applied linux.

unik.cx · the wargame

Capture the flag

Ten boxes, one ladder. Each level hands you the password to the next — but only once you've used the right tool to pry it loose. It's Bandit, rebuilt around the Applied Linux book: every rung reinforces a chapter. Play in the browser below, or attack the live Nanos unikernel boxes over the network.

0 / 1400 pts 0 / 9 solved

Play in the browser

Boot the arena right here — a real Linux shell, client-side, nothing to install. All nine levels are planted on this box the moment it boots; you land as player. Find each flag with the skill it trains, then paste it into the matching level below.

$ the arena — nine levels, one browser shell

Runs via v86, entirely client-side. Practice mode: because the box runs in your tab, the flags are planted locally — a determined reader can dig them out of the page source. The live boxes are the cheat-resistant, graded version.

Attack the live boxes

Each level is its own Nanos unikernel — a single-app machine with no shell, no users, exposing one service over TCP. Talk to it with nc, solve what it asks, and it hands you the flag.

$ nc unik.cx 13370          # level 0
$ nc unik.cx 1337N          # level N → port 13370+N

One unikernel per level on unik.cx, ports 1337013378. Each flag you pry loose unlocks the next rung below; progress is kept in this browser only.

  1. level 00

    Foothold

    50 pts

    reinforces · Logging In

    Connect to the level-0 box. It hands you the flag just for showing up — get comfortable with nc.

    ncconnect

  2. level 01

    Hidden in plain sight

    75 pts

    reinforces · Learning the Terminal

    The box prints a noticeboard. One line is the flag, only encoded — read it, decode it.

    ncbase64 -d

  3. level 02

    Needle, meet haystack

    100 pts

    reinforces · Learning the Terminal

    The box streams thousands of lines; exactly one carries the token. Filter the stream, don't scroll it.

    ncgreppipes

  4. level 03

    Permission denied

    125 pts

    reinforces · Security Configuration

    The box guards the flag behind a pass-word. Read the prompt and send the right word back.

    ncstdinprotocols

  5. level 04

    In the logs

    150 pts

    reinforces · Storage, Monitoring, and Troubleshooting

    Ask the box for its logs, then dig the token out of the noise it dumps.

    nccommandsgrep

  6. level 05

    Cron and on

    175 pts

    reinforces · Automation

    The box flashes a token once, on a timer. Stay connected and catch it as it goes by.

    ncstreamspatience

  7. level 06

    Listening

    200 pts

    reinforces · Network Configuration

    The box poses a challenge and wants the answer before it yields the flag. Parse it, compute, reply.

    ncparserespond

  8. level 07

    Mounted

    225 pts

    reinforces · Storage, Monitoring, and Troubleshooting

    The box has an undocumented command its help won't list. Enumerate until it gives.

    ncenumeration

  9. level 08

    The vault

    300 pts

    reinforces · Everything

    The flag is split across two of the box's commands. Pull both halves and combine them.

    ncsynthesis

The level board validates flags in your browser against SHA-256 hashes — it never holds the answers. The browser arena above is the exception: in practice mode it plants the flags into the client-side emulator so you can actually solve each level offline. Want the real thing? The live boxes are Nanos unikernels — one per level on unik.cx (tcp 13370–13378), each a single Go app that hands over its flag when you solve it.