The SecEnv environment

Accounts

You will get multiple accounts:
  • One persistent, long-term account that allows you to access your scores and grades and is not used for anything else. ("web-account")
    Most likely its your student-id.
  • One account for each course you attend, for the duration of the lab-part. You use this username basically everywhere.
    Most likely its inetsecXXX.

Always include both account names when contacting staff!

You can change the lab-accounts' passwords by issuing passwd on the lab machines, but changing the web-account's password will reset all your lab accounts' passwords back to the web account's.

At the beginning of each course you will get an email containing your course's lab-account username and a link that allows you to reset your web-account's password.
If you still remember your password from previous courses, its optional to change that password.

Please use a reasonably secure password as we have our own internal challenge to crack your password and do funny things to your account.
This could be stuff like creating files, you cannot delete, pointing out that you got pwned. Or something totally different. We are creative. :)

Lab-Environment

All our infrastructure runs on Linux and is "safely" coupled off the Internet so that you can experiment with your tools.

The most important lab-server will be banditNG which is basically a remotely accessible shell server.
The server is running ssh on the custom port 222.
If you want to ssh per hand under Linux, you have to do ssh -p 222 secenv.seclab.tuwien.ac.at.
If you are using a Windows ssh client such as Putty, then you have to enter secenv.seclab.tuwien.ac.at as host name and 222 as port number.

You can put the following entries either into your /etc/ssh/ssh_config or ~/.ssh/config file so that you don't have to enter the hostname and port each time you connect (Windows users can save a session with Putty):

Host bandit
     Hostname secenv.seclab.tuwien.ac.at
     Port 222

Once you have edited your ssh_config file, ssh bandit should do the trick.

Submitting and your results

To submit your solution, you need to place the required files on bandit into your current directory and call submit [challenge name]

We have an asynchronous grading system, so unless you forgot a required file, you will always get some kind of OK.
To check the actual result of your submission, login to the secenv-website.
You can submit as often as you wish before the deadline, but once your solution was accepted all your subsequent submissions for that challenge will get silently discarded. (You will get an OK on bandit!)
The deadline is a hard deadline, but bandit will return OK, even if you try to submit outside the challenge's time constraints.
ALWAYS check the grading results at the secenv website whether your submission was acceped. If you submit too late (or early), your submission will get silently discarded. (You will get an OK on bandit!)

Additional challenge files

Some challenges require additional files. Details on that are normally written on each challenges' description page.
In most cases you will find these files on bandit in /challenges or as links on the challenges' description page.

FAQ - frequently asked questions

  • I can no longer logon, it says "fork: resource temporarily unavailable"???

    On SecEnv systems (e.g. bandit) we have several resource limits (see /etc/security/limits.conf) so that available system resources can be shared among all users in a fair and economic way. Among these limits the maximum number of allowed processes per user is set to 20 which you have most likely exceeded.
    In order to get back to work, close some of your running programs and you should be fine again.
    If you want to use tools like screen know what it implies.
    If, for example, you run a forkbomb within screen, you loose access to your account and disconnecting all your ssh sessions wont help.

    Remember: Each time you logon, it will take at least two processes (one being sshd and the other one the login shell). You can view your currently running processes nicely by running:
    pstree -pcl `whoami`
  • Can you increase the resource limit for me, pleeeeeaaase?

    short answer: no
    longer answer: In an ideal world there would be no resource limits. However, since the resources on our systems are limited, we need to ensure that the system is responsive and working well for all users, regardless of the funny things (*cough* fork bombs anyone?*cough*) other users might be doing. Over the years we found the current limits to be working well which is the reason why we won't change them.
    Never change a running system, right?
  • I cannot live without $TOOL, can you install it?

    short answer: maybe
    longer answer: We have a new shiny secenv and some tools may still be missing. Drop us a line, if you want something installed and we will consider installing it.
  • Who reads FAQs these days?

    Most people tend to write an eMail before reading by themselves. Because reading email responses is obviously totally diffrent from reading FAQs.
    We might not reply to eMails asking trivial questions that would have been resolved by reading this page.