Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
An internal breach has compromised one of the system’s most sensitive scripts: password.py
. This seemingly harmless file has been tampered with by an attacker aiming to sabotage the onboarding of new agents into the organization’s digital environment.
Your mission as a Blue Team analyst is to audit the script, revert the manipulations, and recover the original password that should have been generated. It’s not just about fixing bugs: you’ll need to reason precisely, spot subtle inconsistencies, and restore the system’s logic.
👉 From this Blue Team section onwards, the first five challenges will require the use of a preconfigured virtual machine called web-threats-lab
. In some cases, you’ll only use this machine to validate your solutions; in others, you’ll also work directly on it.
Therefore, while part of your analysis can be done on your personal computer, the final validation must always be performed inside the virtual machine. Please do not delete or overwrite it, as it will be your workstation throughout this series.
1 https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova
student:4geeks-lab
.Here is the affected script:
1def generate_password(): 2 part1 = "Blu3" 3 4 segment_team = "Te4" 5 6 part3_char1 = "!" 7 part3_char2_source = "n" 8 part3_char3_source = "g" 9 10 segment_ing = part3_char1 + part3_char3_source + chr(ord('o') - 2) 11 12 final_password_string = part1 + part3_char2_source + segment_team + segment_ing 13 14 return final_password_string 15 16if __name__ == "__main__": 17 print(generate_password())
Once you believe you have fixed the script and obtained the expected password, you must validate it inside the web-threats-lab
virtual machine. To do so, run the following command from the terminal:
1validate-bluecode
Just follow the instructions provided by the validator.
During your investigation, you might consider using:
💡 Hint The password generated by the script seems to have valid parts... but assembled incorrectly. Ask yourself:
Does it make sense for a lone "n" to appear between "Blu3" and "Te4"? Isn’t there a more coherent way to join these parts? Maybe the solution isn’t to invent anything new, but to organize what you already have in a more natural way.
Good luck, agent!
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures
Difficulty
easy
Average duration
1 hrs
Technologies
Python
cybersecurity
blue-team
base64
string-analysis
owasp-a08-software-and-data-integrity-failures