applied linux.

unik.cx · the wargame

Capture the flag

Ten boxes, one ladder. Each level hands you the password to the next — but only once you've used the right tool to pry it loose. It's Bandit, rebuilt around the Applied Linux book: every rung reinforces a chapter. Play in the browser below, or over SSH on the real boxes.

0 / 1400 pts 0 / 9 solved

Play in the browser

Boot the arena right here — a real Linux shell, client-side, nothing to install. All nine levels are planted on this box the moment it boots; you land as player. Find each flag with the skill it trains, then paste it into the matching level below.

$ the arena — nine levels, one browser shell

Runs via v86, entirely client-side. Practice mode: because the box runs in your tab, the flags are planted locally — a determined reader can dig them out of the page source. The SSH boxes are the cheat-resistant, graded version.

Play over SSH

The graded ladder runs on the real boxes. Start at level0; the password is published with the box.

$ ssh level0@unik.cx
# find flag0, then:
$ ssh level1@unik.cx
# ...and so on. Submit each flag below to track your score.

Found a flag anywhere? Drop it in the matching level below. Correct flags unlock the next rung and bank the points; progress is kept in this browser only.

  1. level 00

    Foothold

    50 pts

    reinforces · Logging In

    You're logged in as level0. Read the file in your home directory to find the password for level1.

    lscatpwd

  2. level 01

    Hidden in plain sight

    75 pts

    reinforces · Learning the Terminal

    The flag is in a file whose name starts with a dot. Listing only the obvious won't show it.

    ls -acathidden files

  3. level 02

    Needle, meet haystack

    100 pts

    reinforces · Learning the Terminal

    The flag is in one file somewhere under a deep tree of decoys. Search, don't browse.

    findgrep -rpipes

  4. level 03

    Permission denied

    125 pts

    reinforces · Security Configuration

    A directory is full of files; only one is readable by you. The rest deny you. Read the one you can.

    ls -lfile permissionsfind -readable

  5. level 04

    In the logs

    150 pts

    reinforces · Storage, Monitoring, and Troubleshooting

    A service wrote the flag to its log, buried among thousands of noisy lines.

    grepless/var/log

  6. level 05

    Cron and on

    175 pts

    reinforces · Automation

    A scheduled job drops a file every minute and deletes it. Catch it, or read where it writes.

    cronwatchfind -newer

  7. level 06

    Listening

    200 pts

    reinforces · Network Configuration

    A local service is listening on a port and will hand you the flag if you talk to it.

    ss / netstatcurlnc

  8. level 07

    Mounted

    225 pts

    reinforces · Storage, Monitoring, and Troubleshooting

    The flag lives on a filesystem mounted somewhere off the beaten path. Find the mount.

    mountdf/etc/fstab

  9. level 08

    The vault

    300 pts

    reinforces · Everything

    Final box. The flag is split: half in your shell history, half owned by another user who left a readable hint. Combine them.

    historysudo -lsynthesis

The level board validates flags in your browser against SHA-256 hashes — it never holds the answers. The browser arena above is the exception: in practice mode it plants the flags into the client-side emulator so you can actually solve each level offline. Want a cheat-resistant run? Use the SSH boxes — provision/setup-all.sh plants every level server-side from the same source that built this page.