Final LAB - HackMD

# Final ## vimrc (optional) 1. `vim ~/.vimrc` ``` vimrc set encoding=utf-8 set nu syntax on set ai set shiftwidth=4 set tabstop=4 set expandtab set smartindent set backspace=2 set ruler set ic set number set mouse=a set hlsearch inoremap {<CR> {<CR>}<Esc>ko inoremap " ""<Esc>i inoremap ' ''<Esc>i ``` ## general 1. update time ```shell $ sudo ntpdate clock.stdtime.gov.tw $ tzsetup ``` 3. update hostname ```shell $ sudo vim /etc/rc.conf ``` 4. `adduser` ``` name: judge passwd: m30owme0w shell: bash ``` 5. `$ pw usermod judge -G wheel` 6. `$ visudo` ``` conf limaox ALL=(ALL:ALL) NOPASSWD: ALL judge ALL=(ALL:ALL) NOPASSWD: ALL ``` 7. ssh key ``` shell $ mkdir ~/.ssh $ cp authorized_keys .ssh/authorized_keys ``` 8. ssh config `$ vim /etc/ssh/sshd_config ` ``` conf Port 2222 PermitRootLogin no PasswordAuthentication no ChallengeResponseAuthentication no ``` 9. ssh restart ```shell $ service sshd restart ``` :::warning 因為 ssh_key only, 所以你之後 ssh 會連不上去, 建議你把 ssh public key >> authorized_keys ::: ## shell scripts ``` sh #!/bin/bash # Loop to create 50 users for i in {0..49}; do # Generate the username and password username="sa_$(printf '%02d' $i)" password="sa_$(printf '%02d' $((49 - i)))" # Determine the default shell based on the username if ((i % 2 == 0)); then shell="/bin/sh" else shell="/bin/tcsh" fi # Create the user with the specified details pw useradd -n $username -s $shell -m echo "$passed" | pw usermod $username -h 0 echo "User created: $username" done ``` ## ZFS 1. `$ zpool list sa_pool` 2. scrub 來修復檔案 ```shell $ zpool scrub sa_pool ``` 3. 檢查狀態 `zpool status sa_pool` 4. da1 是爛掉的, 我選擇使用 detach ```shell $ sudo zpool detach sa_pool /dev/da1 ``` 5. 找到 zfsflag ```shell $ find /mnt/sa_pool/sa_final -type f -name "zfsflag.txt" -exec grep -q "douwant2buildasn0wman" {} \; -print ``` 7. ```shell $ mv zfsflag.txt /home/judge ``` ## web_client 1. `sudo vim /etc/hosts` 並加入以下行數 ``` conf 10.187.10.1 sa-judge.meow ``` 2. change privillage acess ``` shell $ sudo chmod 666 /etc/hosts ``` ## web_server 1. nginx server ``` conf #user nobody; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; client_max_body_size 0; #round robin upstream backend { server facebook.sa; server google.sa; } server { listen 80; server_name limaox.ncku; rewrite ^(.*) https://$host$1 permanent; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name limaox.ncku; ssl_certificate /usr/home/limaox/full.crt; ssl_certificate_key /usr/home/limaox/private.key; location / { proxy_pass http://backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } } ``` 2. 生 server.conf ``` conf default_bits = 2048 prompt = no default_md = sha256 distinguished_name = req_distinguished_name req_extensions = req_ext [req_distinguished_name] C = TW ST = TN L = TAINAN O = NCKU CN = limaox.ncku [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = limaox.ncku ``` 3. 生成 certificate ``` shell $ openssl genrsa -out private.key 2048 $ chmod 644 private.key $ openssl req -new -sha256 -key private.key -out ca.req -config server.conf $ chmod 777 ca.req $ openssl x509 -req -in ca.req -CA ca.crt -CAkey ca.key -CAcreateserial -out private.crt -days 1024 -sha256 -extensions req_ext -extfile server.conf $ chmod 777 private.crt $ cat private.crt ca.crt >> full.crt ``` 4. ```$ sudo service nginx restart``` 5. 驗證鎖頭 (refresh 可能沒用, 我關掉頁面重開才 ok) * ![](https://hackmd.io/_uploads/SJkBCYZun.png) * 憑證階層 ``` saroot final limaox limaox.ncku ``` ## nfs_server 1. 載入 nfs server 並抓 `getflag.sh` 出來 ``` shell $ mkdir /mnt/nfs $ mount -t nfs nfs.sa:/flagplace /mnt/nfs $ cp /mnt/nfs/getflag.sh /usr/home/limaox ``` 2. 讓被抓出來的 `getflag.sh` 生成flag 3. 生成 /etc/exports 檔 ``` /data/shared -alldirs -network 10.187.1.0/24 -maproot=root /data/shared -alldirs -ro ``` 4. 加東西到 /etc/rc.conf ```conf nfs_server_enable="YES" nfs_reserved_port_only="NO" ``` 5. ```$ sudo service nfsd restart``` :::warning 我的 /mnt/nfs 會因為 busy 而無法 umount 並導致 service nfsd restart 會無法使用, 可以選擇 reboot 或殺掉使用的 process ::: ## firewall 1. ```$ sudo vim /etc/pf.conf``` ```conf # Allow loopback and outgoing traffic pass out all set skip on lo0 block in # eth0 是我的 interface, 請檢查你的 interface 名稱 by ipconfig or ifconfig pass in on eth0 inet proto icmp all icmp-type echoreq # Create whitelist for SSH and NFS services # 10.187.112.170 是我的 ip 請改成自己的 pass in on eth0 inet proto tcp from {10.187.0.0/23, 10.187.112.0/20, 10.187.112.170} to any port 2222 # 使用 rpcinfo -p 看 nfs 的 port pass in on eth0 inet proto tcp from 10.187.0.0/23 to any port {111, 961, 2049} pass in on eth0 inet proto tcp from any to any port {80, 443} # Create blacklist for Nginx services block in on eth0 inet proto tcp from {10.187.10.5, 10.187.0.253} to any port {80, 443} ``` 2. 執行防火牆 ```shell $ sudo service pf enable $ sudo service pf start ``` :::success 恭喜完成 final lab~~ :::