Archive for the ‘News’ Category

Dokuwiki CSRF Add User Exploit

April 16, 2012 in Cross Site Scripting,Discovered Vulnerabilities,News,tutorial,Web Application | Comments (0)

Hi dear IRCRASH Users,

In my latest project , i analysed dokuwiki cms .

My opinion about dokuwiki , its amazing , powerful programming with secure methods . and honestly a secure wiki cms .

I find a Cross Site Scripting(XSS) Vulnerability and write a token hijacker exploit for it to add administrator users .

At last i add some references for this vulnerability :

Original Exploit : http://ircrash.com/uploads/dokuwiki.txt

Seclist maillist : http://seclists.org/bugtraq/2012/Apr/121

Securityfocus BID : http://www.securityfocus.com/bid/53041/info

Securityfocus Archive : http://www.securityfocus.com/archive/1/522392/30/0/threaded

Secunia Advisories : http://secunia.com/advisories/48848

Wikipedia Page About Cross Site Scripting : http://en.wikipedia.org/wiki/Cross-site_scripting

 

ThankYou,
Khashayar Fereidani


Backtrack 5 R2 Released !

March 4, 2012 in Hacking Tools,News,tutorial | Comments (0)

Backtrack 5 R2 Released !

new version of backtrack pentesting linux distribution released .

in this new version backtrack use 3.2 linux kernel , add some new tools ( about 40 new tools ) and better support for wireless and another drivers .

you also can download and write your own cd from :

http://www.backtrack-linux.org/downloads/

goodluck

 


How To Install OpenBSD Step By Step + KDE Desktop

September 22, 2011 in introducing,News,Security Tools,tutorial | Comments (1)

Tags: , , ,

Greet to IRCRASH Users .

Today , Lets take a look to openbsd installation .

but first a little explanation about OpenBSD :

OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995. The project is widely known for the developers’ insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt’s home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.

OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open-source BSD licence and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable

in addition about openbsd security
Only two remote holes in the default install since 1996 :O

and no need to explain its amazing .

Ok Leave this part . if you need more information you can collect information from official site or wikipedia . there are good references.

And now how install it with KDE Desktop

Please Click On More To Read Continuance

(more…)


Introducing to FreeBSD

September 15, 2011 in introducing,News,tutorial | Comments (0)

FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX (many of whose original developers became FreeBSD developers), FreeBSD’s internals and system APIs are UNIX-compliant. Thanks to its permissive licensing terms, much of FreeBSD’s code base has become an integral part of other operating systems such as Mac OS X that have subsequently been certified as UNIX-compliant and have formally received UNIX branding.With the exception of the proprietary Mac OS X, FreeBSD is the most widely used BSD-derived operating system in terms of number of installed computers, and is the most widely used freely licensed, open-source BSD distribution, accounting for more than three quarters of all installed systems running free, open-source BSD derivatives.

About FreeBSD Security I Should Say :

Freebsd is one of most secure operation systems in world . many security method used today in operation systems like linux and windows used in freebsd 10 years ago .
many big companies like yahoo , servers powered by freebsd .

Currently stable version of freebsd is 8.2 and 9.0-beta is in development . you can download your own cd or dvd from Freebsd Project Website

Freebsd like Debian distribution is server operation system and for PC usage you need to install KDE or Gnome Manually .
So if you don’t have enough skill in Unix Family console commands i suggest you to use following distributions .

 

 

Pc Distribution

Many Pc Distribution available on network but i add best of them .

1. PC-BSD

 

 

 

Initial release : 2006
Latest stable release : Ver8.2 (Based on FreeBSD 8.2)
Package manager : PBI & FreeBSD Ports/Packages
Default user interface : KDE 4.5.5
Official website : http://www.pcbsd.org

2.GhostBSD


Latest stable release : 2.0 / March 2011
Default user interface : GNOME
Latest stable release : Ver2.0 (Based on FreeBSD 8.2)
Package manager : No Information Available
Official website : http://ghostbsd.org/


Gray Hat Hacking: The Ethical Hacker’s Handbook 3rd Edition

in News | Comments (0)


Currently New version of Gray Hat Hacking Handbook Released .

its so great book with multiple hacking categories like network security , social engineering , web app security , linux and windows exploitation and etc.

you can buy this book from here :

http://www.amazon.com/Gray-Hacking-Ethical-Hackers-Handbook/dp/0071742557

or download it for test from our forums

i add writer description here :
THE LATEST STRATEGIES FOR UNCOVERING TODAY’S MOST DEVASTATING ATTACKS

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker’s Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

Develop and launch exploits using BackTrack and Metasploit
Employ physical, social engineering, and insider attack techniques
Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
Understand and prevent malicious content in Adobe, Office, and multimedia files
Detect and block client-side, Web server, VoIP, and SCADA attacks
Reverse engineer, fuzz, and decompile Windows and Linux software
Develop SQL injection, cross-site scripting, and forgery exploits
Trap malware and rootkits using honeypots and SandBoxes

Currently New version of  Gray Hat Hacking Handbook Released .

 

its so great book with multiple hacking categories like network security , social engineering , web app security , linux and windows exploitation and etc.

you can buy this book from here :

http://www.amazon.com/Gray-Hacking-Ethical-Hackers-Handbook/dp/0071742557

or download it for test from our forums

i add writer description here :

THE LATEST STRATEGIES FOR UNCOVERING TODAY’S MOST DEVASTATING ATTACKS

Thwart malicious network intrusion by using cutting-edge techniques for finding and fixing security flaws. Fully updated and expanded with nine new chapters, Gray Hat Hacking: The Ethical Hacker’s Handbook, Third Edition details the most recent vulnerabilities and remedies along with legal disclosure methods. Learn from the experts how hackers target systems, defeat production schemes, write malicious code, and exploit flaws in Windows and Linux systems. Malware analysis, penetration testing, SCADA, VoIP, and Web security are also covered in this comprehensive resource.

 

  • Develop and launch exploits using BackTrack and Metasploit
  • Employ physical, social engineering, and insider attack techniques
  • Build Perl, Python, and Ruby scripts that initiate stack buffer overflows
  • Understand and prevent malicious content in Adobe, Office, and multimedia files
  • Detect and block client-side, Web server, VoIP, and SCADA attacks
  • Reverse engineer, fuzz, and decompile Windows and Linux software
  • Develop SQL injection, cross-site scripting, and forgery exploits
  • Trap malware and rootkits using honeypots and SandBoxes

iPhone/iPad Phone Drive 1.1.1 Directory Traversal

August 9, 2011 in News | Comments (0)

our team discovered a new vulnerability on IOS app Phone Drive 1.1.1

type of vulnerability is web server directory traversal .

we use ..%2f to change local directory and read some valuable files like address book and passwd .

exploit-db : http://www.exploit-db.com/exploits/17645/


IRCRASH Bugtraq

May 29, 2011 in News | Comments (1)

Hi Dear Friend .

yesterday i start programming our bugtraq center .

today its available on http://ircrash.com/bugtraq

you can send your reviews and comments for me as comment for this post .

Thank you .


BackTrack 5 Released! May 10th, 2011

May 10, 2011 in News | Comments (0)

Hi My Friends ,

today i want suggest you to use a one of best Multiple Security Tools in the world .

BackTrack is a Live Linux by offensive-security team , it designed for penetration testing and security uses.

its include more than 300 security and hacking tools .

for download you can use this ways (torrent or direct link)  :  http://www.backtrack-linux.org/downloads/



IRCRASH Online Again !

May 1, 2011 in News | Comments (0)

Hey Guys . I’m Khashayar Fereidani , Founder of IRCRASH .
I’m happy to have another chance to see you in our website

After a few delays, we’ve decided to back in our community so-called Ircrash

IRCRASH is now coming up with new server to help security community
With new contents, tutorials & English part of forum .
New advisories & programs will coming soon !
I wish people’s supporting for making new powerful contents .

In addition and according to our policies, we’re looking for skilfull security researchers in field of network , Web and operating system, if you’re interested in joining our official community, please choose contact us menu & send your request with your resume as attachment
Thank you,
Kind regards,
Khashayar.f – IRCRASH CEO

Special Tnx : Arash Allebrahim