GordonOus

from binascii import unhexlify
import math

# STEP 1 => Get the bytes of the flag
encrypted_flag = unhexlify(open('output.txt','r').read().split(' ')[1].strip('\n'))
part_flag = b'HTB{'
# STEP 2 => Get the encryption key by xoring the known string with the similar placed output bytes
key = [chr(b ^ encrypted_flag[a]) for a,b in enumerate(part_flag)]

messages = []

GordonOus

from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse
from binascii import hexlify,unhexlify
from base64 import b64decode

# STEP 1 => import the public keys and get both moduli (n1,n2) and exponents (e1,e2)
key1 = RSA.import_key(open('key1.pem').read())
key2 = RSA.import_key(open('key2.pem').read())

n1,n2,e1,e2 = key1.n, key2.n, key1.e, key2.e

GordonOus

========== First =========
Lets compare both keys provided:

openssl rsa -pubin -inform PEM -text -noout < key1.pem
openssl rsa -pubin -inform PEM -text -noout < key2.pem

we can observe that both keys have SIMILAR modulus but DIFFERENT exponents: 
after googling online on RSA attacks i found one for Common Modulus

Exploiting it according to me was not very trivial especially without solid background in crypto (google to the rescue)

GordonOus

from Crypto.PulicKey import RSA

key = open('key.pub').read()
# STEP 1 => get the modulus and exponent
n = key.n
e = key.e

# STEP 2 => Since itis a weak rsa: we could factorise the modulus from using this site: http://factordb.com/
# after factorising we get p and q below