Let us Google this for you: "Chosen ciphertext attacks against protocols based on the RSA encryption standard"
This is Bleichenbacher from CRYPTO '98; I get a bunch of .ps versions on the first search page.
Read the paper. It describes a padding oracle attack on PKCS#1v1.5. The attack is similar in spirit to the CBC padding oracle you built earlier; it's an "adaptive chosen ciphertext attack", which means you start with a valid ciphertext and repeatedly corrupt it, bouncing the adulterated ciphertexts off the target to learn things about the original.
This is a common flaw even in modern cryptosystems that use RSA.
It's also the most fun you can have building a crypto attack. It involves 9th grade math, but also has you implementing an algorithm that is complex on par with finding a minimum cost spanning tree.
For this challenge, we've used an untenably small RSA modulus (you could factor this keypair instantly). That's because this exercise targets a specific step in the Bleichenbacher paper --- Step 2c, which implements a fast, nearly O(log n) search for the plaintext.
Things you want to keep in mind as you read the paper:
To decrypt "c", you'll need Step 2a from the paper (the search for the first "s" that, when encrypted and multiplied with the ciphertext, produces a conformant plaintext), Step 2c, the fast O(log n) search, and Step 3.
Your Step 3 code is probably not going to need to handle multiple ranges.
We recommend you just use the raw math from paper (check, check, double check your translation to code) and not spend too much time trying to grok how the math works.