I have always been a fan of puzzles, especially so if they are technical. I have fond memories of finding different messages encoded into image files, decoding various ciphers, and researching obscure fandoms to find clues. Imagine my delight when I found out about CTF competitions, something that perfectly married my love for computers, puzzles, as well as breaking things.

Being a novice who has only barely started on my IT journey, I decided to dip my toes in the water with picoCTF’s latest event, the Beginner picoMini 2022. There were, of course, some hiccups along the way, but I managed to complete it within a night. A success in my book.

The challenges

runme.py

Very straightforward, simply run the python script for the flag.

ncme

Again, simply run the provided command to receive the flag.

convertme.py

Slightly more involved this time. A multipurpose converter such as CyberChef will be useful here (as well as in future CTF challenges). Input the correct answer for the flag.

Codebook

Place the two provided files into the same directory, and then run the python script. As per the instructions.

fixme1.py

This is the first task where we have to examine code. Thankfully, python does a really good job of pointing out problems. Here is what happens if I attempt to run the script as-is. Notice the error message:

We simply have to remove the incorrectly placed indent and the script will reward us with the flag.

fixme2.py

Just like the last challenge, we have to find another problem with this python script. Attempting to run the script gave the following syntax error:

Applying the suggested fix got the script to work perfectly, giving us the next flag.

PW Crack 1

After downloading the password checker and the encrypted flag and putting them in the same directory, running the checker script prompted me for a password:

The password (1e1a) can be found by inspecting the python script itself.

Running the script again with the provided password yielded the flag.

Glitch Cat

In this challenge, running the provided netcat command resulted in the following a portion of the flag, along with some encoded characters.

You can either try and convert the characters individually to complete the flag. Alternatively, taking a page from the above fixme challenges, you can input the whole thing into python to quickly obtain the string needed.

PW Crack 2

After downloading the files as instructed, it seems that a password is needed to run the python script.

Taking a peek at the code, we can see the password check

I simply commented out the password check and instead set the user_pw variable to be “chr(0x32) + chr(0x65) + chr(0x30) + chr(0x65)”.

Running the script again like this got me the decoded flag.

HashingJobApp

In this challenge, running the netcat command provided prompted me to input the md5 hash for the (seemingly automatically generated) text.

This looks like the job for CyberChef, which quickly provided me with the hash necessary. Repeating the task two more times netted me the flag.

Serpentine

Running the provided python script show me three options

Choosing to print the flag gave me the following message and returned me to the options input screen.

Looks like it is time to examine the code again.

Running the modified script gave me the flag.

PW Crack 3

The complexity rises again, and this time we have three files to deal with. Running the level3.py script prompted me for a password.

Examining the code for level3.py, I noticed the password check function as well as the list of possible passwords.

So I modified the script to try each password from “pos_pw_list” instead of inputting the password myself.

Running the script again got me the flag.

PW Crack 4

Similar to PW Crack 3, the password checker demanded a password to operate. Diving into the code this time, the password list is much longer.

Doing the same thing, I got python to automatically loop through the list of possible passwords, this time stopping after finding the string “picoCTF”.

Works like a charm.

PW Crack 5

The last challenge of this event, and the most demanding of them all. Instead of a list of passwords, this challenge provided a dictionary file of all of the possible passwords. Let’s get to work.

I skipped straight to examining the python script this time. Looks like it will be the same process as before. The difference now is that I will have to use the password from the dictionary.txt file.

First, we need to make a list for python to use. A bit of web searching enabled me to create this.

It seems to be working

Now all we have to do is implement the same password check as before

Alas, the final flag

As far as my first CTF attempt goes, I had a blast going through the challenges and learning new things about python. Super excited to complete this event and I am eager to compete in more CTFs to come.