Thursday, 5 July 2018

Notes on Character Integrity

How many times have you seen people breaking simple traffic laws? People just hate to stop for a red signal. Always in some hurry. You will only see people halting at a traffic signal if there is a policeman in sight, or if there is too much congestion. In that case, you will definitely encounter people who will risk their own lives, lives of others, just to get across in a yellow light. If they are familiar with the traffic signals, they will even risk speeding across on a red. Its an all too familiar scene...

One most effective method to put a stop to this is the presence of police at each intersection. A team of police at most larger sized intersections. Just the presence of a red light is not enough. The presence of a policeman is necessary. And an alert one at that.

There are many problems with this approach as are quite evident. The likelyhood of someone breaking laws at such an intersection in the presence of police is quite low. So, for all their effort, the money they collect in fines or otherwise, is quite inadequate. Plus, there is the now increased demands of a larger police force. Which links to larger budgets, for salary and everything that comes with increased number of employees. Where to get this money? The humble law-abiding tax-payers.

There may even be suggestions of positive incentivization. For each time you dont break a traffic law, you get some points. So, you are standing at a red signal, there is no traffic, no danger of collision or accident if you do break the signal and go ahead. Still, you choose to wait for the green, and you get bonus points. These points may be redeemed later in the form of lower tax, waiver or discount in processing fees at govt institutions or processes, maybe free accessories for your vehicles etc. The possibilities are endless.

Again, the problems are all too evident. Agreed, this method will definitely incite a sharp drop in the number of traffic violations. However, it also requires significant monetary might. For one, the entire city will need to have monitoring mechanisms installed, CCTV and the like. Then, all the infrastructure to support it, such as people monitoring the screens, harddrives backing up all the hours and hours of video. Sure, this can be automated to a degree, but even this requires maintenance and upkeep, upgrades. The positive incentivization should also be worth the perceived "additional effort" to follow the traffic laws. If the prize is not worth the effort, who is going to bother about it? And there comes the problem. There may be people who are not interested in the incentives being offered, there are those for whom such incentives are trivial, and there are those for whom these incentives are just too good to be true. And then comes the red tape, the bureaucracy, and the pyramid law of inversely proportional percentage of gains and position of power.

Both approaches are bound to fail as both of them operate on a single assumption and a single point of failure. They assume that someone is monitoring 24x7, for both positive incentives and negative incentives. What if there is a breakdown in that mechanism, some lapse? Rules will be followed, if there is threat of paying a fine. In the absence of a police presence to stop and collect fines, rules are bound to be broken.

The solution in my mind is clear. Each and every citizen must be an ideal citizen. You have the brains to think. You have the capacity to foresee the risk of an accident. Afterall, no one willing crashes into someone or something else. It is an unforeseen event. It is clear to the rational thinking, logical mind that following the rules will reduce the risk.

I am not concerned with either positive or negative re-inforcement. I dont care if there is a cop to take a fine or not. I dont care if there is a CCTV capturing my license plate. I dont care for any bonuses or incentives that may be offered for following rules. I know it is right and I will do it. I dont expect everyone to follow this. I dont really care if someone wooshes right past me and into a red light. I know I will stop for the red, no matter what. There are always people who will honk at me to get out of their way, to let them pass, let them go ahead and break the signal. I wont. I choose to ignore. Let them honk and curse. I might point at the red light in defiance. But I will hold my ground. There are many people who look at me like a mad man to follow signals even late at night with little or no traffic. I dont care. There are those who would have gone and jumped the signal, but they see me, and stop. I still dont care. Good for you, maybe you saved your own life today. I see someone talking on the phone while driving, I make it a point to get ahead of them and slow down. Make them slow down. Dont let them pass. Slow down so much, that they have no choice but to stop. Then I can speed away, happy in the knowledge that I saved someone a lot of money in medical bills. People  argue that they jump the signal because they are late. I say that is fine. You are late, you should face the consequences. Would you prefer that someone is injured, or dies, just because you failed to plan ahead and were in a hurry? I follow traffic rules, not to avoid penal action, not to avail benefits, but because that is the right thing to do. That is integrity.

Sunday, 23 July 2017

Detect Mac OS X in a LAN using nmap

Sometimes there is need to detect a Mac OS X in a LAN, or on any network. This could be post exploitation when you have gained access to a network, or just plain network scan, internet-wide scan, maybe you need to identify the OS's running in a subnet etc. Today I am going to show a couple of methods using nmap which will allow you to identify Mac OS X specifically, in a network.

1. AFP Server info
One of the surest methods to detect an Apple computer in your network is to look for the AFP service.
Command -
sudo nmap -p 548 -Pn -v --script "afp-serverinfo" < target(s) >
Output -
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-23 20:25 IST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:25
Completed NSE at 20:25, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 20:25
Completed Parallel DNS resolution of 1 host. at 20:25, 0.01s elapsed
Initiating SYN Stealth Scan at 20:25
Scanning 192.168.0.100 [1 port]
Discovered open port 548/tcp on 192.168.0.100
Completed SYN Stealth Scan at 20:25, 0.01s elapsed (1 total ports)
NSE: Script scanning 192.168.0.100.
Initiating NSE at 20:25
Completed NSE at 20:25, 0.00s elapsed
Nmap scan report for 192.168.0.100
Host is up (0.00015s latency).

PORT    STATE SERVICE
548/tcp open  afp
| afp-serverinfo: 
  Server Flags: 
    Flags hex: 0x9ff3
    Super Client: true
    UUIDs: true
    UTF8 Server Name: true
    Open Directory: true
    Reconnect: true
    Server Notifications: true
    TCP/IP: true
    Server Signature: true
    Server Messages: false
    Password Saving Prohibited: false
    Password Changing: true
    Copy File: true
  Server Name: <redacted>-MacBook-Pro
  Machine Type: MacBookPro11,3
  AFP Versions: AFP3.4, AFP3.3, AFP3.2, AFP3.1, AFPX03
  UAMs: DHCAST128, DHX2, Recon1, Client Krb v2, GSS
  Server Signature: 39681c34a1005065b2759856ddffbcc7
  Directory Names: 
    afpserver/<redacted>-macbook-pro.local@LOCAL
|_  UTF8 Server Name: <redacted>s-MacBook-Pro

NSE: Script Post-scanning.
Initiating NSE at 20:25
Completed NSE at 20:25, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

           Raw packets sent: 1 (44B) | Rcvd: 2 (88B)

You can also use a little grep and awk magic to just extract the "Server Name" from the output. The actual server names have been <redacted> for no reason at all ;)

2. Apple Remote Desktop Service (vnc)
This method is a little less informative, but will serve the purpose of identifying an Apple computer. Unlike the AFP service, the vnc service does not provide the machine name or the OS version. It just identifies the Apple Mac OS.
Command -
sudo nmap -p 5900 -sV -Pn -v < target(s) >
Output -
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-23 20:37 IST
NSE: Loaded 41 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 20:37
Completed Parallel DNS resolution of 1 host. at 20:37, 0.04s elapsed
Initiating SYN Stealth Scan at 20:37
Scanning 192.168.0.100 [1 port]
Discovered open port 5900/tcp on 192.168.0.100
Completed SYN Stealth Scan at 20:37, 0.01s elapsed (1 total ports)
Initiating Service scan at 20:37
Scanning 1 service on 192.168.0.100
Completed Service scan at 20:37, 0.07s elapsed (1 service on 1 host)
NSE: Script scanning 192.168.0.100.
Initiating NSE at 20:37
Completed NSE at 20:37, 0.00s elapsed
Initiating NSE at 20:37
Completed NSE at 20:37, 0.00s elapsed
Nmap scan report for 192.168.0.100
Host is up (0.00015s latency).

PORT     STATE SERVICE VERSION
5900/tcp open  vnc     Apple remote desktop vnc
Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x

Read data files from: /usr/local/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds

           Raw packets sent: 1 (44B) | Rcvd: 2 (88B)

As you can see, it will only identify Apple remote desktop vnc, or Mac OS X. No version info. But it serves the purpose of identifying an Apple computer in the network. I dont know why this is useful, but just posted it out there...

Saturday, 3 October 2015

Jenkins and JUnit - How to make it work for you

Jenkins is a widely used CI (Continuous Integration) tool.
Its fairly easy to create your own Jenkins Server on a decent machine or even virtual machine.
Usually, you create some tests.
Then you require that data to be presented in a graph showing successes and failures.
Jenkins will do that for you, there is no need for you to write your own code to create the renderings and graphs etc.
Jenkins just requires an xml file which contains the results of your test suite.
The problem is that the xml does not have a fixed format, it can contain very few items, or a lot of items; yet there is no standardization.

So, what do you do now?
First things first.
Install the JUnit plugin on Jenkins.
Then have your test script/framework generate an xml. There are a lot of custom tools, scripts, plugins and libraries which can be used to generate xmls from ready data.

However, how do you know that your xml has everything that Jenkins needs to publish that beautiful graph?
The JUnit plugin requires a very simple xml format.
Just match that and voila!! You have a graph that is plotting your test failures and successes.
Here is an example of a very simple xml that Jenkins can process into the graph.

=============== BEGIN XML SNIPPET ================
<testsuite name="Sample tests" tests="4">
    <testcase name="test1">
        <property name="Passed"/>
    </testcase>
    <testcase name="test2">
        <property name="Passed"/>
    </testcase>
    <testcase name="test3">
        <error name="Some Error message."/>
    </testcase>
    <testcase name="test4">
        <failure message="Some Failure message."/>
    </testcase>
</testsuite>
=============== END XML SNIPPET ================

The JUnit plugin does not differentiate between errors and failures. (Ref - https://issues.jenkins-ci.org/browse/JENKINS-4951 )

Next, add a build step in your Jenkins job as "Execute Shell".
JUnit plugin does not fail or pass your builds. You need to do that yourself.
You need to mark you build as failed in case there is some failure or error.
One thing to note, the "Execute Shell" step will fail the build for any non-zero return codes.
We will make use of this for our own good. ;)

Here is a script that I use -
=============== BEGIN SHELL SNIPPET ================
grep -Ei 'failure|error' result.xml
res=`echo $?`
if [ $res -eq 0 ]; # Grep found at least one match
then
    echo "Some tests failed or had some error. Failing the build..." ;
    exit 1;
elif [ $res -ne 0 ];
then
    echo "Pass"
fi
=============== END SHELL SNIPPET ================

I myself like the "no tolerance" approach, so I fail my builds if there is even one error or failure, but you can write your own custom logic and parsing using percentages or something else.


Now you will get a nice graph which tracks the test failures and successes AND the appropriate build status.
Without this shell script, the builds will be marked as success or as unstable.
The JUnit only looks into the xml to find failures and errors, but it does NOT control the status of the build.