Day 1 Laboratory: Developer Fundamentals

Setting up command line proxies

Start Terminal (black icon on the bottom)

You will be using web proxies activated by you AUBnet password during this laboratory. For the purposes of this exercise, it is recommended that you change your password so that it contains:

• an underscore
• no other special characters

You can change your password at: https://cgi.aub.edu.lb/services/ssl/passwd-std.html

Then export these environment variables using the following commands at the terminal

proxy_user=your_aubnet_username_here
proxy_password=your_password_here

export ftp_proxy=http://$username:$password@proxya.aub.edu.lb:3128/
export http_proxy=http://$username:$password@proxya.aub.edu.lb:3128/
export https_proxy=http://$username:$password@proxya.aub.edu.lb:3128/

Setting up the web proxy for Firefox

Start Firefox (orange icon on the top)

Go to Edit -> Preferences -> Advanced -> Network -> Settings

Select Automatic proxy configuration URL and enter: http://autoproxy.aub.edu.lb/autoproxy.pac

Passphrase: 00000000000000100010100101100000

Crack the Repository

Not just anybody can be an attendee of the HPC @ AUB course. You must first prove yourself to me by breaking into my pizza repository at http://aron.ahmadia.net/hpcataub/pizza using your knowledge of UNIX fundamentals and by adding yourself to the list of participants in the course.

You have all the tools you need to decipher out the passwords, private keys, and passphrases that I've hidden from you. Use the techniques I've shown you, or invent new ones. If you complete the exercise ahead of schedule, try to help other participants or write your entire solution into a single shell or python script.

Setting up Your Agent

Your ssh-Agent is going to be with you every step of this assignment. She will be responsible for maintaining your identity and authenticating you as you negotiate with foreign entities. Please set up a secure public/private keypair for authentication using the following steps:

# generate ssh key
# The default file /home/user/.ssh/id_rsa is fine
# Enter a secure passphrase at the prompt!
ssh-keygen -t rsa -C "youremail@aub.edu.lb"

# initiate ssh-agent
exec ssh-agent /bin/bash

# add your secure identitiy
ssh-add ~/.ssh/id_rsa

# remember that when logging into remote systems, your agent can accompany you if you specify
# the -A flag (e.g. ssh -A shaheen.hpc.kaust.edu.sa)

Your public identity key is stored in ~/.ssh/id_rsa.pub. You can easily submit this to another system with a single command line entry:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@shaheen.hpc.kaust.edu.sa

Your private identity key file is stored in ~/.ssh/id_rsa. Guard this like a credit card or your wallet! Your passphrase is the second level of security protecting your private key, but it is still not a good idea to leave it lying around on untrusted systems.

Create an account at http://bitbucket.org and upload your public key, then send me an email with your username so I can add you to the repository.

Acquiring the (Broken) Decrypter

Who encrypts pieces of their homework assignments using XOR?

I do!

Who is going to download a decrypter and use it to decrypt their first password?

You will!

The decrypter repository is part of the official hpc @ aub course repository hosted on bitbucket at http://bitbucket.org/ahmadia/hpc_at_aub

Clone the repository to a local directory on your workstation:

git clone git@bitbucket.org:ahmadia/hpc_at_aub.git

Building the Decrypter

The decrypter subdirectory contains the source code for the decrypter, as well as a Makefile for building it. You can issue a build directive to make from the command like this:

make decrypt

You didn't think I was going to make this that easy, did you :D? Both the Makefile and the C source code have slight errors in them, use your knowledge of Makefile and C syntax to figure out what is going wrong here.

Extract from encrypted and split tarballs

I've hidden three passwords in the file hidden.o, which you can download using wget from http://aron.ahmadia.net/hpcataub/day_1/hidden.o

Use the strings command on hidden.o to recover the passwords, and then the nm utility on hidden.o to determine which passwords match to each of the three binary files on my site (use wget to download them):

wget http://aron.ahmadia.net/hpcataub/day_1/citizen.bin
wget http://aron.ahmadia.net/hpcataub/day_1/marx.bin
wget http://aron.ahmadia.net/hpcataub/day_1/monty.bin

Use decrypt (which reads from stdin and decrypts to stdout) and the shell redirection operators < and > to convert each of the binary files to a .gz file. You will need to modify xor_crypt.c and recompile each time you change the password (or you could make it a command line option). You should now have the following three files in your directory: citizen.gz, marx.gz, and monty.gz. You can verify that you are correctly decrypting by typing:

file citizen.gz marx.gz monty.gz

The three files should all report their contents as gzip compressed data. If they do not, you may not be using the correct password to decrypt them. Unzip the three files using gunzip, then concatenate them using cat in the following order: marx monty citizen and using a pipe | to the tar command with the following command line options: -xv -f -. The - argument to the -f command line option instructs tar to read its input from stdin, which is in this case connected to stdout (and the three concatenated files) from cat.

tar should find and extract a single file, id_dsa. This is your key! Once you have the passphrase, you'll be able to push changes to the pizza page repository.

A Passphrase in the Game of Life

You will also notice a life subdirectory under day_1 which contains a simple implementation of the Game of Life in Python. Adjust the code so that it runs for 100 iterations, then run it with the following command line:

python life.py print_as_phrase

You can then:

ssh-add ../id_dsa

Type in your passphrase, and you will now have read and write access to http://bitbucket.org/ahmadia/pizza

Modify the HTML in this repository to leave your mark on the site.

Commiting Your Changes and Opening a Pull Request

I would like to record, for posterity, all the students who have attended this course. You will help do this recording for me, by following these steps:

• fork the HPC @ AUB repository on BitBucket to http://bitbucket.org/yourname/hpc_at_aub by clicking on the fork button at http://bitbucket.org/ahmadia/hpc_at_aub or visiting http://bitbucket.org/ahmadia/hpc_at_aub/fork
• clone your fork of the repository to your workstation with

git clone git@bitbucket.org:yourname/hpc_at_aub.git

• modify the file web/participants.rst and add some information about yourself that you would like to share.
• add and commit your changes

git add web/participants.rst
git commit -m "added information about myname"

• issue a pull request from http://bitbucket.org/yourname/hpc_at_aub by either clicking on the send pull request button or visiting https://bitbucket.org/yourname/hpc_at_aub/pull-request/new
• your pull request will need to be merged with other incoming requests, don't worry if I reject it, I am probably just going to do the merge by hand.

Credits

• Pygments Integration
• MathJax Integration
• Guinea Pigs/Feedback - Tareq Malas, KAUST
• Guinea Pigs/Feedback - Jed Brown, Argonne National Laboratories