In this first module we are getting started, learning about the course and course platform. Additionally, we will cover the basics of Linux and access control.
The rest of the material in this module will ensure that you understand Linux and can effectively reason about basic authentication and security concepts in Linux. If scrolling through this page is annoying, you can access the challenges in a more structured way here. However, you will still need to watch the lectures on this page.
This module will teach you the VERY basics of interacting with the command line! The command line lets you execute commands. When you launch a terminal, it will execute a command line "shell", which will look like this:
hacker@dojo:~$
This is called the "prompt", and it's prompting you to enter a command. Let's take a look at what's going on here:
hacker in the prompt is the username of the current user.
In the pwn.college DOJO environment, this is "hacker".dojo part of the prompt is the hostname of the machine the shell is on (this reminder can be useful if you are a system administrator who deals with many machines on a daily basis, for example).
In the example above, the hostname is dojo, but in pwn.college, it will be derived from the name of the challenge you're attempting.~ means later :-)$ at the end of the prompt signifies that hacker is not an administrative user.
In much later modules in pwn.college, when you learn to use exploits to become the administrative user, you will see the prompt signify that by printing # instead of $, and you'll know that you've won!Anyways, the prompt awaits your command. Move on to the first challenge to learn how to actually execute commands!
This module will teach you the basics of Linux file paths!
The Linux filesystem is a "tree".
That is, it has a root (written as /).
The root of the filesystem is a directory, and every directory can contain other directories and files.
You refer to files and directories by their path.
A path from the root of the filesystem starts with / (that is, the root of the filesystem), and describes the set of directories that must be descended into to find the file.
Every piece of the path is demarcated with another /.
Armed with this knowledge, go forth and tackle the challenges below.
This module will expose you to some useful Linux commands that will serve you well for the rest of your journey here! It is FAR from an exhaustive list, and we'll continue to expand this module, but this should be enough to get you started.
So, without further ado, let's learn some commands!
This module will teach you one of the most important Linux skills: looking for help on how to use programs. This skill will serve you quite well in your journey. Dive in below!
Even just a few levels in, you might already be tired of typing out all these file paths. Luckily, the shell has a solution: globbing! That's what we'll learn in this module.
Before executing commands that you enter, the shell first performs expansions on them, and one of these expansions is globbing. Globbing lets you reference files without typing them all out, or typing out their full paths. Let's dig in!
You may have observed that some commands output data onto your terminal when you run them. So far, this has printed you many flags, but like many things, the technology goes much deeper. The mechanisms behind the handling of input and output on the commandline contribute to the commandline's power.
This module will teach you about input and output redirection. Simply put, every process in Linux has three initial, standard channels of communication:
ls.Because these three channels are used so frequently in Linux, they are known by shorter names: stdin, stdout, stderr.
This module will teach you how to redirect, chain, block, and otherwise mess with these channels.
Good luck!
The Linux command line interface is actually a sophisticated programming language with which you can write actual programs! Because the command line interface is colloquially referred to as a "shell", programs written in this language are referred to as "shell scripts". When you're using the command line, you are basically writing a shell script line by line!
Like most programming languages, the shell supports variables. This module will get you familiar with setting, printing, and using these variables!
You've learned to pipe data, specify input, and so on. Let's start putting things together! In this module, you'll learn a number of commands for manipulating data that will help you achieve great results on the shell.
Computers execute software to get stuff done. In modern computing, this software is split into two categories: operating system kernels (about which we will learn much later) and processes, which we will discuss here. When Linux starts up, it launches an init (short for initializer) process that, in turn, launches a bunch of other processes which launch more processes until, eventually, you are looking at your command line shell, which is also a process! The shell, of course, launches processes in response to the commands you enter.
In this module, we will learn to view and interact with processes in a number of exciting ways!
Did you think you, hacker, are alone in the workspace?
There are MANY users on a typical Linux system!
The full list of users on a Linux system is specified in the /etc/passwd file (named so for historical reasons --- it doesn't actually hold passwords anymore).
Here is an example from the dojo container:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:101:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
mysql:x:104:105:MySQL Server,,,:/nonexistent:/bin/false
messagebus:x:105:106::/nonexistent:/usr/sbin/nologin
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
hacker:x:1000:1000::/home/hacker:/bin/bash
A lot of users here, and a lot of info!
Each line contains, separated by :s, the username, an x as a placeholder for where the password used to be (we'll cover where it actually is later), the numerical user ID, the numerical default group ID, long-form user details, the home directory, and the default shell.
We can see the hacker user at the bottom.
That's you!
Most of the rest of these users are either there for historical reasons, are service accounts to support various installed software, or some are "utility" accounts (e.g., the nobody user is used to ensure that, e.g., some programs run without any special privileges).
One important user is root: the system administrator.
The system administrator has obvious security implications: a hacker user that can somehow, through various functionalities of Linux, become the root user would be able to wreak havoc on the system.
A very frequent goal of hackers breaking into systems is to escalate to root, and thus root must be defended at all cost!
In this module, we'll explore various user shenanigans, learn the intended ways to switch users to administer the system, and have fun along the way!
This module will expose you to Linux permissions, which is one of the most important parts of your journey going ahead, and mediates the access to files across different users.
In Linux, files have different permissions or file modes.
You can check out a permissions of a file or directory using ls -l.
Let's make some files and look at their permissions:
hacker@dojo:~$ mkdir pwn_directory
hacker@dojo:~$ touch college_file
hacker@dojo:~$ ls -l
total 4
-rw-r--r-- 1 hacker hacker 0 May 22 13:42 college_file
drwxr-xr-x 2 hacker hacker 4096 May 22 13:42 pwn_directory
hacker@dojo:~$
Lots of information, there, and we'll learn about a lot of it in this module! For now, let's look at the output above at a high level:
The first character of each line represents the file type.
In pwn_directory's case, the d indicates that it's a directory, and in college_file's case, the - represents that it's a normal file.
There are other types as well, and you will encounter some of them later in your pwn.college journey.
The next nine characters are the actual access permissions of the file or directory, split into 3 characters denoting the permissions that the user who owns the file (termed the "owner") has to the file, 3 characters denoting the permissions that the group that owns the file (termed the "group") has to the file, and 3 characters denoting the permissions that all other access (e.g., by other users and other groups) has to the file. We will learn all about these later in the module.
There are two columns showing the user that owns the file (in this case, user hacker) and then the group that owns the file (in this case, also group hacker).
You'll mess around with that here!
In this module, you will practice perceiving permissions. Let's get started!
In the piping module, you've explored the concept of using several commands, with data flowing between them via pipes, to accomplish something slightly more complex than the individual commands can do. Of course, this concept also applies independent of the data transfer: sometimes, you might want to run several commands in quick succession to achieve some cumulative effect.
This module will cover a few ways, aside from piping, that commands can be chained. By the end, you'll be on your way to writing shell scripts!
Ever had an SSH connection drop and lose all your work? Ever wanted to run multiple terminals without opening a dozen windows? Enter the world of terminal multiplexing!
Thus far, you have invoked commands in several ways:
/challenge/run)../run).ls).The first two cases, the absolute and the relative path case, are straightforward: the run file lives in the /challenge directory, and both cases refer to it (provided, of course, that the relative path is invoked with a current working directory of /challenge).
But what about the last one?
Where is the ls program located?
How does the shell know to search for it there?
In this module, we will pull back the veil and answer this question! Stay with us.
This module will deepen your knowledge of Linux through some shenanigans. Understanding how features of a system impact its security is a great way to understand its inner workings.
With great power comes great responsibility.
Over the course of the Luminarium, you have learned how to navigate, manipulate, and control a Linux machine. Before we send you off into the wild it, is only fair that we end with some words of caution—and a little mayhem.
Below is a non-exhaustive collection of seemingly innocent actions that, when executed on a real system, can lead to catastrophic data-loss, denial of service, or even unrecoverable system corruption. All are recoverable on pwn.college (by restarting your container), but they are very real dangers on an unsuspecting computer.
Practice them, marvel at them, do not run them on anything that matters.