Using the Dojo

Throughout your pwn.college journey, you will have countless interactions with the Linux terminal, colloquially termed the "shell". If you don't yet know the Art of the Shell, fear not, you will! For now, we'll just focus on launching it.

We make launching the terminal easy: when you start a challenge, we do it for you! Just click ▶ Start below, and this challenge will start. Once it's loaded, the terminal will appear automatically right under this text, and you will be granted your first flag!

Flag? As a reminder, this platform uses flags to track your progress. Flags are cryptographic tokens that are given to you when you solve challenges. Once you see it, copy-paste it into the submission box below and submit! Then, once you get the confirmation that the flag was correct, move on to the next challenge!

Try it now: launch the terminal, copy the flag (drag-selecting it with your mouse will automatically copy it to your clipboard), and paste it into the Flag textbox below!

NOTE: Want more screen space? You can click the "fullscreen" button (⛶) to full-screen the interface for more room.

This challenge will teach you to use the Visual Studio Code workspace. You can start this challenge using the Start button below. When it starts, you'll probably see the Terminal, like the previous level. This time, though, the challenge will refuse to give you the flag until you switch to vscode!

You can use the workspace selector on the bar below the Terminal (e.g., the button that says "Terminal") to select "Code" and bring up the Visual Studio Code interface in place of the terminal. Again, you can use it as-is, or you can click the "fullscreen" button (⛶) to full-screen the interface for more room.

Once VSCode loads, launch a terminal (press Control-Shift-Backtick or click the ☰ button in VSCode's left panel, and select the Terminal menu, and click New Terminal). When we detect that you have launched the terminal in VSCode, we will give you the flag!

NOTE: The pwn.college dojo will remember what the last workspace interface (Terminal, VSCode, etc.) you used, and will default to that, so the next challenge you run will now launch VSCode by default until you switch.

Next, we will explore the Desktop! Start the challenge and use the workspace selector on the bar below Visual Studio Code (e.g., the button that says "Code") to select "Desktop". This will launch up a Linux desktop for you to use! This challenge requires you to open the terminal inside the Desktop, and we will give you the flag.

Next, we will learn to paste into the Desktop! You will need this secret token: f8e5eb3178faf47ce5692f7f618e8f6f0e8769de7dd67ffe62b4375430a31e1b9d18a9574e8231e98572. Launch a terminal in the desktop for further directions!

Hacking is a contact sport. There will be times when your attempts to hack through a level will result in irreparable damage to the workspace environment. When this happens, don't panic, you can just restart the challenge!

This level will guide you through this concept. On your first attempt, it will ask you for a password that you don't yet know. When you get this password wrong, it will tell you what the right one is, but will then destroy the challenge and the flag file. You'll need to restart the challenge (go back to this page and click the Start button below!) to try again.

Just start the terminal to give it a go. Good luck!

The challenges in pwn.college can be tricky and, oftentimes, you might get stuck! There are several ways to get yourself unstuck:

1. Think for a long time. This will reinforce knowledge and build experience that will help you think through future problems!
2. Search online for help. This is a critical skill, and you will need to develop it over the course of working through pwn.college.
3. Ask for help.

There are two resources to ask for help. The first is our discord, full of amazing hackers who are willing to help with trickier issues. But for many typical issues you will run into, there is SENSAI, your AI-powered sensei for the dojo.

SENSAI is an LLM that is augmented with information about the challenge, common issues people run into with the challenge, and your actual terminal and filesystem state. This means that it can be an effective help for many issues, and can help bridge knowledge gaps that might be hampering your progress!

This challenge will force you to interact with SENSAI. SENSAI can be accessed through the Help link in the navigation bar at the top of the page! Access it only after launching the challenge: if you ask SENSAI for help before that, it will just tell you to open the terminal so that the challenge can launch!

NOTE: SENSAI is an ongoing research project at Arizona State University, and is being run under an IRB protocol. If you do not wish to participate in the study, please feel free to skip this level!

The actual files comprising the challenge live in the /challenge directory. Unlike previous challenges, which automatically ran when the terminal was opened, this challenge requires you to invoke the /challenge/solve program directly! Just by running it in a terminal, you will get the flag!

NOTE: This challenge, and the challenges below, begin to assume knowledge of the Linux commandline. If you happen to lack this knowledge, we recommend you first complete the Linux Luminarium, then resume this module!

So far, the challenges have been giving you flags directly. In this challenge, you will learn that the flag actually lives in the /flag file. Your real goal, in any challenge, is to get the contents of this file through any means necessary, even if the challenge program does not do it on purpose.

You might try to just read the /flag file on your own. Unfortunately for you, you are executing as the hacker user and /flag is only readable by the root user, so you cannot access it. In the previous challenges, the challenge program itself (e.g., /challenge/solve), which runs as the root user (and, thus, can read the flag), read this file and printed its contents, but this level is harder.

Like many of the other challenges on the platform, this challenge's /challenge/solve program will not read the flag file directly. However, it will make the flag world-readable when you run it! After that, you will need to read /flag yourself (e.g., using cat /flag or a text editor), and submit its contents as the solution.

You can launch challenges in two modes, using the buttons below! So far, you have been using Start, which launches the challenge so that you can attempt to solve it for real. You can also start a challenge with the Privileged button! This will grant you administrative privileges (via sudo) in the challenge container, allowing you greater capabilities to debug solutions and otherwise experiment with the challenge. You cannot use this to actually solve the challenge because the /flag file, in privileged mode, is replaced with a "practice flag" that cannot be redeemed for points.

You never need Privileged mode to solve a challenge, except for this challenge, because it is designed to expose you to Privileged mode. This challenge has a /challenge/secret file that is only readable by root, but it doesn't change between Privileged mode and normal mode. To solve this challenge:

• Launch the challenge in Privileged mode.
• Read the /challenge/secret file.
• Relaunch the challenge in normal mode (using Start).
• Provide the secret when /challenge/solve asks for it.

Your home directory in the dojo is persistent between challenges. This means that when you start a new challenge, all of the files you have saved in there will still be there. You can use it to build up notes across multiple challenges in a module, reference old solutions, or rerun solutions perfected in Practice mode against challenges in non-Practice mode.

This challenge, and the next, will drive home the point by having you write a file in your home directory. Launch this challenge (/challenge/solve) and follow its instructions!

Now that you have created a file in your home directory, this challenge will use it! Launch this challenge (/challenge/solve) and follow its instructions!