BUUCTF

经典的rsa公钥加密，

某个大佬给的脚本：

# coding=UTF-8
import Crypto.PublicKey.RSA
import factordb.factordb
import rsa
import gmpy2

pubKey = Crypto.PublicKey.RSA.import_key(open(unicode('D:\ctf\攻防世界\Noremal_RSA\547de1d50b95473184cd5bf59b019ae8\pubkey.pem', "UTF8"), 'r').read())
c = open(unicode('D:\ctf\攻防世界\Noremal_RSA\547de1d50b95473184cd5bf59b019ae8\flag.enc', "UTF8"), 'r').read()

n = pubKey.n
e = pubKey.e

factor = factordb.factordb.FactorDB(n)
factor.connect()
factor_list = factor.get_factor_list()
p = factor_list[0]
q = factor_list[1]

phi = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi)
n = p * q

privateKey = rsa.PrivateKey(n, e, int(d), p, q)
print (rsa.decrypt(c, privateKey).decode())

解出flag

pem文件通过在线rsa密钥解密可以解出n和e，enc文件通过python打开就是c，可以直接运行

脚本：

#coding=UTF-8
import gmpy2
import libnum
a=0xC2636AE5C3D8E43FFB97AB09028F1AAC6C0BF6CD3D70EBCA281BFFE97FBE30DD
print(a)
p=275127860351348928173285174381581152299
q=319576316814478949870590164193048041239
d=10866948760844599168252082612378495977388271279679231539839049698621994994673
n=p*q
e=0x10001
c = open(unicode('D:\ctf\攻防世界\Noremal_RSA\547de1d50b95473184cd5bf59b019ae8\flag.enc', "UTF8"), 'r').read()
c = libnum.s2n(c)
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(libnum.n2s(m))

得到flag（如果没有第一行的代码，运行后会报错）

flag的前后会有乱码，所以找像flag的字符串就行了