Tuesday, April 20, 2010

Blocking ads and other various websites

Have you ever been to a site that had one of those very annoying embedded ads that just hung at the top or bottom of the page. This 'banner' was just in the way no matter what you did. Have you ever wanted to get rid of it?

I use various browsers when browsing the web, some support adblock and others do not. I'm not a fan of browser plugins. I'm under the firm belief that a browser is a browser and should only deal with the I/O of html. That being said, I don't use adblock, noscript or anything else like that. I use settings in /etc/hosts to block my ads.

So for today's example, turn off your adblock utility and navigate over to www.unixporn.com. Now you should see a very annoying banner ad on every single page, even on the pages where your viewing a screenshot full screen. Lets get rid of this ad.

OK, from the information in the ad, we know that it is hosted by godaddy. So we'll try the easiest thing first, open up the page source, and search for the term 'godaddy'.
lynx -source www.unixporn.com | grep godaddy
this will give you this line:
script language="javascript" src="https://a12.alphagodaddy.com/hosting_ads/gd01.js">

Now that was pretty easy. Lets add this to /etc/hosts.

# echo ' a12.alphagodaddy.com' >> /etc/hosts

Restart your browser, and navigate back to unixporn. Tada... the ad is gone. Lets add a site to block. I'm not a fan of social networking so this seems appropriate to me. 

# echo ' myspace.com' >> /etc/hosts
Restart the browser, and navigate to myspace. If all went well, you should get an error about not being able to load the page. Wonderful isn't it?

You can get a head start on adding lists like this to /etc/hosts by browsing through your adblock lists. The really nice thing about blocking ads/websites this way is that unlike using an adblock plugin inside a browser such as firefox or chromium, this is a system wide setting. You no longer have any need to run adblock.

Sunday, April 18, 2010

An afternoon messin with WEP

I was bored this afternoon and decided that I needed to mess around with some WEP cracking. There were quite a few APs around me that were encrypted with WEP keys. It has been a while since I broke out the massive WEP attack book and I thought today would be a good refresher.

So first things first, I checked to make sure that my hardware was setup. I've got a Hawkings Technology HWU8DD usb wireless dish. This device uses the zd1211rw drivers which do not fully support all injection attacks. However, it's more than enough for any WEP attack that I played with today. I tested to make sure the device was working by running # iwlist wlan1 scanning >> scan.log then parsed through those results and picked out the first WEP secured AP that I saw in the list. I wrote down the mac address, the channel and the ESSID of the AP. 00:00:00:00:00:00 6 Secured

I changed directories into my build folder. $ cd ~/src. Then I pulled down the latest aircrack-ng sources from SVN.
$ svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
$ cd aircrack-ng
$ make
# make install
You could also just pull aircrack-ng out of your repos.

Now I was ready to rock and roll. The first thing that I did was to get my device in monitor mode. I know that my device doesn't really have a solid monitor mode, so I have to run # airmon-ng start wlan1 to get it to listen to everything. Now I was ready to play. I fired up vim and made a bash script to spam the AP.

$ vim ~/aircrack.sh
#run as root
# run airmon-ng start $interface
# run airodump-ng in another terminal

aireplay-ng -e ${essid} -1 10 mon0 &
aireplay-ng -e ${essid} -0 50 mon0 &
aireplay-ng -e ${essid} -3 mon0 &


Changed the essid to the proper name, wrote and saved. I made a 'hack' directory $ mkdir ~/hack to dump all my packet captures into and changed directory into that directory. I fired up airodump-ng to listen to the channel of the AP and dump the IVS to a file and ran my script in another terminal.
# airodump-ng mon0 -i -w Secured -c 6
# /home/user/aircrack.sh
I watched the IVS numbers in airodump-ng climb, waited about a min, and while still attacking the AP ran # aircrack /home/user/hack/Secured*.

I really didn't need to keep running the attack, in less than a minute I had captured enough information to crack the WEP key. I went on to crack 8 more APs in about an hour. Needless to say, if you using WEP expect to be hacked. Switch to something more secure such as WPA2.