HOW TO : Set $GOPATH

Been dabbling in go recently and I was surprised that the default install doesn’t setup the $GOPATH environment variable.

If you are running it on a Linux box, here is how your can set the $GOPATH variable

Add the following lines to ~/.bashrc file 

export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Overheard : BODMAS

Trying to sharpen my programming skills :). Just heard about BODMAS and mind blown about the simplicity of the acronym. 

Essentially BODMAS is a simple way to remember the order a programming language (that follows this standard) processes operators in a statement.

BODMAS
Bracket, Of, Division, Multiplication, Addition and Subtraction

Optimizing cache infrastructure

I love when engineering teams share their tricks of trade for other organizations to benefit. While this might seem counter-intuitive, sharing knowledge makes the entire ecosystem better.

Etsy‘ engineering team does a great job of publishing their architecture, methodologies and code at https://codeascraft.com.

This particular article on how they optimize their caching infrastructure (https://codeascraft.com/2017/11/30/how-etsy-caches/) is pretty enlightening. I always thought the best method to load balance objects (app hits, cache requests, queues etc) to hosts was to use mod operations. In this blog post Etsy’ team talk about using consistent hashing instead of modulo hashing.

At a high level, it allows cache nodes to fail and not impact the overall performance of the application drastically in addition to making it easy to scale the number of nodes. This method is useful when you have a large amount of cache nodes.

More reference links

  • http://www.tom-e-white.com/2007/11/consistent-hashing.html
  • https://www.toptal.com/big-data/consistent-hashing
  • https://en.wikipedia.org/wiki/Consistent_hashing

 

HOW TO : Parse IP Address in Windows Batch File

We had a recent challenge at work which required us to execute different actions based on which office a particular workstation was located in. Since we have unique network ranges per office, I thought this would be a good variable to use. Just for future reference, here is how we accomplished this in a batch file. The workstations were running Windows 7

[code]

@ECHO OFF

FOR /f "tokens=3" %%I IN (
‘netsh interface ip show address "Local Area Connection" ^| findstr "IP Address"’
) DO SET ipAddress=%%I

REM "Office 1"
IF NOT x%ipAddress:10.130=%==x%ipAddress% (
ECHO "Office 1" + %ipAddress%
ECHO "do_something_else" )

REM "Office 2"
IF NOT x%ipAddress:10.140=%==x%ipAddress% (
ECHO "Office 2" + %ipAddress%
ECHO "do_something_else" )

[/code]

Details of function used

  • netsh interface ip show address “Local Area Connection” : With this command we are extracting the IP information of just the LAN port
  • findstr “IP Address” : returns the line containing “IP Address”
  • IF NOT x%ipAddress:10.130=%==x%ipAddress% : We are using the substitution function and returning false if the new string doesnt match the original
  • FOR /f “tokens=3” : Using the functions in the FOR loop to extract the third variable in the matching line

Update 1 : Application Development : domainScan

Following up from my post earlier this month regarding building a security application that scans publicly available data (Google) and report on potential information leakage from a hostname.

I created a repo on github if anyone is interested in contributing. First thing any good developer does is to check code in early and often :). The repo is at https://github.com/kudithipudi/security-domainscan

Here’s the sudo code I put together as a framework to build on

[code]

functions
read_file(file)
open file;
for each line
process_line(hostname)

process_line(hostname)
search_google(hostname)
write to log

search_google (hostname)
connect to google api
get results for hostname
return number of results

main
read_file(input)

[/code]

 

Idea for a security application

I think the best way to learn a new (programming) language is to address a real world problem :). So here is one, I want to solve in the next few months.

One of the things I like to do as part of a evaluation security process is to check the amount of public information available for a website. I frequently find that people find information leakage from websites they thought were secure or not publicly accessible.

The idea is to create a python script to do the following

  • Must have
    • Inject list of hostnames and do the following
      • Check whether they resolve to a public IP or not
      • If resolving to public IP, check the amount of data being exposed by this site by doing a quick google search
      • Report on the amount of information available sorted by amount
  • Nice to have
    • take domain name instead of hostnames and try to do a domain transfer and capture all hostnames in the domain
    • leverage Google API instead of web scraping
    • web interface to allow input and show output

Why python? Well, I have been trying to learn it for sometime now and I think it is time to put all that learning to use :).

Anyone interested in joining the fun?

Lessons of the trade : Handling CVV numbers

Just for my notes.. Even though the CVV numbers on a credit card, look like numbers :), don’t treat them as integers in your code. Some of the numbers start with a 0.. so 059 might become 59 by the time you try to process it if you capture the CVV field as an integer.

Just treat them like a string.

And obviously you are not storing them anywhere in your application/network :). Or you might end up in the headlines like some of our retailers.

For loop in Windows command shell

For my records, syntax for running a simple for loop in command prompt

[code]for %i in (SERVER1 SERVER2) do nslookup %i [/code]

note :

  • Looks like the variable can only be single characters. i.e you cannot name the variable %server
  • For using the same syntax in a batch file, you have to add another % to the variable. i.e. %i becomes %%i

Another day.. Another Hack

The net is up in arms about a new release from team Ghostshell of compromise data. Details of the leak can be found at http://www.theregister.co.uk/2012/08/28/team_ghostshell_megahack/ and the source of the data is at http://pastebin.com/BuabHTvr .

I thought I would put my nascent python skills to use and write a simple script to parse through the release and download all the data. Hoping to analyze it later on. It is pretty basic, but does the job of parsing the release and downloading the content. You can get the script at https://github.com/kudithipudi/Misc-Scripts/blob/master/parseHellfire.py

Watch out for an analysis of the content soon :).