SUDO SU

You didn't know what ls was five weeks ago. Now you have to catch a hacker.

Comment

Inspiration

Learning Linux on the command line is famously brutal — a wall of man pages, decontextualized commands, and no reason to care. Security tools like auditctl, ss, and lsof only make sense when something is actually wrong. We wanted to
build the experience of something being wrong.

Project created by mother and daughter :))

SUDO.SU puts you inside a compromised server. You are Anna. Someone broke in. Your job is to find out who, how, and what they left behind — using only a terminal and the tools a real forensic analyst would reach for.

What it does

SUDO.SU is a gamified Linux terminal that teaches real security forensics through a 10-level investigation narrative. No setup, no VM, no installation — it runs entirely in the browser.

Each level introduces a forensic scenario and teaches the command to solve it:

● Level 1 — pwd, ls — Basic navigation: find your location on the server
● Level 2 — cat, file — Hidden files: discover .secreto and .bash_history
● Level 3 — chmod, bash — Broken permissions: fix and execute the monitor script
● Level 4 — ps, kill — Zombie process: identify and kill the reverse shell (PID 31337)
● Level 5 — grep — Log analysis: find 48 brute-force attempts and the successful breach
● Level 6 — ss, lsof — Open ports: discover the active backdoor on port 4444
● Level 7 — cat, strings — Reverse engineering: analyze the Python backdoor, find the C2 server IP and key
● Level 8 — last, lastb — Forensic timeline: reconstruct login history and failed auth attempts
● Level 9 — auditctl, ausearch — Kernel auditing: track who modified /etc/passwd
● Level 10 — sudo su, report — Final mission: privilege escalation and forensic report filing

Scoring: max(0, 1000 − time×2 − errors×50 − hints×100) per level. Fast, clean runs score higher. A global leaderboard with country filtering tracks rankings in real time.

Full English and Spanish support throughout.

How we built it

Frontend: React 19 + Next.js 16 (App Router) + TypeScript + Tailwind CSS 4. The entire game runs client-side — a simulated Linux filesystem, realistic process table, and command parser all live in the browser. Sound effects are synthesized with the Web Audio API (no audio files). JetBrains Mono for authenticity.

Database: AWS DynamoDB — playerId (UUID) as primary key, timestamp as sort key, and a Global Secondary Index (country-totalScore-index) for efficient regional leaderboard queries without scanning. On-demand pricing, sub-10ms p99
latency, and one-shot writes after game completion made it the right fit for this access pattern.

API: Two Next.js serverless routes on Vercel — POST /api/scores (validates and writes to DynamoDB after game completion) and GET /api/leaderboard (queries by country or global, cached with ISR at 60s TTL). Country detection via
ip-api.com with a 3-second timeout fallback.

Deployment: Vercel. Preview deployments for every branch, production at https://sudo-su.vercel.app.

Challenges we ran into

Building a realistic Linux environment in the browser without a real Linux environment. The filesystem, process list, log files, and command outputs all had to be authored by hand to feel plausible — and they had to be consistent across levels so that clues in level 5 reference things planted in level 2.

Next.js 16's App Router also introduced breaking changes that affected several patterns we relied on (documented in AGENTS.md), which required reworking parts of the routing and data-fetching architecture mid-build.

Accomplishments we're proud of

  • A complete forensic narrative that teaches 15+ real Linux security commands in context
  • DynamoDB schema with GSI that enables regional leaderboard queries with no full-table scans
  • The sound design: Web Audio API synthesis for typing feedback, errors, and objective completions — zero audio files shipped
  • The scoring formula is simple enough to explain in one line and still creates meaningful competitive pressure

What we learned

How much narrative scaffolding changes the motivation to learn. The commands are identical to what you'd find in any Linux tutorial — but framing grep as "find the log entry where the attacker got in" turns it from a chore into a mystery. The database side reinforced the value of designing for your access pattern first: the GSI was planned before the first line of code so the leaderboard queries would never require a scan.

What's next

  • More levels (privilege escalation, network pivoting, malware analysis)
  • Timed competitive mode with live matchmaking
  • Classroom mode: instructor dashboard to track student progress
  • More country leaderboards and regional competitions

For Judges — Novus/Pendo Installation

The Novus analytics snippet is installed in app/layout.tsx, lines 17–23, using Next.js :</p> <p><Script id="pendo-init" strategy="afterInteractive" dangerouslySetInnerHTML={{ __html: `...pendo.initialize(...)...('80ff2177-3d23-4111-885c-6f4f35bef1b4');` }} /></p> <p>Subscription key: 80ff2177-3d23-4111-885c-6f4f35bef1b4. Novus confirmed data collection via automated email notification on June 7, 2026. Verifiable in production at <a href="https://sudo-su.vercel.app/game">https://sudo-su.vercel.app/game</a> via DevTools → Sources → search<br> pendo.</p>

Built With

  • aws-dynamodb
  • next-js
  • novus
  • pendo
  • react
  • tailwind-css
  • typescript
  • vercel
  • web-audio-api
Share this project:

Updates