Hi dear IRCRASH Users,
In my latest project , i analysed dokuwiki cms .
My opinion about dokuwiki , its amazing , powerful programming with secure methods . and honestly a secure wiki cms .
I find a Cross Site Scripting(XSS) Vulnerability and write a token hijacker exploit for it to add administrator users .
At last i add some references for this vulnerability :
Original Exploit : http://ircrash.com/uploads/dokuwiki.txt
Seclist maillist : http://seclists.org/bugtraq/2012/Apr/121
Securityfocus BID : http://www.securityfocus.com/bid/53041/info
Securityfocus Archive : http://www.securityfocus.com/archive/1/522392/30/0/threaded
Secunia Advisories : http://secunia.com/advisories/48848
Wikipedia Page About Cross Site Scripting : http://en.wikipedia.org/wiki/Cross-site_scripting
Backtrack 5 R2 Released !
new version of backtrack pentesting linux distribution released .
in this new version backtrack use 3.2 linux kernel , add some new tools ( about 40 new tools ) and better support for wireless and another drivers .
you also can download and write your own cd from :
Greet to IRCRASH Users .
Today , Lets take a look to openbsd installation .
but first a little explanation about OpenBSD :
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995. The project is widely known for the developers’ insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt’s home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.
OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open-source BSD licence and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable
in addition about openbsd security
Only two remote holes in the default install since 1996 :O
and no need to explain its amazing .
Ok Leave this part . if you need more information you can collect information from official site or wikipedia . there are good references.
And now how install it with KDE Desktop
Please Click On More To Read Continuance
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX (many of whose original developers became FreeBSD developers), FreeBSD’s internals and system APIs are UNIX-compliant. Thanks to its permissive licensing terms, much of FreeBSD’s code base has become an integral part of other operating systems such as Mac OS X that have subsequently been certified as UNIX-compliant and have formally received UNIX branding.With the exception of the proprietary Mac OS X, FreeBSD is the most widely used BSD-derived operating system in terms of number of installed computers, and is the most widely used freely licensed, open-source BSD distribution, accounting for more than three quarters of all installed systems running free, open-source BSD derivatives.
About FreeBSD Security I Should Say :
Freebsd is one of most secure operation systems in world . many security method used today in operation systems like linux and windows used in freebsd 10 years ago .
many big companies like yahoo , servers powered by freebsd .
Currently stable version of freebsd is 8.2 and 9.0-beta is in development . you can download your own cd or dvd from Freebsd Project Website
Freebsd like Debian distribution is server operation system and for PC usage you need to install KDE or Gnome Manually .
So if you don’t have enough skill in Unix Family console commands i suggest you to use following distributions .
Many Pc Distribution available on network but i add best of them .
Initial release : 2006
Latest stable release : Ver8.2 (Based on FreeBSD 8.2)
Package manager : PBI & FreeBSD Ports/Packages
Default user interface : KDE 4.5.5
Official website : http://www.pcbsd.org
Latest stable release : 2.0 / March 2011
Default user interface : GNOME
Latest stable release : Ver2.0 (Based on FreeBSD 8.2)
Package manager : No Information Available
Official website : http://ghostbsd.org/