Как настроить LAMP на Kali в изолированной сети

Discussion in 'Linux, Freebsd, *nix' started by ckpunmkug, 6 Jul 2023.

  1. ckpunmkug

    ckpunmkug Member

    Joined:
    20 Mar 2017
    Messages:
    72
    Likes Received:
    72
    Reputations:
    10
    Инструкция о том как настроить в kali: изолированную сеть и многопользовательский apache, для установки таких вещей как dvwa.

    Установим нужный софт
    Code:
    root@localhost:~# apt install apache2 libapache2-mod-php libapache2-mpm-itk mariadb-server php-mysql
    Немного настроим после установки
    diff apache2/ports.conf /etc/apache2/ports.conf
    Code:
    5c5,6
    < Listen 80
    ---
    > Listen 127.0.0.1:80
    > ServerName localhost
    Инфа по изоляции сети и стартеров для демонов
    ip-netns (8) - Process network namespace management
    systemd.service (5) - Service unit configuration
    systemd.unit (5) - Unit configuration

    Стартер для создания изолированной сети
    Code:
    user@localhost:~$ sudo screen
    root@localhost:~# cat > /lib/systemd/system/isolator.service << "EOF"
    [Unit]
    Description=Isolator
    After=network.target
    
    [Service]
    RemainAfterExit=yes
    ExecStart=/usr/bin/ip netns add isolator
    ExecStartPost=/usr/bin/ip netns exec isolator /usr/sbin/ifconfig lo up 127.0.0.1/8
    ExecStop=/usr/bin/ip netns delete isolator
    
    [Install]
    WantedBy=multi-user.target
    EOF
    Создадим запускатель программ в изоляторе
    Code:
    root@localhost:~# cat > /usr/local/sbin/in_isolator << "EOF"
    #!/bin/sh
    
    if [ -n "${1}" ] && [ -z "${2}" ]; then
        /usr/bin/ip netns exec isolator ${1}
        exit $?
    fi
    
    if [ -n "${1}" ] && [ -n "${2}" ] && [ -n "${3}" ] && [ -z "${4}" ]; then
        /usr/bin/ip netns exec isolator su -s "/bin/sh" -g "${2}" -c "${3}" "${1}"
        exit $?
    fi
    
    exit 255
    EOF
    root@localhost:~# chmod 755 /usr/local/sbin/in_isolator
    Проверим работу изолятора
    Code:
    root@localhost:~# sudo in_isolator screen
    root@localhost:~# ifconfig -a
    Настроим запуск apache2 в изоляторе
    Code:
    root@localhost:~# cat > /lib/systemd/system/apache2-isolated.service << "EOF"
    [Unit]
    Description=Apache
    After=isolator.service
    
    [Service]
    RemainAfterExit=yes
    Environment=APACHE_STARTED_BY_SYSTEMD=true
    ExecStart=/usr/bin/ip netns exec isolator /usr/sbin/apachectl start
    ExecStop=/usr/bin/ip netns exec isolator /usr/sbin/apachectl graceful-stop
    ExecReload=/usr/bin/ip netns exec isolator /usr/sbin/apachectl graceful
    
    [Install]
    WantedBy=multi-user.target
    EOF
    root@localhost:~# systemctl start apache2-isolated
    root@localhost:~# systemctl enable apache2-isolated
    Настроим запуск mariadb в изоляторе
    Code:
    root@localhost:~# cat > /lib/systemd/system/mariadb-isolated.service << "EOF"
    [Unit]
    Description=MariaDB
    After=isolator.service
    
    [Service]
    ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld
    ExecStart=/usr/bin/ip netns exec isolator su -c /usr/sbin/mariadbd -s /bin/sh -g mysql mysql
    ExecStop=/bin/sh -c "/bin/kill -SIGTERM `/bin/cat /var/run/mysqld/mysqld.pid`"
    
    [Install]
    WantedBy=multi-user.target
    EOF
    root@localhost:~# systemctl start mariadb-isolated
    root@localhost:~# systemctl enable mariadb-isolated
    Проверим работу apache2 и mariadb
    Code:
    root@localhost:~# sudo in_isolator screen
    root@localhost:~# netstat -antup
    Сделаем профиль isolator браузеру
    Code:
    user@localhost:~$ firefox --ProfileManager
    Сделаем стартер браузеру
    Code:
    root@localhost:~# cat > /usr/local/sbin/firefox-isolated << "EOF"
    /usr/local/sbin/in_isolator user users "/usr/bin/firefox -P isolator"
    EOF
    root@localhost:~# chmod 755 /usr/local/sbin/firefox-isolated
    Проверим работу браузера на localhost
    Code:
    user@localhost:~$ sudo /usr/local/sbin/firefox-isolated
    Настроим apache2
    diff old/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf
    Code:
    9a10,11
    >
    >       AssignUserID nobody nogroup
    
    diff old/apache2/apache2.conf /etc/apache2/apache2.conf
    Code:
    115,116c115,116
    < User ${APACHE_RUN_USER}
    < Group ${APACHE_RUN_GROUP}
    ---
    > #User ${APACHE_RUN_USER}
    > #Group ${APACHE_RUN_GROUP}
    
    Code:
    root@localhost:~# systemctl restart apache2-isolated
    Сделаем проверку пользователя
    Code:
    root@localhost:~# cat > /var/www/html/index.php << "EOF"
    <?php
    var_dump(['uid' => posix_getuid(), 'gid' => posix_getgid()]);
    EOF
    root@localhost:~# chown www-data:www-data /var/www/html/index.html
    root@localhost:~# chmod 640 /var/www/html/index.html
    Проверяем http://localhost/index.php и http://localhost/index.html

    Настроим папку для сайтов
    diff old/apache2/apache2.conf /etc/apache2/apache2.conf
    Code:
    176,180c176,180
    < #<Directory /srv/>
    < #     Options Indexes FollowSymLinks
    < #     AllowOverride None
    < #     Require all granted
    < #</Directory>
    ---
    > <Directory /srv/>
    >       Options Indexes FollowSymLinks
    >       AllowOverride None
    >       Require all granted
    > </Directory>
    Code:
    root@localhost:~# systemctl restart apache2-isolated
    Создадим типовой сайт
    Code:
    root@localhost:~# mkdir -m 750 -v /srv/nobody && \
    chown -v root:nogroup /srv/nobody && \
    mkdir -m 770 -v /srv/nobody/www && \
    chown -v root:nogroup /srv/nobody/www &&\
    mkdir -m 760 -v /srv/nobody/log && \
    chown -v root:nogroup /srv/nobody/log
    diff apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf
    Code:
    1c1
    < <VirtualHost *:80>
    ---
    > <VirtualHost 127.0.0.1:80>
    9c9,11
    <       #ServerName www.example.com
    ---
    >       ServerName nobody.localhost
    >
    >       AssignUserID nobody nogroup
    12c14
    <       DocumentRoot /var/www/html
    ---
    >       DocumentRoot /srv/nobody/www
    20,21c22,23
    <       ErrorLog ${APACHE_LOG_DIR}/error.log
    <       CustomLog ${APACHE_LOG_DIR}/access.log combined
    ---
    >       ErrorLog /srv/nobody/log/error.log
    >       CustomLog /srv/nobody/log/access.log combined
    28a31,33
    >
    >       php_value error_reporting "32767"
    >       php_flag display_errors on
    Code:
    root@localhost:~# systemctl restart apache2-isolated
    Настроим почту
    Code:
    root@localhost:~# mkdir /srv/mail && \
    chmod 777 /srv/mail && \
    chmod +t /srv/mail
    diff old/php/8.2/apache2/php.ini /etc/php/8.2/apache2/php.ini
    Code:
    1095c1095
    < ;sendmail_path =
    ---
    > sendmail_path = /usr/local/bin/sendmail_cap
    
    Code:
    root@localhost:~# systemctl restart apache2-isolated
    Code:
    root@localhost:~# touch /usr/local/bin/sendmail_cap && \
    chmod 755 /usr/local/bin/sendmail_cap && \
    vim /usr/local/bin/sendmail_cap
    /usr/local/bin/sendmail_cap
    Code:
    #!/usr/bin/php
    <?php
    define('MAIL_DIR_NAME', '/srv/mail');
    
    $contents = file_get_contents("php://stdin");
    if (!is_string($contents)) {
        trigger_error("can't get contents from stdin", E_USER_ERROR);
        exit(255);
    }
    
    $uid = posix_getuid();
    if (!is_int($uid)) {
        trigger_error("can't get uid", E_USER_ERROR);
        exit(255);
    }
    
    $a = posix_getpwuid($uid);
    if (!is_array($a)) {
        trigger_error("can't get info about a user by user id", E_USER_ERROR);
        exit(255);
    }
    $user_name = $a['name'];
    
    $date = date("Y.m.d-H:i.s");
    $prefix = "{$date}-{$user_name}";
    
    $string = '1234567890QWERTYUIOPASDFGHJKLZXCVBNM1234567890';
    $id = '';
    $max = strlen($string) - 1;
    for($i = 0; $i < 4; $i++) {
        $number = rand(0, $max);
        $id = $id . substr($string, $number, 1);
    }
    
    $mail_file_name = MAIL_DIR_NAME."/{$prefix}.{$id}";
    $r = file_put_contents($mail_file_name, $contents);
    if (!is_int($r)) {
        trigger_error("can't put mail content to file", E_USER_ERROR);
        exit(255);
    }
    
    $r = chmod($mail_file_name, 0400);
    if (!$r) {
        trigger_error("can't change mode to mail file", E_USER_ERROR);
        exit(255);
    }
    
    exit(0);
    Тестируем
    Code:
    user@localhost:~$ sudo -u nobody bash
    root@localhost:~# cat > /srv/nobody/www/index.php << "EOF"
    <?php
    user_error("Test error message");
    var_dump(mail('[email protected]', 'Test subject', 'Test message'));
    EOF
    Убираем тестовый сайт
    Code:
    root@localhost:~# a2dissite 000-default
    root@localhost:~# rm -r /srv/nobody
    root@localhost:~# systemctl restart apache2-isolated
    Создаём новый сайт
    Code:
    root@localhost:~# mkdir /srv/dvwa
    root@localhost:~# adduser \
        --comment "" \
        --disabled-login \
        --disabled-password \
        --firstgid 33000 \
        --firstuid 33000 \
        --home /srv/dvwa \
        --no-create-home \
        --shell /bin/false \
        dvwa
    root@localhost:~# deluser dvwa users
    Code:
    root@localhost:~# chmod 750 /srv/dvwa && \
    chown root:dvwa /srv/dvwa && \
    mkdir -m 770 /srv/dvwa/www && \
    chown root:dvwa /srv/dvwa/www &&\
    mkdir -m 760 /srv/dvwa/log && \
    chown root:dvwa /srv/dvwa/log
    Code:
    root@localhost:~# cat > /etc/apache2/sites-available/001-dvwa.conf << "EOF"
    <VirtualHost 127.0.0.1:80>
        ServerName dvwa.localhost
       
        AssignUserID dvwa dvwa
    
        ServerAdmin webmaster@localhost
        DocumentRoot /srv/dvwa/www
    
        ErrorLog /srv/dvwa/log/error.log
        CustomLog /srv/dvwa/log/access.log combined
    
        php_value error_reporting "32767"
        php_flag display_errors on
    </VirtualHost>
    EOF
    Code:
    root@localhost:~# a2ensite 001-dvwa
    root@localhost:~# systemctl restart apache2-isolated
    Code:
    root@localhost:~# \
    USER="dvwa"
    PASSWORD=`apg -a 0 -n 1 -m 6 -x 6 -M NCL`
    DATABASE="dvwa"
    
    QUERY="
    CREATE DATABASE \`${DATABASE}\`;
    CREATE USER \`${USER}\`@\`localhost\` IDENTIFIED BY '${PASSWORD}';
    GRANT ALL ON \`${DATABASE}\`.* TO \`${USER}\`@\`localhost\`;
    "
    root@localhost:~# echo "${QUERY}" | mysql -v
    
    root@localhost:~# echo "database: ${DATABASE} user: ${USER} password: ${PASSWORD}" >> /root/password
    Code:
    user@localhost:~$ sudo -u dvwa /bin/bash
    dvwa@localhost:~$ cd ~/www
    dvwa@localhost:~$ wget https://github.com/digininja/DVWA/archive/master.zip
    dvwa@localhost:~$ unzip master.zip
    dvwa@localhost:~$ mv DVWA-master/* ./
    dvwa@localhost:~$ mv DVWA-master/\.[a-z]* ./
    dvwa@localhost:~$ rmdir DVWA-master
    
    dvwa@localhost:~$ cp config/config.inc.php.dist config/config.inc.php
    dvwa@localhost:~$ vim.tiny config/config.inc.php
    dvwa@localhost:~$ exit
    Открываем в браузере http://dvwa.localhost/ и начинаем исследовать