Always include both account names when contacting staff!
You can change the lab-accounts' passwords by issuing passwd on the lab machines, but changing the web-account's password will reset all your lab accounts' passwords back to the web account's.
At the beginning of each course you will get an email containing your course's lab-account username and a link that allows you to reset your web-account's password.
If you still remember your password from previous courses, its optional to change that password.
Please use a reasonably secure password as we have our own internal challenge to crack your password and do funny things to your account.
This could be stuff like creating files, you cannot delete, pointing out that you got pwned. Or something totally different. We are creative. :)
All our infrastructure runs on Linux and is "safely" coupled off the Internet so that you can experiment with your tools.
The most important lab-server will be banditNG which is basically a remotely accessible shell server.
The server is running ssh on the custom port 222.
If you want to ssh per hand under Linux, you have to do ssh -p 222 secenv.seclab.tuwien.ac.at.
If you are using a Windows ssh client such as Putty, then you have to enter secenv.seclab.tuwien.ac.at as host name and 222 as port number.
You can put the following entries either into your /etc/ssh/ssh_config or ~/.ssh/config file so that you don't have to enter the hostname and port each time you connect (Windows users can save a session with Putty):
Host bandit Hostname secenv.seclab.tuwien.ac.at Port 222
Once you have edited your ssh_config file, ssh bandit should do the trick.
To submit your solution, you need to place the required files on bandit into your current directory and call submit [challenge name]
We have an asynchronous grading system, so unless you forgot a required file, you will always get some kind of OK.
To check the actual result of your submission, login to the secenv-website.
You can submit as often as you wish before the deadline, but once your solution was accepted all your subsequent submissions for that challenge will get silently discarded. (You will get an OK on bandit!)
The deadline is a hard deadline, but bandit will return OK, even if you try to submit outside the challenge's time constraints.
ALWAYS check the grading results at the secenv website whether your submission was acceped. If you submit too late (or early), your submission will get silently discarded. (You will get an OK on bandit!)
Some challenges require additional files. Details on that are normally written on each challenges' description page.
In most cases you will find these files on bandit in /challenges or as links on the challenges' description page.