Program Misuse


Playing With Programs.

For each challenge in this module, a different (standard) program that is owned by root has its suid bit set. Probably, this program is not normally designed to be suid. Your task is to misuse the program with this increased privilege to read the flag. Some of these programs are ordinarily used to read files; several of them are not. In order to better understand how to use (and misuse) these programs, you may want to read through their man pages.



Challenges

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you directly read the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Shows you that an over-privileged editor is a very powerful tool!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Shows you that an over-privileged editor is a very powerful tool!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Shows you that an over-privileged editor is a very powerful tool!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires you to understand their output to derive the flag from it!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Forces you to understand different archive formats!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Enables you to read flags by making them execute other commands!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires some light programming to read the flag.!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires some light programming to read the flag.!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires some light programming to read the flag.!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Requires some light programming to read the flag.!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you get the flag by doing tricks with permissions!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you get the flag by doing tricks with permissions!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you get the flag by doing tricks with permissions!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you get the flag by doing tricks with permissions!

NOTE: It might be helpful to take a step back and think about the broader environment you are in, and what that makes possible.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you read the flag because they let you program anything!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you read the flag because they let you program anything!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you read the flag because they let you program anything!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Lets you read the flag because they let you program anything!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Just straight up wasn't designed to let you read files!

NOTE: This level has a "decoy" solution that looks like it leaks the flag, but is not correct. If you're submitting what you feel should be a valid flag, and the dojo doesn't accept it, try your solution against a file with uppercase characters to see what's going on.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This level shows how dangerous it is to allow users to load their own code as plugins into the program. Of course, figuring out how to do so is the hard part!

NOTE: You will need to write and compile C code to solve this level! Don't know how? Learn it on pwn.college!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score