pwn.college

Learn to hack!

Welcome to pwn.college!

pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. In martial arts terms, it is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”.

pwn.college was created by Zardus (Yan Shoshitaishvili) and kanak (Connor Nelson) at Arizona State University. It powers ASU’s Introduction to Cybersecurity (CSE 365) and Computer Systems Security (CSE 466) courses, and is open, for free, to participation for interested people around the world!

If you have comments, suggestions, and feedback, please email us at pwn-college@asu.edu!

Great! How do I jump in?

pwn.college is organized into a series of modules, that launch throughout the school year and stay open until the next iteration of the courses. For each module, students should go through the following process:

1. Watch the PRERECORDED MODULE LECTURES on YouTube. These classes represent the bulk of the passive educational content in pwn.college! They give you a starting point from which to approach the practice problems (Step 3, below).

2. Attend the LIVE CLASSES on Twitch, during the ASU semester.

3. Catch up on any live classes you miss by checking out RECORDED STREAMS, which are initially saved on Twitch right after the live stream (but time out after a week or two) and are eventually archived to YouTube. The live classes are used to fill in gaps between prerecorded lectures and answer student questions. Prior live classes:

• CSE365 Spring 2023
• CSE466 Fall 2022
• CSE494 Spring 2023

4. Solve the CHALLENGE PROBLEMS hosted in the dojos. The challenge problems are the active educational component of pwn.college. They are absolutely critical to learning: the lectures give you a starting point for the content, but the challenge problems force you to truly learn it.

5. When you run into problems with the challenges, you can GET HELP on our discord server. The discord is also a great place to chat with other aspiring hackers!

pwn.college currently has three major stages of progression. Consider hacking as a martial art that students earn belts in as they progress. We currently have three belts in three dedicated dojos: orange, yellow, and blue.

Over time, hackers become more sure in their skills, achieving brown belt status (and able to, for example, usefully contribute to the cybersecurity industry), before finally graduating to hacking masters: black belts. But this, unfortunately, must happen outside of the dojo (for now!).

Launching Challenges

At the core of pwn.college is flags. How do you get those flags? Solve challenges. You can start a challenge by clicking on the Challenges tab at the top, selecting a module, clicking on a particular level, and hitting Start. In order to access that challenge, you have two options.

The first option is using the Workspace tab. This will present you with a fully functional development environment in your browser via Visual Studio Code. You can, for instance, quickly open a new terminal by pressing F1, searching for New Terminal, and pressing enter.

The second option is using ssh. In order to ssh into your challenge instances, you must add a public ssh key to Settings > SSH Key. You can quickly generate an ssh key by running ssh-keygen -f key -N '' in a terminal on your (unix-friendly) host machine. This will generate files key and key.pub, which are your private and public keys respectively. Once you have linked your ssh key to your account, you can run ssh -i key hacker@dojo.pwn.college to connect into your challenge instance.

Once you are in a challenge instance, your goal is to get the contents of the /flag file. Unfortunately for you, you are executing as the hacker user, but /flag is only readable by the root user. Fortunately, however, there are challenge programs located inside of the /challenge directory, which when run, will run with the privileges of the root user. Solve the challenge to get the /flag, and then submit it in order to complete the challenge!

A few things to note. Your home directory /home/hacker is persistent. This means that when you start a new challenge, all of the files you have saved in there will still be there. The Practice button can be incredibly useful for debugging your solution. When you start a challenge in this way, you will have the ability to run programs as the root user with the sudo command; however, the instance will only have a practice flag. For some of the later (kernel-focused) challenges, you will need to solve the challenge in a virtual machine. You can interact with the virtual machine using the vm command.

The Belts

This course progresses hackers from white belts, to orange belts, yellow belts, and then finally refines them into blue belts. This is not just metaphor: we have actual belts, in yellow and blue, custom-embroidered for pwn.college.

How to earn an orange belt?

For an orange belt, you must complete all active challenges launched in CSE 365.

How to earn a yellow belt?

For a yellow belt, you must complete all active challenges launched in CSE 365 and CSE 466.

How to earn a blue belt?

For a blue belt, you must complete all active challenges launched in CSE 365, CSE 466, and CSE 494!

How to get the actual belt?

To get your belt, send us an email from the email address associated with your pwn.college account once you’ve completed the necessary challenges. We’ll then get your belt over to you (eventually)!

Who has earned belts? We maintain a list of hackers with pwn.college belts. Once you achieve your belt, if you provide your name, email address, and emoji, we will add you to the list!

Collaboration, Livestream, and Writeup Policy

The challenges created for pwn.college are educational material, and are used to grade students at ASU. Because of this, we would appreciate that writeups, walkthrough videos, and livestreams of challenge solutions are not posted to the internet. Obviously, we can’t enforce this, but we worked hard to make all of this public, and we would appreciate your help in keeping pwn.college a viable educational platform.

Further Practice

After you learn the basics of cybersecurity and earn your blue belt, you should move on to harder challenges.

Capture The Flags (CTFs) are a great way to practice your hacking skills in a fun and ethical way. The most popular way to find upcoming events is at https://ctftime.org. There is also a list of introductory CTFs here. If you are at ASU, feel free to check out and join ASU’s enigmatic hacking club.

Wargames are another great way to practice your hacking skills. Whereas CTFs are short (normally 48 hour) events, wargames are not time-based. You can find a list of wargames at https://github.com/zardus/wargame-nexus.

If you want to get involved with cybersecurity research, but don’t know how, consider joining us for an internship at ASU.

Reusing pwn.college Material

Want to use pwn.college in your course? You can!

The videos and slides of pwn.college lectures are licensed under CC-BY-NC. You can use them freely for non-commercial purposes, but please provide attribution! Additionally, if you use pwn.college in your own education program, we would appreciate it if you email us to let us know. Evidence of wide-spread use of pwn.college for education will be a huge help for Yan’s tenure case!

EDUCATORS: If you are an educational institution and are using pwn.college as part of a class, you can request a (free) private instance of the infrastructure! Please email us to ask!

CONFERENCES: If you are running a conference and would like pwn.college presence there (as a form of intense weekend-long training), please email us!

Contributing

The infrastructure powering pwn.college is open source, and we welcome pull requests and issues. The modules are closed-source, because they include source code and solution scripts. If you are an educator, or otherwise someone we trust, and are interested in collaborating on the modules themselves, please email us at pwn-college@asu.edu. Likewise, drop us a line if you are interested in collaborating on the slides!

Greetz

Team work makes the dream work, and the team behind pwn.college is full of dreamers! They are:

• Zardus (Yan Shoshitaishvili) originated the idea, created the initial prototype and many of the challenges, and continues to cajole everyone else into a shared vision!
• kanak (Connor Nelson) made the mistake of signing up to TA an “easy A” course and quickly found himself reimplementing Yan’s insane code into the amazing dojo you see today, along with the creation of many challenges.
• mahaloz (Zion Basque) for contributing ROP challenges and embryoasm to pwn.college.
• Erik Trickel for helping in the development of pedagogical concepts underlying pwn.college.
• Adam Doupe for helping in the brainstorming of the initial concept.
• redgate, for contributing to embryoasm.
• Pascal-0x90, for contributing to embryoasm.
• frqmod, for contributing embryogdb.
• kylebot, for contributing babyfmt.
• ramen, for contributing babyfile.
• zolutal, for contributing babyarch.

Resources