Using the Dojo

In order to ssh into your challenge instances, you must link a public ssh key to your account through your settings. You can quickly generate an ssh key by running ssh-keygen -f key -N '' in a terminal on your (unix-friendly) host machine. This will generate files key and key.pub, which are your private and public keys respectively. Once you have linked your public ssh key to your account, you can connect to the dojo over ssh with ssh -i key hacker@pwn.cis.upenn.edu -p 2220.

This challenge will teach you to use the Visual Studio Code workspace. You can start this challenge using the Start button below. Wait for confirmation that it started, and then click on the Workspace tab in the navigation bar (or, if you are quick enough, the Workspace link in the brief popup)! Once VSCode loads, launch a terminal (press Control-Shift-Backtick or click the ☰ button in VSCode's left panel, select the Terminal menu, and click New Terminal) and run the challenge!

When we detect that you have launched the terminal in VSCode, we will give you the flag! As a reminder, this platform uses flags to track your progress. Flags are cryptographic tokens that are given to you when you solve challenges. Once you see it, copy-paste it into the submission box below and submit! Then, once you get the confirmation that the flag was correct, move on to the next challenge!

Next, we will explore the Desktop! Start the challenge and click over to the Desktop on the navigation tab. This challenge requires you to open the terminal inside the Desktop, and we will give you the flag.

Next, we will learn to paste into the Desktop! You will need this secret token: f8e5eb3178faf47ce5692f7f618e8f6f0e8769de7dd67ffe62b4375430a31e1b9d18a9574e8231e98572. Launch a terminal in the desktop for further directions!

Hacking is a contact sport. There will be times when your attempts to hack through a level will result in irreparable damage to the workspace environment. When this happens, don't panic, you can just restart the challenge!

This level will guide you through this concept. On your first attempt, it will ask you for a password that you don't yet know. When you get this password wrong, it will tell you what the right one is, but will then destroy the challenge and the flag file. You'll need to restart the challenge (go back to this page and click the Start button below!) to try again.

Just start the terminal to give it a go. Good luck!

The actual files comprising the challenge live in the /challenge directory. Unlike previous challenges, which automatically ran when the terminal was opened, this challenge requires you to invoke the /challenge/solve program directly! Just by running it in a terminal, you will get the flag!

So far, the challenges have been giving you flags directly. In this challenge, you will learn that the flag actually lives in the /flag file. Your real goal, in any challenge, is to get the contents of this file through any means necessary, even if the challenge program does not do it on purpose.

You might try to just read the /flag file on your own. Unfortunately for you, you are executing as the hacker user and /flag is only readable by the root user, so you cannot access it. In the previous challenges, the challenge program itself (e.g., /challenge/solve), which runs as the root user (and, thus, can read the flag), read this file and printed its contents, but this level is harder.

Like many of the other challenges on the platform, this challenge's /challenge/solve program will not read the flag file directly. However, it will make the flag world-readable when you run it! After that, you will need to read /flag yourself (e.g., using cat /flag or a text editor), and submit its contents as the solution.

You can launch challenges in two modes, using the buttons below! So far, you have been using Start, which launches the challenge so that you can attempt to solve it for real. You can also Practice! This will grant you administrative privileges (via sudo) in the challenge container, allowing you greater capabilities to debug solutions and otherwise experiment with the challenge. You cannot use this to actually solve the challenge because the /flag file, in practice mode, is replaced with a practice flag that cannot be redeemed for points.

You never need Practice mode to solve a challenge, except for this challenge, because it is designed to expose you to Practice mode. This challenge has a /challenge/secret file that is only readable by root, but it doesn't change between Practice mode and normal mode. To solve this challenge:

• Launch the challenge in Practice mode.
• Read the /challenge/secret file.
• Relaunch the challenge in normal mode (using Start).
• Provide the secret when /challenge/solve asks for it.

Your home directory in the dojo is persistent between challenges. This means that when you start a new challenge, all of the files you have saved in there will still be there. You can use it to build up notes across multiple challenges in a module, reference old solutions, or rerun solutions perfected in Practice mode against challenges in non-Practice mode.

This challenge, and the next, will drive home the point by having you write a file in your home directory. Launch this challenge (/challenge/solve) and follow its instructions!

Now that you have created a file in your home directory, this challenge will use it! Launch this challenge (/challenge/solve) and follow its instructions!