-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathmanual_instructions.txt
169 lines (142 loc) · 4.81 KB
/
manual_instructions.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
To be modified with steps and outputs only .txt
## Manual Installation *(optional)* the cooked...
### :books: Preparing Ingredients
#### DEBIAN PACKAGES TO INSTALL
Execute these command as root user.
```
$ apt-get update
$ apt-get install sudo -y
```
Execute this command with your user. (In this example, uses `waf` account.)
```
$ sudo apt-get upgrade -y && apt-get dist-upgrade -y
$ sudo apt-get install build-essential -y
$ sudo apt-get install automake libtool make gcc pkg-config -y
$ sudo apt-get install flex bison curl vim net-tools zip unzip git -y
```
#### INSTALL PERL LIBRARIES
```
$ sudo apt-get install libdigest-md5-file-perl libdigest-sha-perl libmldbm-perl libdbm-deep-perl libswitch-perl -y
```
#### Download Repo
```
$ cd --
$ sudo git clone https://github.com/alt3kx/wafaray
```
#### CREATE FOLDERS
The `temporal` folder is used to store the temporal files and the sessions.
The `/YaraRules` is used to store Yara Rules.
```
$ sudo mkdir /temporal && sudo chmod 1777 -R /temporal
$ sudo mkdir -p /YaraRules/Compiled && sudo mkdir -p /var/www/html/upload
```
### :books: Ingredient One
#### INSTALL YARA
```
$ sudo apt-get install libyara-dev libyara4 yara yara-doc libyara-dev python3-yara python3 python3-pip python3-venv python3-plyara -y
```
#### DOWNLOAD YARA RULES
Download the file `YaraScripts.tar` and decompress inside of `/YaraRules`.
`YaraScripts.tar` contains the following files: `modsec_run.sh, YaraCompile.py`.
```
$ cd /home/waf/wafaray
$ mv YaraScripts.tar /YaraRules
$ cd /YaraRules
$ tar -xf YaraScripts.tar
```
There exist many sites that contains Yara rules, for this PoC we used https://github.com/Yara-Rules/rules
```
$ cd /YaraRules
$ sudo git clone https://github.com/Yara-Rules/rules
```
#### Compile all the yara rules detected.
The script is based on Python3 using yara library.
The script detects inside of `/YaraRules/rules` the files that contains `yar` or `yara` extension and compile all of the files detected.
The file compiled is stored in one json file `/YaraRules/yara_compiled.json`, this file will be used by `modsec_yara.py`.
Reference: https://yara.readthedocs.io/en/v3.4.0/yarapython.html
Execute the following lines in order to compile all `Yara` rules.
```
$ cd /YaraRules/YaraScripts
$ sudo ./YaraCompile.py
```
### :books: Ingredient Two
#### WAF MODSECURITY
Reference: https://github.com/alt3kx/wafparan01d3
#### INSTALL MODSECURITY
```
$ cd --
$ sudo apt-get install apache2 libapache2-mod-security2 -y
$ cd /etc/apache2
$ sudo ln -s /var/log/apache2/ logs
```
#### CONFIGURE MODSECURITY
```
$ sudo systemctl stop apache2
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
$ sudo sed -i "s,^SecRuleEngine .*,SecRuleEngine On,g" /etc/modsecurity/modsecurity.conf
$ sudo systemctl start apache2
```
#### INSTALL CRS
```
$ cd ~
$ wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip
$ unzip v3.3.2.zip
$ sudo mv coreruleset-3.3.2/crs-setup.conf.example /etc/modsecurity/crs/crs-setup.conf
$ sudo mv coreruleset-3.3.2/rules/ /etc/modsecurity/crs/
```
Edit the file `/etc/apache2/mods-enabled/security2.conf `, and replace with the following code.
```
<IfModule security2_module>
SecDataDir /var/cache/modsecurity
IncludeOptional /etc/modsecurity/crs-setup.conf
IncludeOptional /etc/modsecurity/rules/*.conf
</IfModule>
```
Edit the file `/etc/apache2/apache2.conf`, and add the following code after `Include ports.conf`.
```
Include /etc/modsecurity/modsecurity.conf
Include /etc/modsecurity/crs/crs-setup.conf
Include /etc/modsecurity/crs/rules/*.conf
```
Add libraries and restart apache.
```
$ cd /etc/apache2
$ sudo cp mods-available/proxy_http.load mods-enabled
$ sudo cp mods-available/proxy.load mods-enabled/
$ sudo cp mods-available/rewrite.load mods-enabled/
$ sudo systemctl restart apache2
```
### VIRTUAL HOST
#### INSTALL PHP
```
$ sudo apt-get install php -y
```
#### ADD MAIN VIRTUAL HOST
Edit the file `/etc/apache2/ports.conf`, and add the following code.
```
Listen 8080
Listen 18080
```
Download the file `vhosts.tar` and decompress inside of `/etc/apache2/`.
The `vhosts.tar` contains the following files: `000-default.conf, moc.conf, test.conf`.
```
$ cd /etc/apache2/
$ sha1sum vhosts.tar
6de65d0f1ef2e3d20aae558827c8829446c2c280
$ tar -xf vhosts.tar
```
### :books: Finishing Cooking
#### UPLOAD PAGE
Download the file `page.tar` and decompress inside of `/var/www/html/`.
The `page.tar` contains the following files: `upload.php`.
```
$ cd /var/www/html
$ sha1sum page.tar
938c6bb9923b56baf585d7e229d14a3872a6e984
$ tar -xf page.tar
```
Restart apache.
```
$ sudo systemctl stop apache2
$ sudo systemctl start apache2
```