Oh no, my computer has been attacked by WannaLaugh !!, What do I do?? My flag.txt has been encrypted :((
How will I ever see my monkeys again...
Background Knowledge
This challenge is a grossly simplified play/recreation of the infamous ransomware "WannaCry"
It would be great to have prior experience in malware development, and basic asymmetric encryption with PKI infrastructure.
The awful malware presented in this challenge features a HTTP C2 that returns the fields required to encrypt a victim's file system. After a ransom is paid, the victim will gain access to a private key via a secured endpoint on the C2 server, after which the files can be decrypted.
Solution
The player is given an implant.cpp, which is compiled into a dll and injected into a process on the victim
And, this condition is met only after the transaction is paid. It seems like the /btc_transaction takes in a field "proof", which points to 2 variables: fileSize & ransom.
const auto fileSize = std::filesystem::file_size(filePath);
// because i'm nice, fileSize returns an integer value of 512.
const auto ransom = fileSize * 0.000028
The challenge author was nice enough to give you the required values for the proof, of course this secret proof would be a lot better in actual malware...
The solution is to retrieve the private_key and decrypt the flag.txt
solve.py
from requests import get, post
from Cryptodome.Cipher import PKCS1_OAEP
from Cryptodome.PublicKey import RSA
ip = "http://157.230.251.0:6002"
encflag = bytes.fromhex(open('encrypted_flag.txt', 'r').read())
privk = post(ip+"/btc_transaction",json={'amount':512 * 0.000028 ,'fsize':512}).content
pki = RSA.import_key(privk)
print(PKCS1_OAEP.new(pki).decrypt(encflag).decode())
# CTF101{wANN4cR7_rAns0mW4r3_fR0M_w1sH.c0m}