Learn to hack!
At the core of pwn.college is flags. How do you get those flags? Solve challenges. You can start a challenge by clicking on the
Challenges tab at the top, selecting a module, clicking on a particular level, and hitting
Start. In order to access that challenge, you have two options.
The first option is using the
Workspace tab. This will present you with a fully functional development environment in your browser via Visual Studio Code. You can, for instance, quickly open a new terminal by pressing
F1, searching for
New Terminal, and pressing enter.
The second option is using
ssh. In order to ssh into your challenge instances, you must add a public ssh key to
SSH Key. You can quickly generate an ssh key by running
ssh-keygen -f key -N '' in a terminal on your (unix-friendly) host machine. This will generate files
key.pub, which are your private and public keys respectively. Once you have linked your ssh key to your account, you can run
ssh -i key email@example.com to connect into your challenge instance.
Once you are in a challenge instance, your goal is to get the contents of the
/flag file. Unfortunately for you, you are executing as the
hacker user, but
/flag is only readable by the
root user. Fortunately, however, there are challenge programs located inside of the
/challenge directory, which when run, will run with the privileges of the
root user. Solve the challenge to get the
/flag, and then submit it in order to complete the challenge!
A few things to note. Your home directory
/home/hacker is persistent. This means that when you start a new challenge, all of the files you have saved in there will still be there. The
Practice button can be incredibly useful for debugging your solution. When you start a challenge in this way, you will have the ability to run programs as the
root user with the
sudo command; however, the instance will only have a practice flag. For some of the later (kernel-focused) challenges, you will need to solve the challenge in a virtual machine. You can interact with the virtual machine using the
pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. In martial arts terms, it is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”.
pwn.college was created by Zardus (Yan Shoshitaishvili) and kanak (Connor Nelson) at Arizona State University. It powers ASU’s Computer Systems Security course, CSE466, and is now open, for free, to participation for interested people around the world!