Criminal Name - Hunt and Decode

Name - The Criminal's Enigma 🕵️‍♀️

In this lab, you will analyze a suspicious Python script to discover the name of a criminal wanted by the FBI. You will follow clues, validate your findings, and decode a hidden message using CyberChef.

In this lab you will learn:

• Logical deduction from limited clues
• Basic editing of Python scripts
• Conditional validation and flag revelation
• Base64 decoding with CyberChef

🌱 How to start this lab

👉 From this Blue Team section onwards, the first five challenges will require the use of a preconfigured virtual machine called web-threats-lab. In some cases, you will only use this machine to validate your solutions; in others, you will also work directly on it.

Therefore, although part of your analysis can be done on your personal computer, the final validation must always be done inside the virtual machine. So please do not delete or overwrite it, as it will be your workstation throughout this series.

1. If you don't have the virtual machine yet, download it from this link:

1    https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova

1. Import the virtual machine into VirtualBox.
2. Start the VM and log in as user student:4geeks-lab.

📄 Instructions

You have a script available to help automate your work:

• name_solver.py: a Python script where you will test names based on the clues.

1# name_solver.py
2# This script helps find possible names 
3
4# Read names from a text file
5try:
6        with open("nombres.txt", "r", encoding="utf-8") as file:
7                names = [line.strip() for line in file if line.strip()]
8except FileNotFoundError:
9        print("The file 'nombres.txt' was not found.")
10        exit()
11
12# Go through the names and apply the filters
13for name in names:
14        if len(name) == 7 and 'c' in name.lower():
15                print(f"Could this be the criminal? {name}")
16

Your mission: find the criminal's name using these clues:

1. It is an English male name.
2. It has exactly 7 letters.
3. It contains the letter "C", in any position.

When you think you have the correct name:

1. Run the following command in the web-threats-lab virtual machine:

1validate-criminal-name

If correct, you will see a flag encrypted in base64.

1. Go to CyberChef and use the "From Base64" recipe to decode it.
2. The decoded flag will be proof that you solved the challenge.

Example output

1✅ Correct name: charlie
2🎁 Base64 Encrypted Flag: 342L4TtUaDLFLJFSLDFJ43I9043385wbHZlZH0=

💡 Tips

• Search online for lists of English male names.
• Remember: the filter is that they must have 7 letters and contain the letter “C”.
• Use print() in Python to quickly print and test.

Good luck, agent!