PicoCTF — Python Wrangling

Hello, everyone! I hope you’re doing well and having a good time!

This is my third write-up on PicoCTF. I just want to go through the basics of this, since I don’t have the energy to do something different because I was sick for three months and hospitalized. So, I just want to do something easy so other people can enjoy reading it. Let’s get started.

This room is called Python Wrangling, as you can see in the title. I am sure it is going to be an easy and interesting room/box. As you can see in the image below, we need to install three different files in order to get the flag and these are “python script”, a password file, and the flag file itself.

Go ahead and install each one of these. I am waiting for you… Now that I have downloaded each individual file and moved them to a different directory for easier navigation, let’s see what each file contains before we do anything.

I viewed the password file, and it looked like this!

The third file is what we were looking for because it’s a python script that we’re going to be using to encrypt and get the password. I was able to understand the code by reading it and what it does, especially at the beginning. Let;’s look at it.

It imports a few modules, as you can see in the first three lines, then around number #8 and so there is a variable named “help_usage” which gives us a message on how to use this tool. I am guessing that the “-d” option is to decrypt the file. After that, there is an if statement at number 22 which tells us that we need to provide a password for this, which we have so. Here is how we’re going to do this. $ python 3 script.py -d flag.txt

The “-d” is to decrypt the file, it will ask for your password, so make sure to copy it before you execute the script, like so.

After we run the script and provide the password that we copied, we should get the flag like so.

Now copy that and submit it. I hope you enjoy this and learn something from it, even though this is really basic stuff. Thank you.