picoCTF Solutions
picoCTF 2021General SkillsEasy

Python Wrangling

Published: April 2, 2026

Description

Python scripts are invoked kind of like programs in the terminal. Download and use the provided python script, password file, and encrypted flag.

Setup

Download ende.py, pw.txt, and flag.txt.en from the challenge page.

wget <url>/ende.py
wget <url>/pw.txt
wget <url>/flag.txt.en

Solution

  1. Step 1Read the password
    The decryption password is stored in pw.txt. Print it so you can supply it to the script.
    cat pw.txt
    Learn more

    Storing a password in a separate file is a common pattern in software -- rather than hard-coding credentials in the main script, they're kept in a dedicated file that can be protected with file system permissions or excluded from version control. In this challenge, the password file is provided to you intentionally as part of the puzzle.

    In real applications you'd never want to store plaintext passwords in a file, but the pattern of reading configuration or secrets from a file is pervasive. Tools like .env files, secrets.json, or environment variables serve the same purpose in production code. The key is that the secret is separate from the logic that uses it.

  2. Step 2Decrypt the flag
    Run ende.py with the -d flag to decrypt. The script will prompt for the password -- paste what you read from pw.txt.
    python3 ende.py -d flag.txt.en
    Learn more

    Command-line flags (like -d) are arguments passed to a program to modify its behavior. The convention of -d for "decrypt" and -e for "encrypt" is common across many cryptographic tools. Python scripts parse these using the sys.argv list or the argparse module, which provides structured argument parsing with help text and type checking.

    The .en file extension likely stands for "encrypted" -- a naming convention to distinguish encrypted files from their plaintext originals. The underlying encryption algorithm could be AES, DES, or another symmetric cipher. Since the password is given, no cracking is needed -- this challenge focuses purely on knowing how to run a Python script with the correct arguments.

    Running Python scripts: python3 script.py invokes the Python 3 interpreter on script.py. The distinction between python and python3 matters on systems where Python 2 is still the default (older Linux distros). In CTF environments, always check python3 --version first. You can also make scripts directly executable with chmod +x ende.py and then run ./ende.py -d flag.txt.en if the script has a shebang line (#!/usr/bin/env python3).

Flag

picoCTF{...}

The -d flag means decrypt; the password from pw.txt is the decryption key.

More General Skills