I resurrected my old FreeBSD server with a new hard drive and power supply the other day. Because I only have a 2 port KVM, I decided to setup a serial console connection to my primary desktop. I've used systems on a serial connection several times, but I've never actually setup a BSD server to use one before though. Turns out this was a very simple setup.
Track down a null modem cable with female connections at either end. Hook it up to your terminal server and your target machine at the available serial ports. Then do the following.
- To see all boot messages on the serial console, issue the following command while logged in as the superuser: # echo 'console="comconsole"' >> /boot/loader.conf
- Edit /etc/ttys and change off to on and dialup to vt100 for the ttyd0 entry. Otherwise a password will not be required to connect via the serial console, resulting in a potential security hole.
- Reboot and check your results.
These steps are straight from the FreeBSD handbook.I followed them as written and had console through HyperTerminal. Now I just need to get a different terminal app, since I hate HyperTerminal so bad.
Recently I was attempting verify some web application security issues reported by one of our vendors. Their report was fairly useless, since it complained about a couple of pages, but gave no information about how to duplicate the results. After manually trying reproduce the flaw for a while, I threw in the towel and started hunting around for a free XSS scanner.
I ran into a tool called SpringenWerk and decided to play around with it. It only took a couple of minutes to set up. I did some quick reading on how to use the tool and fired it off at the suspect page. The script ran for a little while and then exited out. Final score? Two XSS vulnerabilites, neither of which were found by the previously mentioned vendor. So I got curious and fired the script off at an HTTPS URL to see how it handled SSL. No problems at all. It negotiated the connection and did its testing from there. A very nice tool and was useful for me when I was stuck. You can take a loot at it at http://springenwerk.org/.
I never did find the issues the vendor reported and they said it was probably a false positive. Maybe, maybe not. I asked for the actual attack strings that they used, but so far they have not been able to produce them. Suspect...
