forked from pwncollege/dojo
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindex.html
More file actions
65 lines (47 loc) · 4.3 KB
/
index.html
File metadata and controls
65 lines (47 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<br><br><br>
<center>
<h1><b>PwnIoT Academy</b></h1>
</center>
<br><br><br>
# Getting Started
At the core of pwn.college is flags. How do you get those flags? Solve challenges. You can start a challenge by clicking on the `Challenges` tab at the top, selecting a module, clicking on a particular level, and hitting `Start`. In order to access that challenge, you have two options.
The first option is using the `Workspace` tab. This will present you with a fully functional development environment in your browser via Visual Studio Code. You can, for instance, quickly open a new terminal by pressing `F1`, searching for `New Terminal`, and pressing enter.
The second option is using `ssh`. In order to ssh into your challenge instances, you must add a public ssh key to `Settings` > `SSH Key`. You can quickly generate an ssh key by running `ssh-keygen -f key -N ''` in a terminal on your (unix-friendly) host machine. This will generate files `key` and `key.pub`, which are your private and public keys respectively. Once you have linked your ssh key to your account, you can run `ssh -i key hacker@dojo.pwn.college` to connect into your challenge instance.
Once you are in a challenge instance, your goal is to get the contents of the `/flag` file. Unfortunately for you, you are executing as the `hacker` user, but `/flag` is only readable by the `root` user. Fortunately, however, there are challenge programs located inside of the `/challenge` directory, which when run, will run with the privileges of the `root` user. Solve the challenge to get the `/flag`, and then submit it in order to complete the challenge!
A few things to note. Your home directory `/home/hacker` is persistent. This means that when you start a new challenge, all of the files you have saved in there will still be there. The `Practice` button can be incredibly useful for debugging your solution. When you start a challenge in this way, you will have the ability to run programs as the `root` user with the `sudo` command; however, the instance will only have a practice flag. For some of the later (kernel-focused) challenges, you will need to solve the challenge in a virtual machine. You can interact with the virtual machine using the `vm` command.
# About
PwnIoT Academy is an Internet-of-Things (IoT) capture-the-flag (CTF) platform developed and maintained by [Ziming Zhao](https://zzm7000.github.io/) and the members of [CactiLab](https://cactilab.github.io/). It provides CTF challenges for a wide range of hardware architectures, including x86/64, ARM Cortex-A, Cortex-M, and RISC-V. It powers University at Buffalo's CSE 418/518 Software Security course and will be publicly accessible, open, and free for anyone interested.
Members of CactiLab who have contributed to PwnIoT Academy include [Md Armanuzzaman](https://tomal-kuet.github.io/armanuzzaman/), [Dikshit Khandelwal](https://www.linkedin.com/in/dikshitkhandelwal/), and [Elijah Sippel](https://elijah.fyi/).
PwnIoT is a fork from [pwn.college](https://pwn.college/), which is based on [CTFd](https://github.com/CTFd/CTFd). Kudos to pwn.college and CTFd!!
# Acknowledgement
PwnIoT Academy is partially supported by National Science Foundation (NSF) [CRII](https://www.nsf.gov/awardsearch/showAward?AWD_ID=2037798) and [CAREER](https://www.nsf.gov/awardsearch/showAward?AWD_ID=2237238) awards and a National Centers of Academic Excellence in Cybersecurity (part of the National Security Agency) grant.
<br><br><br>
# Resources
<div class="container">
<div class="row text-center">
<div class="col-lg-auto m-3">
<figure>
<a class="text-decoration-none" href="https://www.youtube.com/@zimingzhao6619/videos">
<i class="fab fa-youtube fa-7x"></i>
<figcaption>Lectures on<br>YouTube</figcaption>
</a>
</figure>
</div>
<div class="col-lg-auto m-3">
<figure>
<a class="text-decoration-none" href="https://github.com/CactiLab/pwniot">
<i class="fab fa-github fa-7x"></i>
<figcaption>Open Source on<br>GitHub</figcaption>
</a>
</figure>
</div>
<div class="col-lg-auto m-3">
<figure>
<a class="text-decoration-none" href="mailto:zimingzh@buffalo.edu">
<i class="fas fa-envelope fa-7x"></i>
<figcaption>Contact us via<br>Email</figcaption>
</a>
</figure>
</div>
</div>
</div>