Project 1.0 Intro and Linux

For this level you will get the flag using the VSCode Workspace interface and submit it using the flag field below.

• Start the challenge by clicking on Start below.
• Ctrl-Click on workspace (top of web page), switch tabs, and wait for VSCode to load.
• Click on the 3-bars on the left hand side for the VSCode menu.
• Click on file and then click open file and enter /flag.
• The contents of the file are a flag which you turn in using the web interface below.
• The flag will follow this format pwn.college{0c00l.code.c0ffee.facade}
• After opening the file, copy it to the clipboard from the VSCode interface and be sure to include the pwn.college and both {}.
• Switch back to the Challenges list in the browser, paste the value into the flag field, make sure now extra spaces at the end, and click submit.
• The flag will be different for every student, do not copy another student's flag!

In this challenge, you will invoke your first command! When you type a command and hit enter, the command will be invoked, as so:

hacker@dojo:~$ whoami
hacker
hacker@dojo:~$

Here, the user executed the whoami command, which simply prints the username (hacker) to the terminal. When the command terminates, the shell once again displays the prompt, ready for the next command.

In this level, invoke the hello command to get the flag! Keep in mind: commands in Linux are case sensitive: hello is different from HELLO.

Let's try something more complicated: a command with arguments, which is what we call additional data passed to the command. When you type a line of text and hit enter, the shell actually parses your input into a command and its arguments. The first word is the command, and the subsequent words are arguments. Observe:

hacker@dojo:~$ echo Hello
Hello
hacker@dojo:~$

In this case, the command was echo, and the argument was Hello. echo is a simple command that "echoes" all of its arguments back out onto the terminal, like you see in the session above.

Let's look at echo with multiple arguments:

hacker@dojo:~$ echo Hello Hackers!
Hello Hackers!
hacker@dojo:~$

In this case, the command was echo, and Hello and Hackers! were the two arguments to echo. Simple!

In this challenge, to get the flag, you must run the hello command (NOT the echo command) with a single argument of hackers. Try it now!

You're going to type a lot of commands, and typing everything from scratch can be annoying. Luckily, the shell saves a history of every command you invoke.

You can scroll through those saved commands with the up/down arrow keys, and we'll practice that in this challenge. This challenge will inject the flag into your history. Bring up a terminal, hit the up arrow, and grab it! In other challenges, the history will contain the log of the commands you've run, so if you need to run a similar command again, you can use the arrow keys to scroll through and find it!

Alright, so the filesystem starts at /. Under that, there are a whole mess of other directories, configuration files, programs, and, most importantly, flags. In this level, we've added a program right in /, called pwn, that will give you the flag. All you need to do for this level is to invoke this program!

You can invoke a program by providing its path on the command line. In this case, you'll be giving the exact path, starting from /, so the path would be /pwn. This style of path, one that starts with the root directory, is referred to as an "absolute path".

Start the challenge, launch a terminal, invoke the pwn program using its absolute path, and Capture that Flag! Good luck!

Let's explore a slightly more complicated path! Except for in the previous level, challenges in pwn.college are in the challenge directory and the challenge directory is, in turn, right in the root directory (/). The path to the challenge directory is, thus, /challenge. The name of the challenge program in this level is run, and it lives in the /challenge directory. Thus, the path to the run challenge program is /challenge/run.

This challenge again requires you to execute it by invoking its absolute path. You'll want to execute the run file that is in the challenge directory that is, in turn, in the / directory. If you invoke the challenge correctly, it will give you the flag. Good luck!

The Linux filesystem has tons of directories with tons of files. You can navigate around directories by using the cd (change directory) command and passing a path to it as an argument, as so:

hacker@dojo:~$ cd /some/new/directory
hacker@dojo:/some/new/directory$

This affects the "current working directory" of your process (in this case, the bash shell). Each process has a directory in which it's currently hanging out. The reasons for this will become clear later in the module.

As an aside, now you can see what the ~ was in the prompt! It shows the current path that your shell is located at.

This challenge will require you to execute the /challenge/run program from a specific path (which it will tell you). You'll need to cd to that directory before rerunning the challenge program. Good luck!

Same thing, but 5 times!

Now you're familiar with the concept of referring to absolute paths and changing directories. If you put in absolute paths everywhere, then it really doesn't matter what directory you are in, as you likely found out in the previous three challenges.

However, the current working directory does matter for relative paths.

• A relative path is any path that does not start at root (i.e., it does not start with /).
• A relative path is interpreted relative to your current working directory (cwd).
• Your cwd is the directory that your prompt is currently located at.

This means how you specify a particular file, depends on where the terminal prompt is located.

Imagine we want to access some file located at /tmp/a/b/my_file.

• If my cwd is /, then a relative path to the file is tmp/a/b/my_file.
• If my cwd is /tmp, then a relative path to the file is a/b/my_file.
• If my cwd is /tmp/a/b/c, then a relative path to the file is ../my_file. The .. refers to the parent directory.

Let's try it here! You'll need to run /challenge/run using a relative path while having a current working directory of /. For this level, I'll give you a hint. Your relative path starts with the letter c 😊

Use the cat command to read the file /flag

One of the most critical Linux commands is cat. cat is most often used for reading out files, like so:

hacker@dojo:~$ cat /challenge/DESCRIPTION.md
One of the most critical Linux commands is `cat`.
`cat` is most often used for reading out files, like so:

cat will concatenate (hence the name) multiple files if provided multiple arguments. For example:

hacker@dojo:~$ cat myfile
This is my file!
hacker@dojo:~$ cat yourfile
This is your file!
hacker@dojo:~$ cat myfile yourfile
This is my file!
This is your file!
hacker@dojo:~$ cat myfile yourfile myfile
This is my file!
This is your file!
This is my file!

Finally, if you give no arguments at all, cat will read from the terminal input and output it. We'll explore that in later challenges...

In this challenge, I will copy the flag to the flag file in your home directory (where your shell starts). Go read it with cat!

So far, we've told you which files to interact with. But directories can have lots of files (and other directories) inside them, and we won't always be here to tell you their names. You'll need to learn to list their contents using the ls command!

ls will list files in all the directories provided to it as arguments, and in the current directory if no arguments are provided. Observe:

hacker@dojo:~$ ls /challenge
run
hacker@dojo:~$ ls
Desktop    Downloads  Pictures  Templates
Documents  Music      Public    Videos
hacker@dojo:~$ ls /home/hacker
Desktop    Downloads  Pictures  Templates
Documents  Music      Public    Videos
hacker@dojo:~$

In this challenge, we've named /challenge/run with some random name! List the files in /challenge to find it.

Interestingly, ls doesn't list all the files by default. Linux has a convention where files that start with a . don't show up by default in ls and in a few other contexts. To view them with ls, you need to invoke ls with the -a flag, as so:

hacker@dojo:~$ touch pwn
hacker@dojo:~$ touch .college
hacker@dojo:~$ ls
pwn
hacker@dojo:~$ ls -a
.college	pwn
hacker@dojo:~$

Now, it's your turn! Go find the flag, hidden as a dot-prepended file in /.

This level requires you to get the flag from inside the terminal using the ls command.

Start the challenge by clicking on start below, then switch to the VSCode workspace.
Open a terminal in VSCode by ctrl-` or by pressing F1 in VSCode and typing "Create new terminal".
Alternatively, open a new terminal in VSCode by clicking on the 3 bars on left -> Terminal -> New Terminal.

Inside the terminal, use the ls command to list the /challenge/cse240 directory.
The command will display the file names that exist in the directory, one of the file names is the flag and will start with pwn.college{.
The name of the file is the flag that you turn in.

So now we know how to list, read, and create files. But how do we find them? We use the find command!

The find command takes optional arguments describing the search criteria and the search location. If you don't specify a search criteria, find matches every file. If you don't specify a search location, find uses the current working directory (.). For example:

hacker@dojo:~$ mkdir my_directory
hacker@dojo:~$ mkdir my_directory/my_subdirectory
hacker@dojo:~$ touch my_directory/my_file
hacker@dojo:~$ touch my_directory/my_subdirectory/my_subfile
hacker@dojo:~$ find
.
./my_directory
./my_directory/my_subdirectory
./my_directory/my_subdirectory/my_subfile
./my_directory/my_file
hacker@dojo:~$

And when specifying the search location:

hacker@dojo:~$ find my_directory/my_subdirectory
my_directory/my_subdirectory
my_directory/my_subdirectory/my_subfile
hacker@dojo:~$

And, of course, we can specify the criteria! For example, here, we filter by name:

hacker@dojo:~$ find -name my_subfile
./my_directory/my_subdirectory/my_subfile
hacker@dojo:~$ find -name my_subdirectory
./my_directory/my_subdirectory
hacker@dojo:~$

You can search the whole filesystem if you want!

hacker@dojo:~$ find / -name hacker
/home/hacker
hacker@dojo:~$

Now it's your turn. I've hidden the flag in a random directory on the filesystem. It's still called flag. Go find it!

Several notes. First, there are other files named flag on the filesystem. Don't panic if the first one you try doesn't have the actual flag in it. Second, there're plenty of places in the filesystem that are not accessible to a normal user. These will cause find to generate errors, but you can ignore those; we won't hide the flag there! Finally, find can take a while; be patient!

Steps to complete

• Change directory using cd to the directory /challenge/cse240 .
• Use ls to view the files and there will be one in that starts with pwn.college{.

Steps to complete

• Use mv to move the file /challenge/cse240/mysecret to your current directory . or your home directory ~/
• Open it in VSCode or use cat.

Steps to complete

• Use grep to read the contents of /flag
• Try using the wildcard regular expression .*, which is a regular expression.
• The . is a wildcard and the * means match the wild card to 0 or more characters.

On this level, you will execute a script in your curent directory.

Steps to complete

• Use cd /challenge/ to change the working directory to /challenge
• Execute the program getflag (remember: when the executable program is in the current directory you must use a relative or absolute path)
• A relative path would use ./ where an absolute path always starts with / (e.g., /challenge)

First, let's look at redirecting stdout to files. You can accomplish this with the > character, as so:

hacker@dojo:~$ echo hi > asdf

This will redirect the output of echo hi (which will be hi) to the file asdf. You can then use a program such as cat to output this file:

hacker@dojo:~$ cat asdf
hi

In this challenge, you must use this output redirection to write the word PWN (all uppercase) to the filename COLLEGE (all uppercase).

Aside from redirecting the output of echo, you can, of course, redirect the output of any command. In this level, /challenge/run will once more give you a flag, but only if you redirect its output to the file myflag. Your flag will, of course, end up in the myflag file!

You'll notice that /challenge/run will still happily print to your terminal, despite you redirecting stdout. That's because it communicates its instructions and feedback over standard error, and only prints the flag over standard out!

Just like you can redirect output from programs, you can redirect input to programs! This is done using <, as so:

hacker@dojo:~$ echo yo > message
hacker@dojo:~$ cat message
yo
hacker@dojo:~$ rev < message
oy

You can do interesting things with a lot of different programs using input redirection! In this level, we will practice using /challenge/run, which will require you to redirect the PWN file to it and have the PWN file contain the value COLLEGE! To write that value to the PWN file, recall the prior challenge on output redirection from echo!

The getflag program in the /challenge directory will give you the flag when you send in the file /challenge/text

The getflag program is reading from standard input so you can use < followed by the name of the file to do this.

Remeber to execute the file you must use the relative or absolute path because getflag's directory is not in the PATH environmental variable.

The getflag program in the /challenge directory will give you the flag when you send in the file /challenge/text except this time you must sort the data first

To do this, you will pipe in the result of using the sort command, you should use sort /challenge/text | along with the command you need to execute getflag program.

The getflag program in the /challenge directory will give you the flag when you pass in the command arguments "42", "fun", and "num" as 3 different parameters.

In this challenge you must complete the following:

This challenge requires you to create a test that triggers all the if statements in less than 2 seconds.

You can take it as a challenge to type in everything that fast, /challenge/main.bin.

Instead, I would suggest you use input redirection (or a pipe works too)

This challenge and many future challenges will require you to create a user test case that verifies whether a program is performaing a particular function correctly.

Creating User Tests

• User tests are created by modifying a JSON file in your work area for the level, for this level, the tests are located in ~/cse240/01-linux/13/user_tests
• In each JSON file under user_tests, you will be required to give
  • arguments
  • inputs
  • outputs

Running the User Tests

• Typically, you will find the instructions for the tests in the Level Description (like below) and inside the name and description fields of the JSON file
• After creating the user tests, execute /challenge/tester from the command line
• a bad model version, named modelBadP.L.T.bin (P=Project number, L=Level, T=Test number) version, that does not implement the functionality correctly, your test must report the bad program failed.
• a good model version, named modelGood.bin, that implements the required functionality correctly
• if the level required you to write a program then tester will use the test to test your program as well and your program must pass too.

Test Requirements

• The input and output that you create in the utest json file will be passed into a running version of either model good or model bad programs
• When it passes the input into the model bad the test needs to be specific enough to detect that the model bad did not provide the expected output and it should fail, try executing the related model bad (e.g., ./modelbad1.13.1.bin)
• Similarly, when it passes the input into the model good it needs to detect that it did provide the expected output. You can test the model good by running ./modelGood.bin
• Fill in the "input" and expected "output" in both tests.
  
  • utest1.13.1 will input "hello" and verify the proper result is returned by the program being tested (if not sure try running modelGood.bin and modelBad1.13.1.bin).
  • utest1.13.2 will input anything except "hello" and verify that the program returns with expected result.
• Tester will use the inputs and outputs in the user_tests/utest1.13.1.json and user_tests/utest1.13.2.json
• If the user test cases detect the missing functionality in the modelBadP.L.T version while also detecting that modelGood.bin implements the required functionality then Tester will print out the flag.

HINT
You can run the modelGood and modelBad by typing in /challenge/modelGood.bin, /challenge/modelBad1.13.1.bin (for user test 1.13.1), and /challenge/modelBad1.13.2.bin (for user test 1.13.2)

In this level, you will write 5 user test cases for the provided C program. The C program, located at ~/cse240/01-linux/14/main.c

• For each of the user tests, the test must pass the program when modelGood is used and fail the program when modelBad is used
• The user tests are located in ~/cse240/01-linux/14/user_tests/
  • test1.14.1 will test the first if statement that requires the exact value
  • test1.14.2 will test the second if statement that is looking for a large value
  • test1.14.3 will test the third if statement that is looking for a value slightly less than 65536
  • test1.14.4 will test the fourth if statement that requires the number 42
  • test1.14.5 will test the fifth if statement that checks whether the number is small
• When all the test cases pass the modelGood and fail the modelBad the tester will reveal the flag.