picoCTF – Python Wrangling

Introduction

It seems like the Python script needs to be run similar to how you’d run a program in the Terminal.

The goal is to use a specific password to execute this script and retrieve the flag. You’ll find the Python script, a file containing passwords, and another file with the flag attached.

Overview and Solving

Approach:

When we try to run the python file(ende.py), it returns error for both python2 and python 3.

Reading the code:

import sys
import base64
from cryptography.fernet import Fernet

usage_msg = “Usage: “+ sys.argv[0] +” (-e/-d) [file]”
help_msg = usage_msg + “\n” +\
“Examples:\n” +\
“ To decrypt a file named ‘pole.txt’, do: “ +\
“‘$ python “+ sys.argv[0] +” -d pole.txt’\n”

if len(sys.argv) < 2 or len(sys.argv) > 4:
print(usage_msg)
sys.exit(1)

if sys.argv[1] == “-e”:
if len(sys.argv) < 4:
sim_sala_bim = input(“Please enter the password:”)
else:
sim_sala_bim = sys.argv[3]

ssb_b64 = base64.b64encode(sim_sala_bim.encode())
c = Fernet(ssb_b64)

with open(sys.argv[2], “rb”) as f:
data = f.read()
data_c = c.encrypt(data)
sys.stdout.write(data_c.decode())

elif sys.argv[1] == “-d”:
if len(sys.argv) < 4:
sim_sala_bim = input(“Please enter the password:”)
else:
sim_sala_bim = sys.argv[3]

ssb_b64 = base64.b64encode(sim_sala_bim.encode())
c = Fernet(ssb_b64)

with open(sys.argv[2], “r”) as f:
data = f.read()
data_c = c.decrypt(data.encode())
sys.stdout.buffer.write(data_c)

elif sys.argv[1] == “-h” or sys.argv[1] == “ — help”:
print(help_msg)
sys.exit(1)

else:
print(“Unrecognized first argument: “+ sys.argv[1])
print(“Please use ‘-e’, ‘-d’, or ‘-h’.”)

We come to know that there is something to do with entering the file and then decoding it using the program.

Doing that we get the password prompt, which we can get from the pw.txt and there we go we have the flag.

$ python3 ende.py -d flag.txt.en
Please enter the password:68f88f9368f88f9368f88f9368f88f93
picoCTF{4p0110_1n_7h3_h0us3_68f88f93}

Flag: picoCTF{4p0110_1n_7h3_h0us3_68f88f93}