Thursday, November 30, 2006

Google hacking: maximize the effectiveness of your queries

Here's a bunch of cool stuff you can use to squeeze the most out of your Google experience (a lot of it gleaned from Google Hacks):

General queries:
  • "x y z" phrase: match the whole string as one
  • x (y OR z) boolean: match x and either y or z (same as x (y|z))
  • x -y negation: match x but not y
  • +the fuzz explicit inclusion: to prevent auto-ignore of common words (or put in quotes)
  • ~x synonyms: match x or words like x
  • x 1..100 number range: match x and any number between 1 and 100 (can also leave out one of the numbers to do a floor or ceiling)
  • for ** bell tolls full-word wildcards: match for, any 2 words, then bell and tolls
  • intitle:x search titles of web pages (use allintitle: to include all following words)
  • intext:html search only body text
  • inahchor:x search links' descriptive text
  • site:x search a certain website (does not understand subdirectories)
  • inurl:x search within urls
  • link:x return a list of pages that link to a certain page
  • cache:x return the cached copy of a page
  • filtype:x search for certain filename extensions (htm and html return different results)
  • related:x find pages related to x
  • info:x show information that Google has gathered about a page
  • phonebook:x search Google's phonebook for a certain number
  • define:x gives definitions for a word according to the web
  • movie:x search for a movie
  • music:x search for music
News:
  • source:x search for news from a specific source
  • intext:x search within text
  • intitle:x search within titles
Groups:
  • insubject:x searches posting subjects for query words
  • group:x search within a certain group
  • author:x search for posts by the author
Blogger:
  • blogurl:x searches a specific blog by its URL
  • inblogtitle:x search blogs titles
  • inposttitle:x search post titles
  • inpostauthor:x search by post author
Other things to remember/cool stuff:

Tuesday, November 21, 2006

HOWTO Sniffing AIM traffic on an open wireless network

If you are interested in seeing what people on an open wireless network are doing on AOL Instant Messanger (*ahem* I mean... for some legitimate, legal and ethical purposes, of course... *ahem*), then this will walk you through it. I'm using Ubuntu 6.06 as my OS.
  1. First, you're going to need a network traffic analyzer. Wireshark (formerly known as ethereal... Wikipedia explains the name change) is the standard for this: Enter sudo apt-get install ethereal on the command line to get it. Start it up as root (this should be an option under applications->internet).
  2. Next, change your wireless card to promiscuous mode: sudo iwconfig eth1 mode Monitor (of course, replace eth1 with whatever your wireless-enabled interface that you wish to listen on is).
  3. Click the "Show the capture options..." button in the top left corner of the ethereal GUI (it's the picture with a wrench on it). Select your wireless interface, check the promiscuous mode checkbox, and select any other options you want, but don't close the box yet.
  4. If you just ran the capture as is, you'd get all traffic on a wireless network. However, that can be a lot of stuff that you don't want. A little research on Google shows that Aim runs primarily on port 5190 and additional ports such as 13, 23, and 113. Specify that you only want to log packets that come through on these ports in the capture filter text box: tcp port 5190 or tcp port 23 or tcp port 113 or tcp port 13 (If you want other configurations, check Section 4.8 of the Wireshark User's Guide). Click the Start button to start the capture.
  5. You are now capturing any wireless packets that your interface receives. Ethereal will bring up a small dialog box showing you more detail about what's going on. Click stop to stop the capture.
  6. That's a lot of data. Use the filtering/analyzing tools that ethereal provides to help you sort out what's actually going on. One of the easiest/most useful things to do is right click on a packet of interest and select "Follow TCP Stream"... this will give you the transactions that happened between two points, perfect for reassembling an AIM conversation!

Saturday, November 04, 2006

Airsnort / WEP

Airsnort is the most widely used utility for cracking WEP. Get it on Ubuntu Dapper with sudo apt-get install airsnort. Here is a nice guide (with pictures!) to using airsnort on Linux. Airsnort uses an exploit described in this paper (postscript format) to obtain a WEP-encrypted password. Wikipedia has a more digestible summary of WEP flaws. wepcrack is another (and was the first) utility to implement the WEP exploit described above.

The way that Airsnort works is by passively monitoring all packets sent over a wireless network and then observing those packets for patterns it can exploit. The key to this is setting your wireless card to promiscuous mode: sudo iwconfig ethx mode Monitor. While you have this mode enabled, you will not be able to access the Internet.

One of the problems with monitoring traffic to crack WEP is if there is no traffic to montior in the first place! That is, the network isn't being heavily used. Solution: traffic injection. Aircrack-ng is a tool that supports this, among other things (homepage, tutorial, wikipedia page). Packet injection, however, is not a passive activity.

Books on the subject (links to Amazon.com pages):
TODO: Add sections about hidden SSIDs, MAC address filtering
http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm#_Toc77524653
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

Wednesday, November 01, 2006

Gang of Four/Design Patterns

If you're into software engineering, especially reusable object-oriented software engineering, you're a big fan of the "Gang of Four" book, "Design Patterns." Here's a quick outline of what's in it:

Creational Patterns
  • Abstract Factory: Provide an interface for creating families of related or dependent objects without specifying their concrete classes.
  • Builder: Separate the construction of a complex object from its representation so that the same construction process can create different representations.
  • Factory Method: Define an interface for creating an object, but let subclasses decide which class to instantiate. Factory Method lets a class defer instantiation to subclasses.
  • Prototype: Specify the kinds of objects to create using a prototypical instance, and create new objects by copying this prototype.
  • Singleton: Ensure a class only has one instance, and provide a global point of access to it.
Structural Patterns
  • Adapter: Convert the interface of a class into another interface clients expect. Adapter lets classes work together that couldn't otherwise because of incompatible interfaces.
  • Bridge: Decouple an abstraction from its implementation so that the two can vary independently.
  • Composite: Compose objects into tree structures to represent part-whole hierarchies. Composite lets clients treat individual objects and compositions of objects uniformly.
  • Decorator: Attach additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality.
  • Facade: Provide a unified interface to a set of interfaces in a subsystem. Facade defines a higher-level interface that makes the subsystem easier to use.
  • Flyweight: Use sharing to support large numbers of fine-grained objects efficiently.
  • Proxy: Provide a surrogate or placeholder for another object to control access to it.
Behavioral Patterns
  • Chain of Responsibility: Avoid coupling the sender of a request to its receiver by giving more than one object a chance to handle the request. Chain the receiving objects and pass the request along the chain until an object handles it.
  • Command: Encapsulate a request as an object, thereby letting you parametrize clients with different requests, queue or log requests, and support undoable operations.
  • Interpreter: Given a language, define a representation for its grammar along with an interpreter that uses the representation to interpret sentences in the language.
  • Iterator: Provide a way to access the elements of an aggregate object sequentially without exposing its underlying representation.
  • Mediator: Define an object that encapsulates how a set of objects interact. Mediator promotes loose coupling by keeping objects from referring to each other explicitly, and it lets you vary their interaction independently.
  • Memento: Without violating encapsulation, capture and externalize an object's internal state so that the object can be restored to this state later.
  • Observer: Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically.
  • State: Allow an object to alter its behavior when its internal state changes. The object will appear to change its class.
  • Strategy: Define a family of algorithms, encapsulate each one, and make them interchangeable. Strategy lets the algorithm vary independently from clients that use it.
  • Template Method: Define the skeleton of an algorithm in an operation, deferring some steps to subclasses. Template Method lets subclasses redefine certain steps of an algorithm without changing the algorithm's structure.
  • Visitor: Represent an operation to be performed on the elements of an object structure. Visitor lets you define a new operation without changing the classes of the elements on which it operates.
There's also thourough Wikipedia coverage of the topic: Design Patterns