Using the Dojo

Two dojo concepts that this module does not yet cover are connecting over ssh and the VM.

Connecting over SSH. In order to ssh into your challenge instances, you must add a public ssh key to Settings > SSH Key. You can quickly generate an ssh key by running ssh-keygen -f key -N '' in a terminal on your (unix-friendly) host machine. This will generate files key and key.pub, which are your private and public keys respectively. Once you have linked your ssh key to your account, you can connect to the dojo host. For example, if your URL bar for this page reads https://EXAMPLE.COM/welcome/welcome, you would run ssh -i key hacker@EXAMPLE.COM to connect into your challenge instance.

The VM. For some of the later (kernel-focused) challenges, you will need to solve the challenge in a virtual machine. You can interact with the virtual machine using the vm command.

This challenge will teach you to use the Visual Studio Code workspace. You can start this challenge using the Start button below. Wait for confirmation that it started, and then click on the Workspace tab in the navigation bar (or, if you are quick enough, the Workspace link in the brief popup)! Once VSCode loads, launch a terminal (press Control-Shift-Backtick or click the ☰ button in VSCode's left panel, select the Terminal menu, and click New Terminal) and run the challenge!

When we detect that you have launched the terminal in VSCode, we will give you the flag! As a reminder, this platform uses flags to track your progress. Flags are cryptographic tokens that are given to you when you solve challenges. Once you see it, copy-paste it into the submission box below and submit! Then, once you get the confirmation that the flag was correct, move on to the next challenge!

Next, we will explore the Desktop! Start the challenge and click over to the Desktop on the navigation tab. This challenge requires you to open the terminal inside the Desktop, and we will give you the flag.

Next, we will learn to paste into the Desktop! You will need this secret token: f8e5eb3178faf47ce5692f7f618e8f6f0e8769de7dd67ffe62b4375430a31e1b9d18a9574e8231e98572. Launch a terminal in the desktop for further directions!

Hacking is a contact sport. There will be times when your attempts to hack through a level will result in irreparable damage to the workspace environment. When this happens, don't panic, you can just restart the challenge!

This level will guide you through this concept. On your first attempt, it will ask you for a password that you don't yet know. When you get this password wrong, it will tell you what the right one is, but will then destroy the challenge and the flag file. You'll need to restart the challenge (go back to this page and click the Start button below!) to try again.

Just start the terminal to give it a go. Good luck!

The challenges in pwn.college can be tricky and, oftentimes, you might get stuck! There are several ways to get yourself unstuck:

1. Think for a long time. This will reinforce knowledge and build experience that will help you think through future problems!
2. Search online for help. This is a critical skill, and you will need to develop it over the course of working through pwn.college.
3. Ask for help.

There are two resources to ask for help. The first is our discord, full of amazing hackers who are willing to help with trickier issues. But for many typical issues you will run into, there is SENSAI, your AI-powered sensei for the dojo.

SENSAI is an LLM that is augmented with information about the challenge, common issues people run into with the challenge, and your actual terminal and filesystem state. This means that it can be an effective help for many issues, and can help bridge knowledge gaps that might be hampering your progress!

This challenge will force you to interact with SENSAI. SENSAI can be accessed through the Help link in the navigation bar at the top of the page! Access it only after launching the challenge: if you ask SENSAI for help before that, it will just tell you to open the terminal so that the challenge can launch!

NOTE: SENSAI is an ongoing research project at Arizona State University, and is being run under an IRB protocol. If you do not wish to participate in the study, please feel free to skip this level!

The actual files comprising the challenge live in the /challenge directory. Unlike previous challenges, which automatically ran when the terminal was opened, this challenge requires you to invoke the /challenge/solve program directly! Just by running it in a terminal, you will get the flag!

NOTE: This challenge, and the challenges below, begin to assume knowledge of the Linux commandline. If you happen to lack this knowledge, we recommend you first complete the Linux Luminarium, then resume this module!

So far, the challenges have been giving you flags directly. In this challenge, you will learn that the flag actually lives in the /flag file. Your real goal, in any challenge, is to get the contents of this file through any means necessary, even if the challenge program does not do it on purpose.

You might try to just read the /flag file on your own. Unfortunately for you, you are executing as the hacker user and /flag is only readable by the root user, so you cannot access it. In the previous challenges, the challenge program itself (e.g., /challenge/solve), which runs as the root user (and, thus, can read the flag), read this file and printed its contents, but this level is harder.

Like many of the other challenges on the platform, this challenge's /challenge/solve program will not read the flag file directly. However, it will make the flag world-readable when you run it! After that, you will need to read /flag yourself (e.g., using cat /flag or a text editor), and submit its contents as the solution.

You can launch challenges in two modes, using the buttons below! So far, you have been using Start, which launches the challenge so that you can attempt to solve it for real. You can also Practice! This will grant you administrative privileges (via sudo) in the challenge container, allowing you greater capabilities to debug solutions and otherwise experiment with the challenge. You cannot use this to actually solve the challenge because the /flag file, in practice mode, is replaced with a practice flag that cannot be redeemed for points.

You never need Practice mode to solve a challenge, except for this challenge, because it is designed to expose you to Practice mode. This challenge has a /challenge/secret file that is only readable by root, but it doesn't change between Practice mode and normal mode. To solve this challenge:

• Launch the challenge in Practice mode.
• Read the /challenge/secret file.
• Relaunch the challenge in normal mode (using Start).
• Provide the secret when /challenge/solve asks for it.

Your home directory in the dojo is persistent between challenges. This means that when you start a new challenge, all of the files you have saved in there will still be there. You can use it to build up notes across multiple challenges in a module, reference old solutions, or rerun solutions perfected in Practice mode against challenges in non-Practice mode.

This challenge, and the next, will drive home the point by having you write a file in your home directory. Launch this challenge (/challenge/solve) and follow its instructions!

Now that you have created a file in your home directory, this challenge will use it! Launch this challenge (/challenge/solve) and follow its instructions!