Machine Environment

Accounts

You will get multiple accounts:

Initially the web-account's password is the same as all your lab-accounts' passwords.
Changing the web-account's password will reset all your lab accounts' passwords.

At the beginning of each course you will get an email containing your course's lab-account username and a link that allows you to reset your web-account's password.
If you still remember your password from previous courses, its optional to change that password.

Lab-Environment

All our infrastructure runs on Linux and is "safely" coupled off the Internet so that you can experiment with your tools.

The most important lab-server will be banditNG which is basically a remotely accessible shell server for students.
The server is running ssh on the custom port 222.
If you want to ssh per hand under Linux, you have to do ssh secenv.seclab.tuwien.ac.at -p 222.
If you are using a Windows ssh client such as Putty, then you have to enter secenv.seclab.tuwien.ac.at as host name and 222 as port number.

You can put the following entries either into your /etc/ssh/ssh_config or ~/.ssh/config file so that you don't have to enter the hostname and port each time you connect (Windows users can save a session with Putty):

Host bandit
     Hostname secenv.seclab.tuwien.ac.at
     Port 222
Once you have edited your ssh_config file, ssh bandit should do the trick.

Managing your password(s)

You can change the lab-accounts' passwords by issuing passwd. But once you change your web-account's password, it will reset all your lab-accounts' passwords to that password.

Please use a reasonably secure password as we have our own internal challenge to crack your password and do funny things to your account.
This could be stuff like creating files, you cannot delete, pointing out that you got pwned. Or something totally different. We are creative. :)

Submitting and your results

To submit your solution, you need to place the required files into your current directory and call submit [challenge name]

We have an asynchonous grading system now, so unless you forgot a required file, you will always get some kind of OK.
To check the actual result of your submission, login to the secenv-website.
You can submit as often as you wish before the deadline, but once your solution was accepted all your subsequent submissions for that challenge will get silently discarded. (You will get an OK on bandit!)
The deadline is a hard deadline, but bandit will return OK, even if you try to submit outside the challenge's time constraints.
ALWAYS check the grading results at the secenv website whether your submission was acceped. If you submit too late (or early), your submission will be again silently discarded.

Additional challenge files

Some challenges require additional files. Details on that are normally written on each challenges' description page.

In most cases, you will find these files on bandit in /challenges or as links on the challenges' description page.

FAQ - frequently asked questions