Beginner picoMini 2022 Write-up

Photo by Shahadat Rahman on Unsplash

I have always been a fan of puzzles, especially so if they are technical. I have fond memories of finding different messages encoded into image files, decoding various ciphers, and researching obscure fandoms to find clues. Imagine my delight when I found out about CTF competitions, something that perfectly married my love for computers, puzzles, as well as breaking things.

Being a novice who has only barely started on my IT journey, I decided to dip my toes in the water with picoCTF’s latest event, the Beginner picoMini 2022. There were, of course, some hiccups along the way, but I managed to complete it within a night. A success in my book.

The challenges

Very straightforward, simply run the python script for the flag.


Again, simply run the provided command to receive the flag.

Slightly more involved this time. A multipurpose converter such as CyberChef will be useful here (as well as in future CTF challenges). Input the correct answer for the flag.


Place the two provided files into the same directory, and then run the python script. As per the instructions.

This is the first task where we have to examine code. Thankfully, python does a really good job of pointing out problems. Here is what happens if I attempt to run the script as-is. Notice the error message:

The print function is incorrectly indented

We simply have to remove the incorrectly placed indent and the script will reward us with the flag.

Just like the last challenge, we have to find another problem with this python script. Attempting to run the script gave the following syntax error:

A suggestion is even included in the error message

Applying the suggested fix got the script to work perfectly, giving us the next flag.

PW Crack 1

After downloading the password checker and the encrypted flag and putting them in the same directory, running the checker script prompted me for a password:

The password (1e1a) can be found by inspecting the python script itself.

Running the script again with the provided password yielded the flag.

Glitch Cat

In this challenge, running the provided netcat command resulted in the following a portion of the flag, along with some encoded characters.

The latter half of the flag is encoded in hexadecimal

You can either try and convert the characters individually to complete the flag. Alternatively, taking a page from the above fixme challenges, you can input the whole thing into python to quickly obtain the string needed.

Looks like “c5657ff3” was the missing half

PW Crack 2

After downloading the files as instructed, it seems that a password is needed to run the python script.

Taking a peek at the code, we can see the password check

I simply commented out the password check and instead set the user_pw variable to be “chr(0x32) + chr(0x65) + chr(0x30) + chr(0x65)”.

Running the script again like this got me the decoded flag.


In this challenge, running the netcat command provided prompted me to input the md5 hash for the (seemingly automatically generated) text.

This looks like the job for CyberChef, which quickly provided me with the hash necessary. Repeating the task two more times netted me the flag.


Running the provided python script show me three options

Choosing to print the flag gave me the following message and returned me to the options input screen.

Looks like it is time to examine the code again.

The print_flag function seems to be defined with no problems
But it is not invoked when choosing “b”
I modified the script to invoke the print_flag() function as intended

Running the modified script gave me the flag.

PW Crack 3

The complexity rises again, and this time we have three files to deal with. Running the script prompted me for a password.

Examining the code for, I noticed the password check function as well as the list of possible passwords.

So I modified the script to try each password from “pos_pw_list” instead of inputting the password myself.

Running the script again got me the flag.

picoCTF{m45h_fl1ng1ng_cd6ed2eb} is the flag this time

PW Crack 4

Similar to PW Crack 3, the password checker demanded a password to operate. Diving into the code this time, the password list is much longer.

Doing the same thing, I got python to automatically loop through the list of possible passwords, this time stopping after finding the string “picoCTF”.

Works like a charm.

PW Crack 5

The last challenge of this event, and the most demanding of them all. Instead of a list of passwords, this challenge provided a dictionary file of all of the possible passwords. Let’s get to work.

I skipped straight to examining the python script this time. Looks like it will be the same process as before. The difference now is that I will have to use the password from the dictionary.txt file.

A lot of passwords to go through

First, we need to make a list for python to use. A bit of web searching enabled me to create this.

Reading every line of the dictionary.txt file and adding them to a list (pw)

It seems to be working

Now all we have to do is implement the same password check as before

Alas, the final flag

As far as my first CTF attempt goes, I had a blast going through the challenges and learning new things about python. Super excited to complete this event and I am eager to compete in more CTFs to come.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: