World of Haiku
Haiku Online Closing Date Message
We wanted to reach out to the members of our community who have yet to grab their complimentary one-month trial subscription to the new Haiku Online Bundle. If you are a past Steam User of the original product and have yet to grab your FREE coupon, don't worry – there's still time!
Claim your free one-month coupon for our Haiku Online Product Bundle by emailing support@haikuinc.io with your Steam username before April 5. We'll take care of the rest!
As we prepare for the next chapter of our journey, we want to extend a heartfelt THANK YOU to each and every one of you for being such an integral part of the Haiku family. Users will have 30 days from the point of redemption to use Haiku Online for free. Here's to new beginnings and endless adventures! See you all on Haiku Online!
Cheers, The Haiku Team
Transitioning from Steam to Haiku Online with a Special Offer
As we embrace new beginnings, we want to share an important update: As of tomorrow, Haiku will be delisted from Steam. This marks the end of a significant chapter, but more importantly, the start of an exciting new journey on Haiku Online.
We deeply appreciate the support and engagement you've shown us on Steam, and we're excited to invite you to join us on our new journey.
As a token of our appreciation, we're offering a special opportunity exclusively for our Steam community: a FREE one-month coupon for our Haiku Online Product Bundle.
To claim your coupon, simply email us your Steam username at support@haikuinc.io, and we'll take care of the rest. We believe that Haiku Online will offer a more comprehensive and engaging experience, we are constantly adding new content to our online platform and encourage you to come explore Haiku Online. This week alone we’re launching three new Forge missions!
Thank you for your continued support and for being a valued part of our community. We're looking forward to seeing you on Haiku Online!
Warm regards,
The Haiku Team
Last Game Update
NOTICE
This will be the last game update for the World of Haiku game on Steam. The game will continue to be updated on our online service: play.haikuinc.io. The official date when the game will no longer be available for purchase is being determined through our conversation with Steam.
Now available for FREE
- All avatars
- sqlmap dojo and quest
- dirb dojo and quest
- file (steganography) dojo and quest
Terminal
[FIX] Input field printing random '\r' characters of pasted text on windows.
[FIX] Ctrl+C was blowing straight through typing/selection focus protection. If you have any text selected in an input field and it is focused, Ctrl+C won't cancel running commands.
[FIX] Terminal columns calculation (amount of characters in each line), which is needed to prevent the terminal output from going offscreen and to reposition text in some commands.
Hydra
[FIX] Hydra was trying to use random files as wordlists and going through their attributes. Now, if the file is not a "regular text file" or a "wordlist file," it says the file format is wrong and quits.
- For a file to be a "wordlist files," it needs to have any of the "wordlist attribute" set
- For a file to be a "regular text file,” it needs not to be a dir, wordlist, zip archive, or system file and needs to text set
John
[UPDATE] If a hash that you're trying to crack is not a valid SHA256 (length != 64), it warns the player and prints all invalid hashes found in the terminal.
[UPDATE] Improved error feedback, keeping the old style of john's responses.
[UPDATE] John now correctly caches every operation in sets and hashtables (Dictionary) so that repeated wordlist terms are not sha-256ed again and duplicate hashes that have already been broken don't print twice (like the real john does).
[FIX] ArgumentException when providing a file with two or more equal hashes to crack.
Scripting
We now support scripting in Haiku using the file editor. Please refer to the documentation.
Pressing F1 or Ctrl+S saves the file being edited. Pressing F5 or Ctrl+R runs the file as a miniscript file in the terminal.
A fun example below:
// on Network 1, this can break server_basic, workstation 1 and workstation 2
// but not workstaion 3 and server web 1, because their user (bhampton, topdog) is too short
// and username wordlists can only break medium sized usernames ... ?
docs = "/Documents/"; p = "password"; u = "username"
user_lists = [
u + "Med.txt", u + "TxtMed.txt",
];
pass_lists = [
p + "Short.txt", p + "Med.txt", p + "TxtMed.txt", "rockyou.txt",
]
clear
for ip in get_known_ips
if not has_port_open("ssh", ip) then
continue
end if
padding = 21 + ip.len
println "#" * padding
println "# TRYING TO BREAK " + ip + " #"
println "#" * padding
for user in user_lists
println "=> User wordlist: " + user; println
has_cracked = false
for pass in pass_lists
print "> hydra -L " + user
println " -P " + pass
cmd = "hydra -L " + docs + user
cmd += " -P " + docs + pass
cmd += " " + ip + " ssh"
op = run(cmd)
wait 0.5
println
success_op = op == 0
if success_op then
has_cracked = true
break
end if
end for
if has_cracked then break
end for
println
end for
File Editor
[ADD] IDE line counter
[ADD] Rescaling and repositioning the window and the cursor is easier and triggers line counter rebuilds
[ADD] Three dots at the end of the file name when it is too big
[ADD] Editable and Read-Only modes (read-only for system files, immutable files, and files that belong to other users)
[UPDATE] Line counter is disabled for read-only mode
[UPDATE] Disabled rich text for editable mode
[UPDATE] File editor now reacts to a file being moved or deleted
- When it is moved (renamed) the display text and its internal data updates
- When it is deleted (or any of its parents), file editor closes
- When someone disconnects from current device, it also closes
[UPDATE] File editor opener now creates the file if not there. For instance, editor path/newfile makes newfile and edits it (if path can resolve)
Misc
[ADD] File Browser: Universal window resizer.
[ADD] File Browser: Ability to copy/paste the files (execute cp command).
[UPDATE] Redesign of Enter Mission and Mission Complete popups.
[ADD] NICE TSK badges and Learning Paths to Mission Enter and Complete popups.
[FIX] File Browser: Context menu position.
[FIX] Settings Animation being different from others
[FIX] Opening settings panel messing up keybindings
[FIX] unable to open the app after the Application Unlocked notification appears.
The Future of Haiku
World of Haiku will soon be discontinued on the Steam platform. As of January 3, 2024, our team has made the difficult decision to discontinue support for Haiku on Steam. We made this decision to focus our limited resources on our enterprise market, where the value of Haiku for corporate, education, and government training is being recognized. This decision is in line with Steam guidelines and regulations.
We appreciate the support and enthusiasm you've shown for Haiku. To express our gratitude, we’ll release a large quality-of-life update prior to its discontinuation.
Going forward, please note that all in-game store content will be available to all users for free. This includes: sqlmap, dirb, file, and all avatars. However, Forge will be discontinued in the Steam product with this patch.
We're immensely grateful for the wonderful community that has supported Haiku and encourage you to continue the journey with us on Haiku or Haiku Pro platforms.
Sincerely,
Haiku Development Team
Major Forge and quality of life improvements
Terminal
[ADD] The feature of making every command that does not have "an explicit" autocomplete for it call to autocomplete freely in "multiple files" mode. (echo has autocomplete now).
[UPDATE] Autocomplete now recognizes the type of quoting the user tries to use and completes accordingly, following the shell grammar rules.
[UPDATE] How word splitting works.
[FIX] `*\ *` pattern matching machine compilation did not work (compiles into a machine that matches anything with a space in it).
[FIX] Some tests and ambiguity handling.
[FIX] `mkdir --parents | -p` correctly refreshes autocomplete.
[FIX] Issues with autocomplete for empty strings in john.
Forge
[ADD] You can enable NAT (network address translation) in the network tab. It is off by default.
[ADD] md5sum command for forge tool.
[ADD] Widgets system for step editor - add nitro step widgets.
[ADD] New Nitro characters: Acan, Kunwu.
[ADD] The ability to show cutscenes with Dekkar, Acan, Kunwu, Eos, and Kona.
[ADD] FBI SFX.
[ADD] The ability to play a SFX via story.
[ADD] Handling of nmap arguments.
[ADD] When in Add mode, clicking a device puts it in move mode and picks it up.
[ADD] Maximize Nitro icon to the TMPro app icons sprite sheet.
[ADD] Draft saves for web version @ play.haikuinc.io
[UPDATE] Camera drag when dragging a device in move mode.
[UPDATE] Grounded the devices to the plane and moved its collider down to match it.
[UPDATE] Reworked linking a device with another in the device tree deselects the pivot one, allowing you to link different ones without deselecting manually.
[UPDATE] You can now click a new device while editing another device's file system, and the file browser/diamond will just update to the new device.
[UPDATE] The score in the mission complete popup is not displayed if the total score is 0.
[FIX] Copying of story steps inside of a block of goals.
[FIX] Diamond VFX appears immediately when clicking a device.
[FIX] Firewall connection logic. Now, it can't be accidentally connected to anything that isn't a gateway.
[FIX] When in "properties,” clicking another device selects the next one. There is no need to deselect the one you're editing.
[REMOVE] Window draggers. Windows are now static.
General
[UPDATE] Camera drag.
[UPDATE] When clicking a device, it now copies the address of the device (either the host, if available, or the IP) and changes the label to an "address copied.”
[UPDATE] Renamed missions and dojos
- Network 1A & 1B
Intro to Navigating with the Command Line | Part 1
Intro to Navigating with the Command Line | Part 2 - Network 2A & 2B
Intro to Network & System Monitoring Tools | Part 1
Intro to Network & System Monitoring Tools | Part 2 - Network 3A & 3B
Intro to Network Scanning and Configuration | Part 1
Intro to Network Scanning and Configuration | Part 2 - Network 4A & 4B, Dojo 3C + Range 4C
Intro to Web Connectivity & Remote Access | Part 1
Intro to Web Connectivity & Remote Access | Part 2
Intro to Web Connectivity & Remote Access Dojo
MIRVs of Martyrdom: Intro to Web connectivity & Remote Access - Network 5A & 5B + Dojo 5C
Intro to Password Cracking and File Manipulation | Part 1
Intro to Password Cracking and File Manipulation | Part 2
Intro to Password Cracking and File Manipulation Dojo - Network 6A & 6B
Advanced Network Scanning and Password Attacks | Part 1
Advanced Network Scanning and Password Attacks | Part 2
Advanced Network Scanning and Password Attacks Dojo - Network 7A & 7B
Remote Access Tools and Authentication Attacks | Part 1
Remote Access Tools and Authentication Attacks | Part 2 - Network 8A & 8B
Network & Process Management Techniques | Part 1
Network & Process Management Techniques | Part 2 - file Quest + Dojo
File Analysis and Security
File Analysis and Security Dojo - dirb Quest + Dojo
Web Application Attacks & Reconnaissance
Web Application Attacks & Reconnaissance Dojo - sqlmap Quest + Dojo
Intro to Relational Databases
Intro to Relational Databases Dojo
[FIX] Mission buttons in the map don’t always show that the mission has been completed.
[FIX] Network navigation keybindings didn’t work unless you already selected a network.
[FIX] Bug where diamond didn't appear atop the current SSH device when you've exited the last one.
[FIX] Man cowthink now works.
[FIX] Random minor correctness fixes in dust and ssh.
[FIX] Issues displaying current directory, hotkeys, and mouse clicks processing on the WebGL.
Forge Updates and Pattern Matching
Forge
[ADD] Cutscene editor. Using all the AI characters, you can now add mission start, end, and failure cutscenes.
[ADD] "No Goals" caption.
[ADD] Characters limit for Forge mission Id, Name, and Objective
[ADD] “Remove Device” confirmation.
[UPDATE] Disable Nitro if there are no messages or explore mission.
[UPDATE] Improve the Help Boxes system - save states of them in player prefs, and add the ability to show it again.
[UPDATE] Redesign of General Info popup - rename it, dropdown instead of input
field, remove level name field, add new network popup, add ability to
duplicate and remove a selected network, add help box.
[UPDATE] Change the order of the tabs (the Add tab is first now).
[UPDATE] Lock some tabs by network state.
[UPDATE] Properties tab improvements - add just-in-time save of the network and small UI fixes.
[UPDATE] Apply Changes saves the network to the file directly. The user doesn't need to go to the Network tab anymore.
[UPDATE] File Editor changes for Forge - make it larger, background blocks raycasts, disable the ability to switch to the TMPro mode.
[FIX] File Browser - add deselect button, additional hint for Context menu when it doesn't work (for WebGL only).
[FIX] Settings popup refactoring and Difficulty popup layer fix.
[FIX] Top toolbar in the Forge, add settings popup to the Forge scene.
[FIX] Settings popup scale in the Forge scene.
[FIX] Add tab - selection fixes and return the Firewall device if it was deleted.
[FIX] Devices panel (attributes and ports list applying), some UI minor fixes.
[FIX] File name and Folder name didn’t not change in the file explorer, even after pressing apply changes.
[FIX] Help text line height and spacing were inconsistent with others, creating a disorienting reading experience.
[FIX] Files > Properties tab - Weird huge spacing between inner tabs on top and content
[FIX] Publishing panel - add dialog windows, replace some UI elements, fix not working dropdown for WebGL.
[FIX] The “Copy to Clipboard” button uses bold text. It should use the same style as the “Change Directory” button.
[FIX] Copy/Typos in the Files Tab.
Terminal
[ADD] md5sum
[NEW] Pattern Matching
A pattern encodes some rules meant to match things, using special characters like *, ?, and regular Unicode characters.
txt matches a file named "txt"
* matches anything or even nothing
*txt matches anything followed by "txt" (ends with "txt")
file* matches "file", followed by anything (needs to start with "file")
*some* matches anything, followed by "some", Followed by anything (needs 'some' somewhere in the middle)
? matches a single character (needs a character, any character)
j? matches something that starts with "j" and is followed by any character
*.?s this would then match both "index.js", "main.rs", ".ps", but wouldn't match "gui.jsx"
[abc] matches anything that has one character and it is either a, b or c
*.[jr]s would match anything that ends with ".js" or ".rs"
[a-z] matches a single character, from ASCII "a" to "z" (can include weird characters of ASCII there)
file[0-9] then would match anything that starts with "file" and is followed by a single digit
file[ab0-9cd] matches "file" followed by a single digit or either a, b, c, d
[!s] or [^s] a '!' or '^' at the start of the brackets negates all inside, so here it matches all except for "s"
*[!s] would then match "anything that does not end in an "s"
The machine always spits one of two outputs, either -1 for "error" or machine.Count for "success."
Each character that is compiled creates a cog for the machine. For instance, * tells the machine that "everything matches.”
The expression *, for instance, creates a machine that has a single state that "just matches"
It does that by having only one state 0 that proceeds to the state 1 (machine.Count).
It also allows for obvious optimizations like making * ignore all subsequent *, because ****** is the same as *.
This allows for somewhat of a "return early" pattern, which quits whenever it can, logically, so a machine generated from the complex expression file*??[123a-z]*.txt, when matching a file, can quit as soon as it finds out that the first character of the file is not f.
[NEW] Pathname Expansion
Pattern matching is used for pathname expansion, which expands parts of the path using pattern matching to look for files by their path, this allows for supplying complex hierarchies of directories to a command.
Each part of the path generates a machine that tries matching.
For instance, > echo */Do*/Fo* will make a machine of *, then match, then make a machine Do*, match again, and so on.
If any machines fail, there is no need to go further, and no more machines will be built. The input won't be expanded at all. In this example, it will remain literally echo.
EXAMPLE
mkdir test
cd test
mkdir -p .hidden-fol/../Docs/folder/inner/../../folders/fo{1,2}
touch .hidden .hidden-fol/inner Docs/folder/{aa,ab,bb,inner/cc} Docs/file
We get the following results:
Hidden files must be matched explicitly by prepending any of the patterns with a dot, for example: .*.
Regular * does not grab them.
Misc Fixes
[FIX] Handle game data snapshot parsing in case of corrupted data.
🔥 Introducing Forge!
Forge isn't just another tool; it's a revolution for all cyber enthusiasts.
🌍 Venture into a vast universe where your creativity takes the lead. Set the rules, design the challenges, and let others navigate the intricate missions you craft.
🛡️ Missions that Matter: Use Forge to curate missions tailored to train, upskill, and bolster your cybersecurity prowess. From basics to the nitty-gritty, choose what you want to learn and how you want to learn it.
🌐 Custom Networks & Websites: Why stick to generic missions when you can create your own? Forge empowers you to build custom networks and websites, simulating diverse cyber environments for comprehensive learning.
🚀 Expand & Evolve: Continuously grow by both building and training on custom missions. Forge bridges the gap between theoretical knowledge and hands-on application, ensuring you're always at the forefront of cyber defense.
It's time to redefine how we approach cybersecurity education. Forge provides a canvas to paint your challenges, learn through experience, and empower others to do the same.
Jump into 'Forge' now!
https://steamcommunity.com//workshop/browse?appid=1856090
Let's see the missions you craft, and together, let’s take our cyber skills to the next level.
New tool: Cowsay/cowthink
└─$ cowthink -f whale "I'm having a whale of a time playing World of Haiku"
[ADD] cowsay/cowthink
Included characters:
aardvark aardvark-leaving aardvarks bud-frogs
cower default dragon elephant flower fun
moose rascal sheep skeleton small temple
three-eyes tux whale
cowsay [-h] [-l] [-bdgpstwy] [-f cowfile]
[-e eye_string] [-T tongue_string] [-W columns]
There are several provided modes which change the appearance of the cow depending on its particular emotional/physical state. The -b option initiates Borg mode; -d causes the cow to appear dead; -g invokes greedy mode; -p causes a state of paranoia to come over the cow; -s makes the cow appear thoroughly stoned; -t yields a tired cow; -w is somewhat the opposite of -t, and initiates wired mode; -y brings on the cow's youthful appearance.
The user may specify the -e option to select the appearance of the cow's eyes, in which case the first
one or two characters of the argument string eye_string will be used. The default eyes are 'oo'. The tongue is similarly configurable through -T and tongue_string; the tongue does not appear by default.
However, it does appear in the 'dead' and 'stoned' modes. Any configuration done by -e and -T will be lost if one of the provided modes is used.
The -f option specifies a particular cow character to be used instead of the default cow.
To list all available cowfile characters on the current machine, invoke cowsay with the -l switch."
[UPDATE] Renamed volumes to better reflect what you learn playing them.
[FIX] Issue where the map icon in toolbar glows after continuing from an A mission to B mission for the first time.
v. 1.3.468
New Feature: Haiku Forge
Build, play, remix, and share World of Haiku missions using the Haiku Forge tool! Every mission the Haiku team built used this tool. Have at it!
Next week expect a tutorial on how to build webpages.
[ADD] The three of the most well-known forms of quoting.
- Backslash quoting
Escapes the next character after a unquoted `\`, for instance, `\$var` translates literally to `$var`, making `$` lose its meaning - Single quoting
Escapes every character inside of `'..'`, including backslashes - Double quoting
Escapes every character inside of `".."`, with the exception of `$`, ```, `\` and `"`
It makes so characters inside double quotes are not word split, this is useful when we want to read a multi-word variable without breaking it into different arguments.
Example `> echo "$PWD"` won't split the result of $PWD variable if there's a space in the path, `> echo $PWD` will
[UPDATE] Onboarding happens at the start of the game. After onboarding, it will send you straight to the game instead of dropping you off in the menu.
[UPDATE] `>>` does redirection but appends to the file if it has been found, `>` currently refuses to overwrite the file.
[ADD] Special parameter environment variable `$?`, which stores the integer exit status of the previously executed command.
It has a reverse boolean logic, which means `0` is actually success, any other value means failure (we use 1).
New sqlmap Dojo and Quest Available!
Release Notes
[ADD] New Dojo+: Set on escalating your Hacktivist skills to the next level, Gungnir pays Eos for a private tutoring session so that you can quickly add another priceless command tool to your arsenal: Sqlmap
Includes:
- 1 new Dojo
- 1 new Quest
- sqlmap tool
[ADD] Avatar: Eos
The unapologetic voice of truth for the people of the city. Gungnir’s daughter & former Cybermancer…Eos rose to prominence on the Grid utilizing her vast knowledge of computer tech as a Ronin CyberJournalist & Hacktivist. Countless propaganda platforms, biased TV networks, & Mega-corrupt-Conglomerates have fallen in the wake of her unflinching investigative reports. Eos’s skillset knows NO walls. She refers to herself in the third person and operates at Purity Level 6.
[ADD] Badge: Intro to Applied Cyber Security
- Complete Networks: 1-8
- Complete Dojos: dirb, file, nmap, hydra, john
- Complete Quests: dirb, file
[ADD] App: Web Browser
We built our own interactive web browser to display in-game web pages. Buttons, links, and input fields all work.
[UPDATE] Shop icon
[UPDATE] Start menu button design
We added a lot to our sqlmap tool! Click on "Show Details" to view the man page if you’re interested :)
[expand type="details"]
Usage:sqlmap [options]
Options:
-h Show help message and exit
--version Show program's version number and exit
Target:
At least one of these options has to be provided to define the
target(s)
-u URL Target URL (e.g. ""http://www.site.com/vuln.php?id=1"")
-d DIRECT Connection string for direct database connection
Example:
""S=IP/HostName;DB=DBName;CR=UserName:password""
-c CONFIGFILE Load command parameters from file
Request:
These options can be used to specify how to connect to the target URL
```
--cookie=COOKIE HTTP Cookie header value (e.g. ""PHPSESSID=a8d127e..;SOME=fd32k"")
--auth-cred=AUTH.. HTTP authentication credentials (name:password name:password)
```
Enumeration:
These options can be used to enumerate the back-end database management system information, structure and data contained in the tables
-a, --all Retrieve everything
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--hostname Retrieve DBMS server hostname
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--dump Dump DBMS database table entries
--search Search column(s), table(s) and/or database name(s)
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate
-C COL DBMS database table column(s) to enumerate
[/expand]