Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- echo "============================================"
- echo "Initial setup..."
- echo "============================================"
- set -e
- set -o pipefail
- export DEBIAN_FRONTEND=noninteractive
- apt-get -y update
- apt-get -y upgrade
- apt-get install -y -q vsftpd ftp sudo wordpress curl default-mysql-server apache2
- echo "root:6n4nC-j_@Txb6k*A" | /usr/sbin/chpasswd
- echo "baldur:mjolnir" | /usr/sbin/chpasswd
- echo "============================================"
- echo "Setting up FTP..."
- echo "============================================"
- mkdir -p /home/baldur/Uploads
- touch /home/baldur/Uploads/todo.txt
- echo "list of things i need to do for the new blog:" > /home/baldur/Uploads/todo.txt
- echo "- laura told me there was a vulnerability and i might get hacked? haha as if anyone is going to hack a blog about nordic mythology" >> /home/baldur/Uploads/todo.txt
- echo "- get snorri sturluson biography from library, write review" >> /home/baldur/Uploads/todo.txt
- echo "- find some cool nordic mythology fan theories to write about" >> /home/baldur/Uploads/todo.txt
- echo "- the nordic name for the world tree might not have been the most creative name for the blog. might try and think of a new one" >> /home/baldur/Uploads/todo.txt
- sed -i "s/anonymous_enable=NO/anonymous_enable=YES/g" /etc/vsftpd.conf
- sed -i "s/local_enable=YES/local_enable=NO/g" /etc/vsftpd.conf
- sed -i "/^local_root=/d" /etc/vsftpd.conf
- # make sure that this does not add any trailing spaces
- echo "chroot_local_user=YES" >> /etc/vsftpd.conf
- echo "anon_root=/home/baldur/Uploads" >> /etc/vsftpd.conf
- systemctl restart vsftpd
- echo "FTP successfully set up!"
- echo "============================================"
- echo "Setting up Wordpress..."
- echo "============================================"
- curl https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /tmp/wp-cli.phar
- chmod +x /tmp/wp-cli.phar
- mv /tmp/wp-cli.phar /usr/local/bin/wp
- /usr/local/bin/wp cli update
- mkdir -p /var/www/yggdrasil
- chmod 777 /var/www/yggdrasil
- su baldur -c 'wp core download --path=/var/www/yggdrasil'
- mysql -u root -p6n4nC-j_@Txb6k*A -e "CREATE USER wordpress@localhost;"
- mysql -u root -p6n4nC-j_@Txb6k*A -e "SET PASSWORD FOR wordpress@localhost= PASSWORD('JXakuf5DzA3q7nnj');"
- mysql -u root -p6n4nC-j_@Txb6k*A -e "CREATE DATABASE wordpress character set utf8 collate utf8_bin;"
- mysql -u root -p6n4nC-j_@Txb6k*A -e "GRANT ALL PRIVILEGES ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'JXakuf5DzA3q7nnj';"
- mysql -u root -p6n4nC-j_@Txb6k*A -e "FLUSH PRIVILEGES;"
- sed -i 's/DocumentRoot \/var\/www\/html/DocumentRoot \/var\/www/g' /etc/apache2/sites-enabled/000-default.conf
- sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/g" /etc/apache2/apache2.conf
- sudo -u baldur -i -- wp config create --dbname=wordpress --dbuser=wordpress --dbpass=JXakuf5DzA3q7nnj --path=/var/www/yggdrasil
- IP=$(ip a|grep 'inet'|grep -v '127.0.0.1'|cut -d: -f2|awk '{print $2}'|cut -d/ -f1|tr -d '[:space:]')
- sudo -u baldur -i -- wp core install --title=Yggdrasil --admin_user=wordpress --admin_password=JXakuf5DzA3q7nnj --admin_email=wordpress@freya.com --url="http://${IP}/yggdrasil" --path=/var/www/yggdrasil
- sudo -u baldur -i -- wp option update home "http://${IP}/yggdrasil" --path=/var/www/yggdrasil
- sudo -u baldur -i -- wp theme activate twentyseventeen --path=/var/www/yggdrasil
- # irgendwie 'norse ipsum' mit einbinden(oder nicht, nicht so wichtig)
- # wp post create --post_type=post --post_title="Norse Ipsum" --post_status=publish
- # VULNERABLE PLUGIN
- wp plugin install social-warfare --version=3.5.1 --activate --path=/var/www/yggdrasil --allow-root
- # diesen teil am ende des wp setups lassen
- chown -R www-data:www-data /var/www/yggdrasil
- chmod 774 /var/www/yggdrasil
- mysql_secure_installation <<EOF
- n
- y
- y
- y
- y
- EOF
- /etc/init.d/apache2 restart
- # WWW-DATA TO BALDUR
- echo "============================================"
- echo "Set up PrivEsc from www-data to baldur..."
- echo "============================================"
- chmod 644 /etc/shadow
- # POST EXPLOIT
- echo "============================================"
- echo "Set up cronjob for Post-Exploit..."
- echo "============================================"
- mkdir -p /opt/freya
- touch /opt/freya/log.py
- touch /opt/freya/script.sh
- echo "echo \"Do something...\"" > /opt/freya/script.sh
- printf '#!/usr/bin/python\n\n' > /opt/freya/log.py
- printf 'import os\nimport socket\n\n' >> /opt/freya/log.py
- printf '# TODO actually add in socket functionality\n' >> /opt/freya/log.py
- printf 's = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\n' >> /opt/freya/log.py
- printf 'os.system("./script.sh")\n' >> /opt/freya/log.py
- chmod +x /opt/freya/log.py
- chmod +x /opt/freya/script.sh
- chmod 666 /usr/lib/python2.7/socket.py
- # some false flags
- chmod 666 /usr/lib/python2.7/abc.py
- chmod 666 /usr/lib/python2.7/ast.py
- chmod 666 /usr/lib/python2.7/base64.py
- chmod 666 /usr/lib/python2.7/bdb.py
- chmod 666 /usr/lib/python2.7/code.py
- chmod 666 /usr/lib/python2.7/dis.py
- chmod 666 /usr/lib/python2.7/fileinput.py
- chmod 666 /usr/lib/python2.7/glob.py
- chmod 666 /usr/lib/python2.7/hmac.py
- chmod 666 /usr/lib/python2.7/htmllib.py
- chmod 666 /usr/lib/python2.7/io.py
- chmod 666 /usr/lib/python2.7/mimify.py
- chmod 666 /usr/lib/python2.7/pipes.py
- chmod 666 /usr/lib/python2.7/popen2.py
- chmod 666 /usr/lib/python2.7/random.py
- TEMPFILE=$(mktemp)
- echo "*/1 * * * * /opt/freya/log.py" >> ${TEMPFILE}
- crontab ${TEMPFILE}
- rm ${TEMPFILE}
- echo "Freya has successfully been set up!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement