Archive for the ‘tutorial’ Category

Dokuwiki CSRF Add User Exploit

April 16, 2012 in Cross Site Scripting,Discovered Vulnerabilities,News,tutorial,Web Application | Comments (0)

Hi dear IRCRASH Users,

In my latest project , i analysed dokuwiki cms .

My opinion about dokuwiki , its amazing , powerful programming with secure methods . and honestly a secure wiki cms .

I find a Cross Site Scripting(XSS) Vulnerability and write a token hijacker exploit for it to add administrator users .

At last i add some references for this vulnerability :

Original Exploit : http://ircrash.com/uploads/dokuwiki.txt

Seclist maillist : http://seclists.org/bugtraq/2012/Apr/121

Securityfocus BID : http://www.securityfocus.com/bid/53041/info

Securityfocus Archive : http://www.securityfocus.com/archive/1/522392/30/0/threaded

Secunia Advisories : http://secunia.com/advisories/48848

Wikipedia Page About Cross Site Scripting : http://en.wikipedia.org/wiki/Cross-site_scripting

 

ThankYou,
Khashayar Fereidani


Backtrack 5 R2 Released !

March 4, 2012 in Hacking Tools,News,tutorial | Comments (0)

Backtrack 5 R2 Released !

new version of backtrack pentesting linux distribution released .

in this new version backtrack use 3.2 linux kernel , add some new tools ( about 40 new tools ) and better support for wireless and another drivers .

you also can download and write your own cd from :

http://www.backtrack-linux.org/downloads/

goodluck

 


How To Install OpenBSD Step By Step + KDE Desktop

September 22, 2011 in introducing,News,Security Tools,tutorial | Comments (1)

Tags: , , ,

Greet to IRCRASH Users .

Today , Lets take a look to openbsd installation .

but first a little explanation about OpenBSD :

OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995. The project is widely known for the developers’ insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt’s home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.

OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open-source BSD licence and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable

in addition about openbsd security
Only two remote holes in the default install since 1996 :O

and no need to explain its amazing .

Ok Leave this part . if you need more information you can collect information from official site or wikipedia . there are good references.

And now how install it with KDE Desktop

Please Click On More To Read Continuance

(more…)


Introducing to FreeBSD

September 15, 2011 in introducing,News,tutorial | Comments (0)

FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX (many of whose original developers became FreeBSD developers), FreeBSD’s internals and system APIs are UNIX-compliant. Thanks to its permissive licensing terms, much of FreeBSD’s code base has become an integral part of other operating systems such as Mac OS X that have subsequently been certified as UNIX-compliant and have formally received UNIX branding.With the exception of the proprietary Mac OS X, FreeBSD is the most widely used BSD-derived operating system in terms of number of installed computers, and is the most widely used freely licensed, open-source BSD distribution, accounting for more than three quarters of all installed systems running free, open-source BSD derivatives.

About FreeBSD Security I Should Say :

Freebsd is one of most secure operation systems in world . many security method used today in operation systems like linux and windows used in freebsd 10 years ago .
many big companies like yahoo , servers powered by freebsd .

Currently stable version of freebsd is 8.2 and 9.0-beta is in development . you can download your own cd or dvd from Freebsd Project Website

Freebsd like Debian distribution is server operation system and for PC usage you need to install KDE or Gnome Manually .
So if you don’t have enough skill in Unix Family console commands i suggest you to use following distributions .

 

 

Pc Distribution

Many Pc Distribution available on network but i add best of them .

1. PC-BSD

 

 

 

Initial release : 2006
Latest stable release : Ver8.2 (Based on FreeBSD 8.2)
Package manager : PBI & FreeBSD Ports/Packages
Default user interface : KDE 4.5.5
Official website : http://www.pcbsd.org

2.GhostBSD


Latest stable release : 2.0 / March 2011
Default user interface : GNOME
Latest stable release : Ver2.0 (Based on FreeBSD 8.2)
Package manager : No Information Available
Official website : http://ghostbsd.org/