Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Member-only story

THM - DarkMatter

Francesco Pastore
3 min readJul 6, 2025

--

A writeup for the room “DarkMatter” on TryHackMe

Practice how to exploit a weak RSA implementation to recover the private key and decrypt a ransomware-encrypted files.

DarkMatter

Practice how to exploit a weak RSA implementation to recover the private key and decrypt a ransomware-encrypted files.

tryhackme.com

Analysis

The challenge involves a machine infected with a ransomware.

Once booted, a window appears informing us that the files have been encrypted and asking us to pay the ransom in exchange for the key.

Inside the room description we can see how to move the first steps.

The ransomware saves this data to the tmp directory.

Looking inside the tmp folder, we can see that the ransomware has left behind a couple of interesting files.

Inside the file public_key.txt, we can see two numbers, n and e, which are usually used in the RSA cryptosystem.

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

158 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech