Are you the Sherlock fan who is ready to solve 404 at 200 B-Terminal Street?
Are you that aspiring developer who loves solving problems?
Are you the person who loves doing cool stuff using Linux?
If your answer is YES, then you won’t want to miss reading this!!
We learn something by doing it.
So Let’s just take a problem and solve that problem being the Sherlock Dev!
Problem To Be Solved By Sherlock Dev —
Meet is a flipkart user and uses https://www.flipkart.com/ to buy products online. Now since a last few days, he is seeing different transactions on his account which he is completely unaware of. So he calls Sherlock Dev and has requested him to check if his account is hacked or not. Sherlock Dev now has to check whether Meet is telling the truth or not and if so, give proof of how he detected whether Meet’s account was hacked so that he can report to flipkart and necessary actions can be taken.
Resources Sherlock Dev has :
- Log File of Meet’s access records
- Laptop which has linux as its OS.
Let’s be Sherlock Dev and solve this problem and help Meet out :)
Okay So initially, we are given the log file of Meet’s access records :
Firstly, let’s check from how many different IP Address was Meet’s account accessed !
So How do we do that?
Do I go to all the records one by one, check for the IP in each line and make an excel sheet of each IP keeping a count of number of times the same IP was used?
Well ! It can be done but won’t that be like way too lengthy for a cool Sherlock Dev like you?
Remember- we had linux as our OS ? So Let’s use it to our best then :D
Approach used by Sherlock Dev:
So this is how one access log looks like :
Dec,10 10:13:59 AM,27.97.182.48,Sahana,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; MATBJS; rv:11.0) like Gecko
Now here we only want the IP, so we basically make a file that extracts IP from these logs and stores it to make our life easier and you know who makes our life easy when it comes to pattern matching — grep
grep -E -o “([0–9]{1,3}[\.]){3}[0–9]{1,3}” log > output.txt
So Here it basically extracted the IP (Consider it as a regular expression if you want to understand it) from the log file and stored it in a random text file — output.txt
cat output.txt
It displays all the contents of output.txt
sort output.txt > sorted.txt
It sorts output.txt and the sorted file contents gets stored in another file — sorted.txt
But why sort?
Reason is we need unique IPs and we find unique contents using uniq command in linux but guess what is the constraint to use uniq?
Yes, you guessed it right — the file should be sorted for the uniq command to work and yield proper result.
cat sorted.txt
Displays content of sorted.txt
uniq -c sorted.txt | awk ‘{print $2": “$1}’
Uniq command finds unique IPs from the file and -c helps keep a count of each unique value and then this output is being fed as an input to the awk command which further prints the IPs alongside their counts of occurence.
Isn’t that amazing? So can we prove that her account was hacked just on the basis of different IPs?
Will that be enough proof for a Sherlock Dev like you?
No right?
Let’s find origin of some of these IPs to check from where these transactions used to take place!
Let’s find IP location of some of the IPs and we shall get our proof what we need?
As we see, the locations of these IPs are from different parts of India and so we can say that the account is being accessed from multiple locations and multiple IPs.
This is good amount of proofs collected — Well done Sherlock Dev :D
But Meet doesn’t want to take any type of chance regarding this case. He gives one more additional information to Sherlock Dev that he only has a computer with windows operating system and has an android phone and uses flipkart only through these two systems.
Sherlock Dev feels strange as he did see many Macos in the access logs. So he resumes his work by making a list of all the logs with Macos.
So how does do it?
→Why fear when grep is here xD
Approach :
grep “Apple” log > noofdev.txt
cat noofdev.txt
subl noofdev.txt
grep “iPad” log > ipad.txt
subl ipad.txt
grep -E -o “([0–9]{1,3}[\.]){3}[0–9]{1,3}” ipad.txt > uniqueipipad
sort ipad.txt
sort uniqueipipad
uniq -c uniqueipipad | awk ‘{print $2": “$1}
I hope you are familiar with the above linux commands if you have reached till here :)
I would leave the curious Sherlock Dev inside you to implement the above approach and find the proof.
Now Sherlock Dev gives all of the evidences to flipkart and is able to convince them that Meet’s account was hacked and necessary actions are taken.
I hope you were able to find the Sherlock Dev inside you and had positive takeaways.
Woah! That was amazing :)
So Now you know the importance of learning tech by doing it and eventually solving real life problems by working on real life projects and use cases. But who came out with this amazing #learnbydoing concept?
Well if you are a developer, you know the answer :)
Crio.do is a platform that fundamentally changed the way tech is learnt through their “work-like” Micro-Experiences. Crio Micro-Experiences provide an environment optimised for learning, with real world problems curated from the industry.
Isn’t that amazing?
Check out https://shahmeet.me/ to know more about me and my journey as a technology enthusiast.