Blue Code - Sabotaged Password Recovery

An internal breach has compromised one of the system’s most sensitive scripts: password.py. This seemingly harmless file has been tampered with by an attacker aiming to sabotage the onboarding of new agents into the organization’s digital environment.

Your mission as a Blue Team analyst is to audit the script, revert the manipulations, and recover the original password that should have been generated. It’s not just about fixing bugs: you’ll need to reason precisely, spot subtle inconsistencies, and restore the system’s logic.

🌱 How to start this lab

👉 From this Blue Team section onwards, the first five challenges will require the use of a preconfigured virtual machine called web-threats-lab. In some cases, you’ll only use this machine to validate your solutions; in others, you’ll also work directly on it.

Therefore, while part of your analysis can be done on your personal computer, the final validation must always be performed inside the virtual machine. Please do not delete or overwrite it, as it will be your workstation throughout this series.

1. If you don’t have the virtual machine yet, download it from this link:

1  https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova

1. Import the virtual machine into VirtualBox.
2. Start the VM and log in as user student:4geeks-lab.

The sabotage

Here is the affected script:

1def generate_password():
2    part1 = "Blu3"
3    
4    segment_team = "Te4" 
5    
6    part3_char1 = "!"
7    part3_char2_source = "n"
8    part3_char3_source = "g"
9
10    segment_ing = part3_char1 + part3_char3_source + chr(ord('o') - 2)
11    
12    final_password_string = part1 + part3_char2_source + segment_team + segment_ing
13
14    return final_password_string
15
16if __name__ == "__main__":
17    print(generate_password())

Validation inside the virtual machine

Once you believe you have fixed the script and obtained the expected password, you must validate it inside the web-threats-lab virtual machine. To do so, run the following command from the terminal:

1validate-bluecode

Just follow the instructions provided by the validator.

Recommended tools

During your investigation, you might consider using:

• Python 3.x – to debug and run the modified script
• CyberChef or base64 – for decoding
• VSCode or any text editor with syntax highlighting – for code inspection

💡 Hint The password generated by the script seems to have valid parts... but assembled incorrectly. Ask yourself:

Does it make sense for a lone "n" to appear between "Blu3" and "Te4"? Isn’t there a more coherent way to join these parts? Maybe the solution isn’t to invent anything new, but to organize what you already have in a more natural way.

Good luck, agent!