904 203789 × 11225 791151 × 11470 689287 × 11649 492817 × 11665 695823 × 11840 123279 × 12229 823701 × 12579 771889 × 12937 711057 × 13314 407311 × 13446 623123 × 13558 683371 × 13658 357221 × 13959 625063 × 14161 977139 × 14457 731831 × 14748 001043 × 14841 466091 × 15295 362287 × 15882 693553 × 16130 247647 × 16461 937153 × 16717 618037".split("=")[1].replace(" ", "").split("×")
factors = []

for i in a:
	factors.append(int(i))

phi = 1
for i in factors:
	phi *= (i - 1)

d = inverse(e, phi)

print(long_to_bytes(pow(c, d, n)).decode())

GET FLAG!

picoCTF{too_many_fact0rs_8024768}

Client-side-again

Description:Can you break into this super secure portal?
https://jupiter.challenges.picoctf.org/problem/17684/ (link) or
http://jupiter.challenges.picoctf.org:17684
Hints:What is obfuscation?

在這裡插入圖片描述
原始碼裡有一段這樣的js程式碼,整理後解碼

 function verify(){
 	checkpass=document[_0x4b5b('0x0')]('pass')[_0x4b5b('0x1')];
 	split=0x4;
 	if(checkpass[_0x4b5b('0x2')](0x0,split*0x2)==_0x4b5b('0x3')){
 		if(checkpass[_0x4b5b('0x2')](0x7,0x9)=='{n'){
 			if(checkpass[_0x4b5b('0x2')](split*0x2,split*0x2*0x2)==_0x4b5b('0x4')){
 				if(checkpass[_0x4b5b('0x2')](0x3,0x6)=='oCT'){
 					if(checkpass[_0x4b5b('0x2')](split*0x3*0x2,split*0x4*0x2)==_0x4b5b('0x5')){
 						if(checkpass['substring'](0x6,0xb)=='F{not'){
 							if(checkpass[_0x4b5b('0x2')](split*0x2*0x2,split*0x3*0x2)==_0x4b5b('0x6')){
 								if(checkpass[_0x4b5b('0x2')](0xc,0x10)==_0x4b5b('0x7')){
 									alert(_0x4b5b('0x8'));
 								}
 							}
 						}
 					}
 				}
 			}
 		}
 	}else{
 		alert(_0x4b5b('0x9'));
 	}
 }

在這裡插入圖片描述

GET FLAG!

picoCTF{not_this_again_ef49bf}

Open-to-admins

Description:This secure website allows users to access the flag only if they are admin and if the time is exactly 1400. https://jupiter.challenges.picoctf.org/problem/51400/ (link) or http://jupiter.challenges.picoctf.org:51400
Hints:Can cookies help you to get the flag?

在這裡插入圖片描述
題目說時間和身份不對,修改後訪問
在這裡插入圖片描述
在這裡插入圖片描述

GET FLAG!

picoCTF{0p3n_t0_adm1n5_132f8585}

picobrowser

Description:This secure website allows users to access the flag only
if they are admin and if the time is exactly 1400.
https://jupiter.challenges.picoctf.org/problem/51400/ (link) or
http://jupiter.challenges.picoctf.org:51400
Hints:Can cookies help you to get the flag?

curl --user-agent "picobrowser" "https://2019shell1.picoctf.com/problem/32205/flag"

在這裡插入圖片描述
GET FLAG!

picoCTF{p1c0_s3cr3t_ag3nt_84f9c865}

logon

Description:The factory is hiding things from all of its users. Can
you login as logon and find what they’ve been looking at?
https://jupiter.challenges.picoctf.org/problem/39681/ (link) or
http://jupiter.challenges.picoctf.org:39681
Hints:Hmm it doesn’t seem
to check anyone’s password, except for logon’s?

首先利用admin登陸
在這裡插入圖片描述
使用工具EditorThisCookie修改admin的cookie為True
在這裡插入圖片描述
在這裡插入圖片描述
GET FLAG!

picoCTF{th3_c0nsp1r4cy_l1v3s_0c98aacc}

rsa-pop-quiz

Description:Class, take your seats! It’s PRIME-time for a quiz… nc
jupiter.challenges.picoctf.org 41130
Hints:RSA info

(base) luoluo@luoluodeMacBook-Pro ~ % nc jupiter.challenges.picoctf.org 41130
Good morning class! It's me Ms. Adleman-Shamir-Rivest
Today we will be taking a pop quiz, so I hope you studied. Cramming just will not do!
You will need to tell me if each example is possible, given your extensive crypto knowledge.
Inputs and outputs are in decimal. No hex here!
#### NEW PROBLEM ####
q : 60413
p : 76753
##### PRODUCE THE FOLLOWING ####
n
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
n: 4636878989
Outstanding move!!!


#### NEW PROBLEM ####
p : 54269
n : 5051846941
##### PRODUCE THE FOLLOWING ####
q
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
q: 93089
Outstanding move!!!


#### NEW PROBLEM ####
e : 3
n : 12738162802910546503821920886905393316386362759567480839428456525224226445173031635306683726182522494910808518920409019414034814409330094245825749680913204566832337704700165993198897029795786969124232138869784626202501366135975223827287812326250577148625360887698930625504334325804587329905617936581116392784684334664204309771430814449606147221349888320403451637882447709796221706470239625292297988766493746209684880843111138170600039888112404411310974758532603998608057008811836384597579147244737606088756299939654265086899096359070667266167754944587948695842171915048619846282873769413489072243477764350071787327913
##### PRODUCE THE FOLLOWING ####
q
p
IS THIS POSSIBLE and FEASIBLE? (Y/N):n
Outstanding move!!!


#### NEW PROBLEM ####
q : 66347
p : 12611
##### PRODUCE THE FOLLOWING ####
totient(n)
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
totient(n): 836623060
Outstanding move!!!


#### NEW PROBLEM ####
plaintext : 6357294171489311547190987615544575133581967886499484091352661406414044440475205342882841236357665973431462491355089413710392273380203038793241564304774271529108729717
e : 3
n : 29129463609326322559521123136222078780585451208149138547799121083622333250646678767769126248182207478527881025116332742616201890576280859777513414460842754045651093593251726785499360828237897586278068419875517543013545369871704159718105354690802726645710699029936754265654381929650494383622583174075805797766685192325859982797796060391271817578087472948205626257717479858369754502615173773514087437504532994142632207906501079835037052797306690891600559321673928943158514646572885986881016569647357891598545880304236145548059520898133142087545369179876065657214225826997676844000054327141666320553082128424707948750331
##### PRODUCE THE FOLLOWING ####
ciphertext
IS THIS POSSIBLE and FEASIBLE? (Y/N):y 
#### TIME TO SHOW ME WHAT YOU GOT! ###
ciphertext: 256931246631782714357241556582441991993437399854161372646318659020994329843524306570818293602492485385337029697819837182169818816821461486018802894936801257629375428544752970630870631166355711254848465862207765051226282541748174535990314552471546936536330397892907207943448897073772015986097770443616540466471245438117157152783246654401668267323136450122287983612851171545784168132230208726238881861407976917850248110805724300421712827401063963117423718797887144760360749619552577176382615108244813
Outstanding move!!!


#### NEW PROBLEM ####
ciphertext : 107524013451079348539944510756143604203925717262185033799328445011792760545528944993719783392542163428637172323512252624567111110666168664743115203791510985709942366609626436995887781674651272233566303814979677507101168587739375699009734588985482369702634499544891509228440194615376339573685285125730286623323
e : 3
n : 27566996291508213932419371385141522859343226560050921196294761870500846140132385080994630946107675330189606021165260590147068785820203600882092467797813519434652632126061353583124063944373336654246386074125394368479677295167494332556053947231141336142392086767742035970752738056297057898704112912616565299451359791548536846025854378347423520104947907334451056339439706623069503088916316369813499705073573777577169392401411708920615574908593784282546154486446779246790294398198854547069593987224578333683144886242572837465834139561122101527973799583927411936200068176539747586449939559180772690007261562703222558103359
##### PRODUCE THE FOLLOWING ####
plaintext
IS THIS POSSIBLE and FEASIBLE? (Y/N):n
Outstanding move!!!


#### NEW PROBLEM ####
q : 92092076805892533739724722602668675840671093008520241548191914215399824020372076186460768206814914423802230398410980218741906960527104568970225804374404612617736579286959865287226538692911376507934256844456333236362669879347073756238894784951597211105734179388300051579994253565459304743059533646753003894559
p : 97846775312392801037224396977012615848433199640105786119757047098757998273009741128821931277074555731813289423891389911801250326299324018557072727051765547115514791337578758859803890173153277252326496062476389498019821358465433398338364421624871010292162533041884897182597065662521825095949253625730631876637
e : 65537
##### PRODUCE THE FOLLOWING ####
d
IS THIS POSSIBLE and FEASIBLE? (Y/N):y 
#### TIME TO SHOW ME WHAT YOU GOT! ###
d: 1405046269503207469140791548403639533127416416214210694972085079171787580463776820425965898174272870486015739516125786182821637006600742140682552321645503743280670839819078749092730110549881891271317396450158021688253989767145578723458252769465545504142139663476747479225923933192421405464414574786272963741656223941750084051228611576708609346787101088759062724389874160693008783334605903142528824559223515203978707969795087506678894006628296743079886244349469131831225757926844843554897638786146036869572653204735650843186722732736888918789379054050122205253165705085538743651258400390580971043144644984654914856729
Outstanding move!!!


#### NEW PROBLEM ####
p : 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433
ciphertext : 18031488536864379496089550017272599246134435121343229164236671388038630752847645738968455413067773166115234039247540029174331743781203512108626594601293283737392240326020888417252388602914051828980913478927759934805755030493894728974208520271926698905550119698686762813722190657005740866343113838228101687566611695952746931293926696289378849403873881699852860519784750763227733530168282209363348322874740823803639617797763626570478847423136936562441423318948695084910283653593619962163665200322516949205854709192890808315604698217238383629613355109164122397545332736734824591444665706810731112586202816816647839648399
e : 65537
n : 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239
##### PRODUCE THE FOLLOWING ####
plaintext
IS THIS POSSIBLE and FEASIBLE? (Y/N):y
#### TIME TO SHOW ME WHAT YOU GOT! ###
plaintext: 14311663942709674867122208214901970650496788151239520971623411712977120586163535880168563325
Outstanding move!!!


If you convert the last plaintext to a hex number, then ascii, you'll find what you need! ;)

n = 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239
p = 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433
q = 156408916769576372285319235535320446340733908943564048157238512311891352879208957302116527435165097143521156600690562005797819820759620198602417583539668686152735534648541252847927334505648478214810780526425005943955838623325525300844493280040860604499838598837599791480284496210333200247148213274376422459183
from gmpy2 import *
e = 65537
p = 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433 
q = 156408916769576372285319235535320446340733908943564048157238512311891352879208957302116527435165097143521156600690562005797819820759620198602417583539668686152735534648541252847927334505648478214810780526425005943955838623325525300844493280040860604499838598837599791480284496210333200247148213274376422459183
phi = (p-1)*(q-1)
d = invert(e,phi)
#print(d)
d = 22034129334251191532436631052427142022088744911087428294376533303549714947731798818325604737385904031714383011477708757017443918217594934051491731465975983129741023155187658874730504062262863677059204116473042418196655483682312571059072267891580301964167098006533984400230039789561227549336513668349914598133972091774519248676772440875769025772999278219313806132022105603602125065517276257780089695487263525233311631530270816107086663522684249560931634897706468898520986823978521565593553989544219514141658868117625286137870896148765109851519254459305427251830096270116145359667655034114642356864731801259263519426097
c =  18031488536864379496089550017272599246134435121343229164236671388038630752847645738968455413067773166115234039247540029174331743781203512108626594601293283737392240326020888417252388602914051828980913478927759934805755030493894728974208520271926698905550119698686762813722190657005740866343113838228101687566611695952746931293926696289378849403873881699852860519784750763227733530168282209363348322874740823803639617797763626570478847423136936562441423318948695084910283653593619962163665200322516949205854709192890808315604698217238383629613355109164122397545332736734824591444665706810731112586202816816647839648399
m = pow(c,d,n)
print(m)

#m十進位制轉hex
m=7069636f4354467b7741385f74683474245f696c6c336147616c2e2e6f64653031653462627d
#hex轉ASCII碼
picoCTF{wA8_th4t$_ill3aGal..ode01e4bb}

GET FLAG!

picoCTF{wA8_th4t$_ill3aGal..ode01e4bb}