ECT Hostbound

Hostbound: Help

What this is

Hostbound teaches the SSH perspective shift: once you ssh into a machine, your commands run there, and the network that machine sits on decides who you can reach. Explore a hidden network to find the golden machine. Fewer hops and fewer wrong claims = a better score. First time? Open the hamburger and pick Tutorial for an 8-step guided run on a small fixed world.

The one rule: same-LAN reachability

You can ping, nmap, or ssh a host only if it shares one of your current host's directly-connected subnets. There is no routing. To go further you must ssh onto a host that bridges into the next subnet, then continue from there. In dual-stack worlds (HB3) crossing an IPv4/IPv6 boundary works the same way: find a host with a NIC in both families and hop through it.

Core commands

ip a: your interfaces; the net field on each line is the subnet that NIC is on.
nmap -sn NET/PREFIX: ping-sweep one connected subnet for live hosts (nmap -h for the form). Scan each of your subnets separately.
nmap -sV <host>: version-scan a single host's open ports and service banners. Useful for confirming gold without a blind claim.
ping <address>: test one host.
ssh [user@]<addr>: hop to a reachable host. In IPv6 / dual-stack worlds a bare hostname also resolves.
ls / cat <file> / nano <file>: each non-golden host's home holds a recon .txt file with a clue (and, in Cybersecurity Mode, a .intel file you can sell).
exit: back to the previous host. where-am-i: host, NICs, trail. describe (alias map): narrate the discovered map as text (accessibility friendly).
claim: declare the current host is the golden machine. help: command list.

Finding the golden machine

Every non-golden host's recon file states its exact hop-distance to the golden machine plus one true digit (v4) or group (v6) of its address. Read files as you go and always move to a host with a smaller hop-distance: that greedy descent always reaches the goal. The golden host has no recon file at all - an empty home (ls shows nothing) is itself the tell - and an nmap -sV against it reveals a unique signature service (port 1337 / ducky-vault / GoldenVault) so you can confirm before claiming. A weaker relative cue (Bearing: warmer/colder) prints on ssh-arrival as a sanity check.

The map (fog-of-war)

Subnets and hosts appear only as you discover them: your own subnets via ip a, one host via ping, a subnet's hosts via nmap -sn, a host via ssh or nmap -sV. Each pastel square is one subnet; a host straddling two squares is multi-homed (a bridge). The ducky marks where you are.

Right-drag on the map to pan; mouse wheel to zoom; the minimap (bottom-right) shows the whole discovered map and recenters on click.
Find host input in the footer (left of Network Options): type any discovered host name (Tab/datalist autocompletes) and press Enter to pulse a ring on it and recenter.
Keyboard (focus the map first): arrow keys pan, + / - zoom, 0 resets and recenters.

Score, par, and the timer

The scorebar above the terminal tracks Hops traversed (with the optimal hop count in parentheses as par), Claims, and Time. The clock starts on each new game and freezes on a winning claim. The win panel grades the run: Optimal run if hops are at par with no wrong claims, otherwise it reports the overage. Re-opening the win panel later replays that snapshot; it never re-scores.

Network Options

Four toggles live under Network Options ▸ in the hamburger and in a footer popup left of the Gold Machine button. They regenerate the world at the same seed body:

Difficulty: Casual / Normal / Hard / Brutal / Extreme. The top-right badge also cycles it.
HHM (Host Hide Mode): Off / On / Hard. On hides the hop trail breadcrumb. Hard additionally hides every host icon (except the one you are on), the NIC ports, and the switch icons, so you must reconstruct the map from ip a, nmap, and describe. A teal/indigo badge in the top bar (left of the Difficulty badge) shows the current state and is clickable.
Firewalls: some hosts drop ping or refuse ssh even when same-LAN. Route via a different unfiltered peer; the path is always solvable. Shown as an FW badge in the top bar.
Cybersecurity Mode: see below. Shown as a CS badge in the top bar.
IP Mode: IPv4 / IPv6 / Dual-stack. Encoded in the code prefix (HB1 / HB2 / HB3); a clickable badge in the top-right also cycles it.

Cybersecurity Mode

When on, some hosts run a vulnerability and ssh-ing in requires a matching tool in your inventory. nmap -sV on a vulnerable host tags its 22/ssh line with a hint like (?priv-esc) so you know which tool to bring. The four tool/vuln pairs are priv-esc-kit / sudo-misconfig, default-creds / default-password, hash-cracker / weak-password, and bof-exploit / unpatched-service. Per-difficulty starting kit: Casual 0 (mode is a no-op), Normal / Hard 1 tool, Brutal / Extreme 0 (forage early).

Auto-pickup: ssh-ing into a host with loot adds it to your inventory automatically.
Intel files: every host has a *.intel file worth tens to hundreds of thousands of credits. cat shows the value; selling happens in the Darkweb panel.
inv / creds: your tools and credit balance.

The Darkweb

Somewhere in the network is a seeded broker host. With Cybersecurity Mode on, every recon .txt file also carries a clue to the broker (its hop-distance plus one address fragment), so you can hunt it the same way you hunt the golden machine. ssh onto it, then run dw enter to unlock Darkweb access for the rest of the run. Once entered, a purple Darkweb button appears in the footer and a Darkweb item appears in the main menu; either opens a full-screen panel with Shop, Inventory, and Sell Intel sections. All buying and selling happens inside the panel. From the terminal, dw list (or plain dw) opens the same panel. Esc or the CLOSE button exits.

Challenges & sharing

Under Challenges ▸ in the hamburger:

Today's network: a deterministic seed-of-the-day so everyone on the same date and IP mode gets the same world.
Copy challenge link: copies a URL that pins the difficulty and HHM state along with the code, so a friend opens the exact same map at the exact same mode.
Custom network: opens the Sandbox modal where you dial topology directly (hop distance, dead-end arm, branches, loops, IP mode, dual-stack mix, density). Produces an HB4- code. Difficulty does not apply to sandbox worlds; the dialed parameters are the world.

Export run report (hamburger) writes a plain-text summary (code, difficulty, hops, claims, time, full ssh trail) to the terminal, the clipboard, and a downloadable .txt. The instructor answer key is hidden unless Admin is unlocked.

Notes, Theme, and accessibility

Notepad (hamburger, or the button at the left of the map's YOU caption): a draggable scratchpad for jotting IPs, hop-distances, and address fragments. In-memory only.
Theme ▸: Light / Dark / Auto plus a High-Visibility toggle for large fonts and high contrast. Theme and hi-vis are the only preferences that persist; game progress never does.
describe (terminal) narrates the discovered map for screen readers. The map canvas is keyboard-focusable.

The win screen

On a successful claim the panel shows your stats, an encrypted note about the next difficulty level, and a draggable card you can dismiss with the ×, the Keep exploring button, a backdrop click, or Esc. The map and trail re-appear so you can review the route. Decode the note by hand; sandbox worlds have no note.

Network codes & persistence

The code in the footer (for example HB1-XXXXXXXXX for IPv4, HB2- IPv6, HB3- dual-stack) fully reproduces a world. Topology, difficulty, HHM, Firewalls, and the Cybersecurity bit are all packed in, so sharing just the code is enough. The Copy and New buttons next to the code box are quick shortcuts. HB4- codes are custom sandbox worlds. Only Theme and High-Visibility persist; game state resets on every reload.

Golden Machine found

About Hostbound

Authors

J. Warren McClure School of Emerging Communication Technologies

Admin

Jump to host