Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: php

How to Install VtigerCRM on Debian 10 Buster

Posted on September 22, 2019 - September 23, 2019 by nxnjz

Vtiger CRM is a popular Customer Relationship Management web application which can help enterprises grow sales, deliver customer service, and increase profits. This article will guide you through the installation of Vtiger open source edition on a Debian 10 system with the Apache web server, MariaDB, and PHP.

Prerequisites

  • A newly deployed Debian 10 instance (4GB+ of memory recommended)
  • Root access to your server, via SSH or console.
  • A domain name pointing to your Vultr IP address. crm.example.net will be used as an example.

Installation

Step 1: Update the system.

First, update your system:

apt update
apt upgrade -y

Once that is done, reboot and login again:

reboot

Step 2: Setup a swap file (optional)

If your system has less than 4GB of memory, you can setup a virtual memory file to potentially improve performance. The following commands will create a 4GB swap file, instruct the system to use it as swap space, and create a corresponding entry in /etc/fstab for automatic mounting at boot.

dd if=/dev/zero of=/swapfile bs=1k count=4M
chmod 0600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab

Step 3: Install Apache, PHP and MariaDB.

Use the following command to install the needed packages and tools:

apt install -y apache2 libapache2-mod-php mariadb-server mariadb-client php-imap php-curl php-xml php php-common php-mysql unzip

Once the installation is complete, make sure that the Apache and MariaDB services are enabled and running:

systemctl enable --now apache2.service mariadb.service

Step 4: Configure PHP.

Using a text editor of your choice, open the file /etc/php/7.3/apache2/php.ini and make the following changes:

memory_limit = 512M
max_execution_time = 240
error_reporting = E_WARNING & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
display_errors = On
log_errors = Off

Step 5: Setup MariaDB.

We’ll start by securing our MariaDB installation using the command:

mysql_secure_installation

Answer all of the questions as shown below and be sure to choose a strong password for the root user:

Enter current password for root: Press :key_enter:
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

We’ll now create a database and a MariaDB user, both of which will be dedicated to the Vtiger web application. Login to the MySQL CLI (mysql -u root -p) and use the following commands:

CREATE DATABASE vtigercrm;
CREATE USER 'vtigercrm'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON vtigercrm.* TO 'vtigercrm'@'localhost';
QUIT;

Next, open the file /etc/mysql/my.cnf in a text editor and add the following lines:

[mysqld]
sql_mode = ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Save the changes and restart MariaDB:

systemctl restart mariadb.service

Step 6: Download Vtiger CRM:

Go to the Vtiger download page and click “Download Open Source”, then copy the download link for the latest stable TAR.GZ version, and download it on your server:

cd /tmp
wget -O vtiger.tgz DOWNLOAD_LINK

For example:

wget -O vtiger.tgz https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/vtigercrm7.1.0.tar.gz/

Go back to the download page and copy the download link for any corresponding hotfix package, and download it as well:

wget -O hotfix.zip https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix2.zip/download

Now unpack and move the directory to the web root:

tar -xzf vtiger.tgz
rm vtiger.tgz
mv vtigercrm/ /var/www/

Apply the hotfix:

unzip -o -f -d /var/www/vtigercrm hotfix.zip
rm hotfix.zip

Since write permissions are needed, we’ll give the apache process user ownership of the directory:

chown -R www-data:www-data /var/www/vtigercrm

Due do what appears to be a minor bug in the open source version of Vtiger, it will incorrectly report the PHP error_reporting directive as NOT RECOMMENDED. To resolve this, open the file /var/www/vtigercrm/modules/Install/views/Index.php in a text editor such as vim or nano, and find the following line (32):

version_compare(PHP_VERSION, '5.5.0') <= 0 ? error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED) : error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT);

Replace it with:

version_compare(PHP_VERSION, '5.5.0') <= 0 ? error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED) : error_reporting(~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & E_WARNING);

Step 7: Apache configuration.

Before configuring Apache, let’s obtain an SSL certificate from “Let’s Encrypt” using certbot:

apt install -y certbot
certbot certonly --webroot --agree-tos -m youremail@domain.tld -d crm.example.net

When prompted to input the webroot for your domain, type in /var/www/html. Certbot will verify that you own your domain and that it correctly resolves to your server’s IP address before creating and saving your certificate and key file.

To keep things organized, create two configurations files for your VtigerCRM instance, vtigercrm80.conf and vtigercrm443.conf for HTTP and HTTPS, respectively. Both files should be created in /etc/apache2/sites-available.

nano /etc/apache2/sites-available/vtigercrm80.conf

And paste the following, which will instruct Apache to redirect all incoming HTTP requests to HTTPS :

<VirtualHost *:80>

  DocumentRoot /var/www/vtigercrm
  ServerName crm.example.net

  ErrorLog /var/log/apache2/vtigercrm-error.log
  CustomLog /var/log/apache2/vtigercrm-access.log common

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =crm.example.net
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

</VirtualHost>

For the HTTPS version:

nano /etc/apache2/sites-available/vtigercrm443.conf

Below is a sensible configuration that you can tweak if you have more specific needs:

<VirtualHost *:443> 

  DocumentRoot /var/www/vtigercrm
  ServerName crm.example.net

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/crm.example.net/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/crm.example.net/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder on
  SSLCompression off
  SSLOptions +StrictRequire

  <Directory /var/www/vtigercrm>
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  ErrorLog /var/log/apache2/vtigercrm-error.log
  CustomLog /var/log/apache2/vtigercrm-access.log common

</VirtualHost>

Enable both virtual host files:

a2ensite vtigercrm80.conf
a2ensite vtigercrm443.conf

And enable the rewrite and SSL apache modules:

a2enmod rewrite
a2enmod ssl

Finally, restart the apache service to apply changes:

systemctl restart apache2.service

Step 8: Web Installation Wizard

Navigate to https://crm.example.net/, you’ll be greeted with the installation wizard. Click “Install” to begin, and follow these steps:

1. First, you’ll have to agree to the Vtiger Public License before proceeding.

2. The wizard will check your PHP configuration. All tests should pass if you followed this guide. Click “Next”

3. You’ll be asked to enter your database information:

  • Host Name: localhost
  • User Name: vtigercrm
  • Password: The password you chose during user creation in the MySQL console.
  • Database Name: vtigercrm
  • Create new database: Yes. (Check the checkbox. Even though we already create a database, this currently is required in order for the installer to create all tables.)
  • Root User Name: vtigercrm
  • Root Password: The password you chose during user (vtigercrm) creation in the MySQL console. Do not enter the password for the root user.

The system information and admin user information forms should be filled according to your requirements.

4. Confirm your configuration and proceed.

5. Specify your industry and click “Next”. The wizard will begin the setup process, which may take some time.

6. Select the features you’d like to enable. The installation process is now complete.

Further Reading

  • Vtiger Documentation
  • SuiteCRM Installation guide
Posted in LinuxTagged apache, crm, linux, mariadb, php2 Comments

How to Install PmWiki on Debian 10 / Nginx / PHP-FPM

Posted on September 19, 2019 - September 20, 2019 by nxnjz

Introduction

PmWiki is an open-source wiki-based content management system built in PHP that was started in 2002, and is designed for collaborative creation and maintenance of websites. It allows quick editing as well as appearance changes using skins and templates. PmWiki also provides flexible password-based access control. This guide will explain the installation of PmWiki on a Debian 10 system with Nginx and PHP-FPM.

Prerequisites

  • A Debian 10 system.
  • Root user access to your server via SSH.
  • Optional: A registered domain name and valid SSL certificate.

NOTE: All occurences of example.com should be replaced with your IP address or with a domain name pointing to that IP.

Installation

Step 1: Update your system

Update your system packages:

apt update 
apt upgrade -y
reboot

Step 2: Install Nginx and PHP

apt install -y nginx php7.3-fpm

Verify that PHP-FPM and the Nginx server are enabled and running:

systemctl enable --now nginx.service php7.3-fpm.service

Step 3: Download and unpack PmWiki

You can download the latest stable release of PmWiki with the following command:

wget http://www.pmwiki.org/pub/pmwiki/pmwiki-latest.tgz

Then unpack the tar archive:

tar -xzf pmwiki-latest.tgz
rm pmwiki-latest.tgz

Now move the pmwiki directory to /var/www/html:

mv pmwiki*/ /var/www/html/pmwiki

Step 4: Nginx configuration:

Create a new virtual host file pmwiki80.conf under /etc/nginx/sites-available/ using a text editor of your choice, such as vim or nano, and paste the following configuration (replace example.com with the IP address of your server, or with your domain name if you’re using one):

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    root /var/www/html/pmwiki;
index index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }
}

Note that this is a very basic Nginx configuration file, further configuration may be necessary depending on your specific requirements.
Save and close the file, then create a symbolic link pointing to it in the sites-enabled directory:

ln -s /etc/nginx/sites-available/pmwiki80.conf /etc/nginx/sites-enabled/

You can now reload the Nginx service to apply those changes:

systemctl reload nginx.service

Step 5: PmWiki Installation

PmWiki needs to have write access in a wiki.d directory:

cd /var/www/html/pmwiki
mkdir wiki.d
chown www-data:www-data wiki.d

Since there is no index.php file by default, we will create it:

echo "<?php include_once('pmwiki.php');" > /var/www/html/pmwiki/index.php

Using a web browser, nagivate to http://example.com/. You should see the default PmWiki homepage if you followed the previous steps correctly. We’ll now customize the installation:

Make sure your current working directory is /var/www/html/pmwiki and copy the sample configuration file for editing:

cd /var/www/html/pmwiki
cp docs/sample-config.php local/config.php
vim local/config.php

We’ll now make the following changes:

  • $WikiTitle = 'Pmwiki'; to $WikiTitle = 'YourWikiTitle';
  • #$ScriptUrl = 'http://example.com/pmwiki/pmwiki.php'; to $ScriptUrl = 'http://example.com/';
  • #$PubDirUrl = 'http://example.com/pmwiki/pub'; to $PubDirUrl = 'http://example.com/pub';
  • Uncomment the following line: #$PageLogoUrl = "$PubDirUrl/skins/pmwiki/pmwiki-32.gif"; and optionally enter the path to a custom logo of your own.
  • # $DefaultPasswords['admin'] = pmcrypt('secret'); to $DefaultPasswords['admin'] = pmcrypt('StrongPasswordHere'); (This sets a site-wide default administrative password).
  • Optional: If you want to allow browser caching, uncomment the following line: # $EnableIMSCaching = 1;.

The other default parameters and values should be reviewed and modified according to your specific needs. Also, all URL schemas should be changed to https:// if you choose to use HTTPS.

Step 6: Nginx HTTPS config

Assuming you have a domain name and a corresponding SSL certificate, you can setup HTTPS:

First create a new configuration file with a text editor of your choice:

vim /etc/nginx/sites-available/pmwiki443.conf

Paste or type the following:

server {
    listen 443;
    listen [::]:443;
    server_name 192.168.2.28;
    root /var/www/html/pmwiki;
    index index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;

    }

    ssl on;
    ssl_certificate /path/to/your/cert.pem;
    ssl_certificate_key /path/to/your/key.pem;
}

Enable it and reload the nginx service to apply these changes:

ln -s /etc/nginx/sites-available/pmwiki443.conf /etc/nginx/sites-enabled/
systemctl reload nginx.service

The HTTPS version of your site is now ready. If you wish to permanently redirect all traffic to the secure version, open /etc/nginx/sites-available/pmwiki80.conf in a text editor and add the following line after the server_name directive:

return 301 https://example.com$request_uri

Save and exit, then reload Nginx again:

systemctl reload nginx.service

Finally, re-edit /var/www/html/pmwiki/local/config.php and change the URL schema in all applicable values from http to https.

You should now be able to access PmWiki at https://example.com/.

Further Reading

You can read PmWiki’s documentation on your own instance once you complete the installation. Access it at https://example.com/?n=PmWiki.DocumentationIndex.

PmWiki’s official website is located at www.pmwiki.org.

Posted in LinuxTagged cms, debian, linux, nginx, php1 Comment

How to Install Wallabag on Fedora 29.

Posted on February 12, 2019 - February 20, 2019 by nxnjz

Introduction

Wallabag is a self-hosted PHP web application allowing you to save web pages for later reading. It extracts content so that you can read it when you have time. This article will explain the installation of Wallabag on a Fedora 29 system.

Prerequisites

  • Something running Fedora 29.
  • Root access to your system (via a user with sudo privileges.)
  • A web server with PHP 7 (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

Update your system:

sudo dnf update -y

Installing a web server stack:

We will be using Apache with PHP, and MariaDB for the database. Execute the following to install the required packages:

sudo dnf install -y httpd php php-common php-xml \
php-json php-curl php-zip php-mbstring php-mysqlnd \
php-pdo php-gd php-tidy php-bcmath mariadb-server mariadb

Make sure Apache and MariaDB are enabled and running:

sudo systemctl enable --now httpd.service mariadb.service

Install miscellaneous packages.

sudo dnf install -y git make composer unzip policycoreutils-python-utils

Git will be used to download Wallabag from its github repository and the make command, along with composer to complete the installation of Wallabag. The policy utilities package is needed for optional SELinux configuration (instructions below)

Configuring Apache

Using a text editor of your choice, create a new Apache configuration file. For instance:

sudo vim /etc/httpd/conf.d/wallabag.conf

Populate it with the following (insert your Vultr IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName IP_or_DOMAIN_NAME 
    DocumentRoot /var/www/wallabag/web
    <Directory /var/www/wallabag/web>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        <IfModule mod_rewrite.c>
            Options -MultiViews
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
    </Directory>
 <Directory /var/www/wallabag/web/bundles>
        <IfModule mod_rewrite.c>
            RewriteEngine Off
        </IfModule>
    </Directory>
    ErrorLog /var/log/httpd/wallabag_error.log
    CustomLog /var/log/httpd/wallabag_access.log combined
</VirtualHost>

Save and exit.

Reload Apache configuration to apply changes:

sudo systemctl reload httpd.service

Configuring MariaDB

Start by securing your MySQL installation with this command:

sudo mysql_secure_installation

Answer the questions as shown:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for Wallabag:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wallabag; 
MariaDB [(none)]> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'wallabagpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace wallabagpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Installing Wallabag

Since Wallabag is hosted on github, we’ll clone the repository locally:

cd /var/www/
sudo git clone https://github.com/wallabag/wallabag.git

And transfer ownership to the apache user:

sudo chown -R apache:apache /var/www/wallabag

It is not recommended to run the installation scripts as root, so we will use the apache user:

sudo -u apache /bin/bash
cd /var/www/wallabag/
make install

You will be asked several questions regarding desired configuration:

database_driver (pdo_mysql): pdo_mysql
database_driver_class (null): Press Enter
database_host (127.0.0.1): 127.0.0.1
database_port (null): 3306
database_name (wallabag): wallabag
database_user (root): wallabaguser
database_password (null): wallabagpassword
database_path (null): Press Enter
database_table_prefix (wallabag_): Prefix of your choice or Press Enter for the default.
database_socket (null): Press Enter
database_charset (utf8mb4): Press Enter
domain_name ('https://your-wallabag-url-instance.com'): http://IP_or_DOMAIN_NAME

Choose the default (press Enter) for the remaining questions, then exit back to your own user shell session: exit

Security configuration:

SELinux (Security-Enhanced Linux) will interfere with the wallabag application. To disable it, open the file /etc/sysconfig/selinux and replace SELINUX=enforcing with SELINUX=disabled. Reboot to apply changes. If you do not wish to disable SELinux entirely, follow the instrucions below to configure SELinux contexts for web directories.

Five labels are required:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/wallabag(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wallabag/data(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wallabag/var(/.*)?"  
sudo semanage fcontext -a -t httpd_log_t "/var/www/wallabag/var/logs(/.*)?"  
sudo semanage fcontext -a -t httpd_cache_t "/var/www/wallabag/var/cache(/.*)"

And apply changes with:

sudo restorecon -R /var/www/wallabag

And set the following SELinux booleans to true:

sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect_db 1

Finally, enable HTTP traffic through the firewall:

sudo firewall-cmd --add-service http --permanent
sudo firewall-cmd --reload

You should now be able to access Wallabag on http://IP_or_DOMAIN_NAME. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you’d like to host your own music streaming server, check out these guides.

Posted in LinuxTagged apache, fedora, linux, mariadb, php, wallabagLeave a comment

WebShells

Posted on June 20, 2018 - August 20, 2018 by nxnjz

Basics

If you don’t understand what a shell is, click here.

A webshell is usually a web page that allows the user Operating System control, usually via a command line.

Many webshells also provide a graphical interface for ease of use.

You should only use a webshell when more conventional access, like SSH or the almost obsolete Telnet, is not available.

Some may work better than others, some may not work at all depending on the security measures employed by the target.

Watch out for webshells that are backdoored. While webshells are usually considered backdoors themselves, many of them will “phone home”, letting someone (whoever put the backdoor in place, usually the developer) know that they have been executed. That person may then use the backdoor themself for nefarious purposes.  So make sure you look at the code before using a webshell, or look at HTTP traffic generated upon execution of the file. The latter will not necessarily show the existence of the backdoor in your shell. The files listed below are from reputable sources only, so you may trust them.

 

WebShells

 

    • Laudanum at github: A collection of webshells in different languages.
    • Antak PowerShell Aspx: Simple and works very well.
    • WeBaCoo: Perl script for generating php backdoors, also allows to connect to a backdoor from your terminal for terminal-like access.
    • Weevely:  Powerful python script for generating backdoors, connecting to them, and running different modules to help with many tasks.

 

 

Posted in Web-ShellsTagged asp, aspx, backdoor, php, shell, web, webshellsLeave a comment

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.