Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab

Tag: pastebin

How to Install PrivateBin on Debian 9.

Posted on February 20, 2019 - February 21, 2019 by nxnjz

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Debian 9 system.

Prerequisites

  • A Debian 9 server.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.

apt update
apt upgrade -y
apt install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

apt update
apt install -y apache2 php php-xml php-mbstring php-mysql php-json php-pdo

Make sure Apache is enabled and running:

systemctl enable --now apache2.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/apache2/sites-available/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
ServerName YOUR_SERVER_IP
DocumentRoot /var/www/html/PrivateBin/
ErrorLog ${APACHE_LOG_DIR}/privatebin-error.log
CustomLog ${APACHE_LOG_DIR}/privatebin-access.log combined
<Directory /var/www/html/PrivateBin>
AllowOverride All
</Directory>
</VirtualHost>

Save, exit, and enable this virtual host:

a2ensite privatebin.conf

Reload the configuration:

systemctl reload apache2.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R www-data:www-data PrivateBin/

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

apt install -y mariadb-server mariadb-client

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Restart apache:

systemctl restart apache2.service

And done.

Implementing HTTPS is recommended but beyond the scope of this article. You can obtain and install a certificate, for free, using certbot.

Posted in LinuxTagged debian, linux, pastebin, privatebin3 Comments

How to Install PrivateBin on Fedora 29.

Posted on February 12, 2019 - February 20, 2019 by nxnjz

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Fedora 29 system.

Prerequisites

  • A Fedora 29 system obviously.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.


dnf update
dnf install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

dnf install -y httpd php php-common php-xml php-mbstring \
php-mysqlnd php-pdo php-mcrypt php-json

Make sure Apache is enabled and running:

systemctl enable --now httpd.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/httpd/conf.d/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName YOUR_SERVER_IP
    DocumentRoot /var/www/html/PrivateBin/
    ErrorLog /var/log/httpd/privatebin-error.log
    CustomLog /var/log/httpd/privatebin-access.log combined
    <Directory /var/www/html/PrivateBin>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Reload the configuration:

systemctl reload httpd.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R apache:apache PrivateBin/

Configure firewalld to allow HTTP traffic:


firewall-cmd --add-service http --permanent
firewall-cmd --reload

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you encounter server-side errors during PrivateBin usage, SELinux is the likely culprit. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

dnf install -y mariadb-server mariadb 

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"    ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true      ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_"    ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true      ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Restart apache:

systemctl restart httpd.service

PrivateBin will now store pasted data in its MySQL database.

Posted in LinuxTagged linux, pastebin, privatebinLeave a comment

Recent Posts

  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP
  • How to Install qdPM 9.1 on CentOS 7.

Tags

802.11 apache asp aspx backdoor capture the flag centos crm ctf debian exploits fingerprinting getcap hashes ifconfig information gathering iw iwconfig linux mariadb md5 nginx nmap password pastebin php practice privatebin privesc project management recon reconnoitre scanning shell sqli ssh txpower ubuntu wallabag web webshells wifi wireless xml xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Creating your own Postmill installation with Ubuntu 19.10 – Digital 52 on How to Install Postmill on Ubuntu 18.04 LTS with Apache or Nginx
  • Zer00CooL on How to Install PrivateBin on Debian 9.
  • nxnjz on How to Install SuiteCRM on Debian 10 Buster
  • matt ferraro on Installing Ampache on CentOS 7.
  • Pavel on How to Install SuiteCRM on Debian 10 Buster