Windows Crash Course


CSE 598 - Spring 2024.

Learning to work in a new operating system is like learning to walk for the first time again. Start your journey by revisiting early concepts in a new guise.

Note: This dojo is slowly being developed, including iterating on infrastructure support. Functionality is subject to change!


To get started:

  • Launch the challenge and enter the normal linux environment.
  • The windows VM should autostart, this may take a moment
  • You can manually control the windows vm with the windows command, ex: start, stop, or connect similar to the linux vm command
  • The Windows desktop gui is accessible over the web at https://pwn.college/workspace/desktop-windows. Other details:
  • Starting the VM from a practice environment will grant you administrator privileges on the windows machine. You may need to "log out" and "log in" again before the windows environment acknowledges this.
  • The flag is located at C:\flag.
  • Your linux home directory is accessible via the Windows Z drive .
  • The challenge binary is located on the Y drive in Windows and /challenge in Linux.

Use the windows VM in practice mode to leverage the installed tools and develop your exploit.

In order to obtain the flag, run your exploit FROM THE LINUX ENVIRONMENT targeting tcp port 4001. There is a proxy service running inside the windows VM with elevated permissions.

Smoke Test - start windows VM - Connect to port 4001

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Straightforward Buffer Overflow

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

BOF with ASLR enabled

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

What if win is in a DLL?

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Call a WriteFile in shellcode

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Find and call WriteFile

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Now get the flag yourself.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score