Very Smooth - picoCTF 2022
vulnerability: factorisation with Pollard’s p-1 algorithm

Lorge - Imaginary CTF 2022
vulnerability: factorisation with Pollard’s p-1 algorithm, but largest prime factor of p-1 and q-1 is the same

One Step Closer - HTB Cyber Apocalypse CTF 2022
vulnerability: affine padding (allowing Franklin-Reiter attack)

DeLorean - HTB
vulnerability: non-prime e and gcd(e, phi) is power of 2

easyRSA - DASCTF 2022
vulnerability: non-prime e and gcd(e, p-1) = 1

baby RSA DICECTF 2022
vulnerability: e | (p-1) and e | (q-1)

Information Paradox - Space Heroes CTF 2022
vulnerability: partial PEM private key

Key Recovery - San Diego CTF 2022
vulnerability: partial OpenSSH private key

PSYDUCK - squeamishossifrage
vulnerability: upper bits of p given

DELIBIRD - squeamishossifrage
vulnerability: common modulus attack

MAGIKARP - squeamishossifrage
vulnerability: e=1

VULPIX - squeamishossifrage
vulnerability: low Hamming weight

LUDICOLO - squeamishossifrage
vulnerability: ROCA attack

Can’t Login - Incognito CTF 2022
vulnerability: common ssh-key password

Cookie Lover - HackIM CTF 2022
vulnerability: signature oracle

rsa_leak - ACTF 2022
vulnerability: LSB attack

Refactor - ASIS quals 2023
vulnerability: multiple of phi known

Too Little Information - nbctf 2023
vulnerability: MSB (p+q) known

easy-rsa - pingCTF 2023
vulnerability: bit-by-bit bruteforce

pprintable - Fall GoN Open Qual CTF 2022
vulnerability: byte-by-byte bruteforce

Various Scattered Bits Challs
vulnerability: random known bits

L4ugh - 0xl4ughCTF 2024
vulnerability: common d