Description
The provided Python script base64-decodes an embedded payload and execs it. Intercept the decoded string to review the logic and recover the flag/password without blindly executing unknown code.
Setup
Download unpackme.flag.py and open it in your editor.
Before the `exec(plain.decode())` line, insert a `print(plain.decode())` (or store the decoded string) to view what will execute.
Run the script locally to print the hidden password and flag.
wget https://artifacts.picoctf.net/c/48/unpackme.flag.py
sed -n '1,80p' unpackme.flag.py
python3 unpackme.flag.py
Solution
- Step 1Inspect the decoderThe script reads a base64 blob, XORs it, and finally calls exec on the decrypted source. Printing `plain.decode()` reveals the cleartext code.
- Step 2Recover the credentialsExecuting the modified file prints a message containing both the password (`batteryhorse`) and flag. Revert to the original script if desired and supply the password to reproduce the flag output.
Flag
picoCTF{175_chr157m45_5274...}
Always inspect self-modifying scripts before running them; a simple print statement exposes the payload safely.