Website Local Attack

From ICO wiki
Jump to navigationJump to search

Mediawiki Installation

Autor: Lauri Vosandi

Mediawiki Requirement

http://www.mediawiki.org/wiki/Manual:Installation_requirements
Basically, it is necessary to install a web server, PHP and MySQL, you need to root to install as follows:

root@kaka:~#apt-get install apache2 mysql-server php5

Download

Tee oma valik http://www.mediawiki.org/wiki/Download/Matrix ning downloadi sobiv versioon.
n. Mine veebiserveri document-root -u, downloadi wgetiga, paki lahti: 

root@kaka:~# cd /var/www/
root@kaka:/var/www# wget http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.tar.gz
--2009-03-13 13:08:43--  http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.tar.gz
Lahendan download.wikimedia.org... 208.80.152.183
Loon ühendust serveriga download.wikimedia.org|208.80.152.183|:80... ühendus loodud.
HTTP päring saadetud, ootan vastust... 200 OK
Pikkus: 10122254 (9,7M) [application/octet-stream]
Saving to: `mediawiki-1.14.0.tar.gz.1'

100%[======================================>] 10 122 254  2,51M/s   in 4,4s

2009-03-13 13:08:48 (2,18 MB/s) - `mediawiki-1.14.0.tar.gz.1' salvestatud [10122254/10122254]

root@kaka:/var/www# tar -xvvf mediawiki-1.14.0.tar.gz

Install

http://www.mediawiki.org/wiki/Manual:Installing_MediaWiki
Muuda ära kataloogi nimi, muuda failide õigused: 

root@kaka:/var/www# mv mediawiki-1.14.0 wiki
root@kaka:/var/www# chown -R www-data:www-data ./wiki

Tekita mysql baas ning wiki jaoks eraldi kasutaja: 

www-data@kaka:~/wiki$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 190
Server version: 5.0.67-0ubuntu6 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>  create database wikidb;
Query OK, 1 row affected (0.01 sec)

mysql>  grant create, select, insert, update, delete, alter, lock tables on wikidb.* to 'wikiuser'@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye
www-data@kaka:~/wiki$

Mine veebilehitsejaga äsja installeeritud wiki confi aadressile n. http://localhost/wiki/config ning pane seal täide esmane seadistus.
config kataloogi tekitatakse Localsetings.php fail mille peaksid tõstma oma wiki root kataloogi. 

www-data@kaka:~/wiki$ mv config/LocalSettings.php .

Seadistus

Seadista mõned parameetrid LocalSettings.php failis:

$wgSitename         = "ITC wiki";
$wgEmergencyContact = "webmaster@localhost";
$wgPasswordSender = "webmaster@localhost";
$wgEmailAuthentication = true;
## Database settings
$wgDBtype           = "mysql";
$wgDBserver         = "localhost";
$wgDBname           = "wikidb";
$wgDBuser           = "wiki";
$wgDBpassword       = "*******";
$wgDefaultSkin = 'modern';
$wgEnableUploads       = true;

# for maintenance put wiki read-only by uncommenting following variable #
# $wgReadOnly = 'maintenance message here';

# Whether to allow inline images hosted on external websites
$wgAllowExternalImages = true;

# if false, allow uploading files with any extension
$wgCheckFileExtensions = false;

# if false, does not do mime check on uploaded files
$wgMimeTypeFile = false;

# define wikilogo and icon
#$wgLogo         = "$wgScriptPath/skins/common/images/wikilogo.png";
#$wgFavicon = "$wgScriptPath/skins/common/images/favicon.ico";

# do not show & allow editing anything if user is not logged in
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;

# whitelists  - pages what can be seen by people who are not logged in
$wgWhitelistRead = array("Main Page", "Special:Userlogin", "-", "MediaWiki:Monobook.css");

# do not allow account creating
$wgGroupPermissions['*']['createaccount'] = false;

Extensionite install

LDAP auth extension

http://www.mediawiki.org/wiki/LDAP

Eeldused

Vaja installida php5 LDAP support: 

root@kaka:~#apt-get install php5-ldap

Download & install

http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/LdapAuthentication/LdapAuthentication.php?view=co
Vaja downloadida LdapAuthentication.php fail, kuna too asub SVN-is, siis on selleks mitu eri varianti.
Lihtsaim on see link veebibrowseris avada ning saadud fail maha salvestada
Kopeeri allalaetud fail extensions kataloogi: 

www-data@kaka:/var/www# cp /home/argoe/Töölaud/LdapAuthentication.php ./wiki/extensions/

Seadistus

LocalSettings.php faili lisa pisut infi oma LDAPi kohta: 

###### LDAP Authentication ######
require_once 'extensions/LdapAuthentication.php';
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array(
  'itcollege'
);
$wgLDAPServerNames = array(
  'itcollege' => 'earl.itcollege.ee'
);
$wgLDAPEncryptionType = array(
  'itcollege' => 'clear'
);
$wgLDAPSearchStrings = array(
  'itcollege' => 'uid=USER-NAME,ou=People,dc=itcollege,dc=ee'
);
//Don't automatically create an account for a user if the account exists in LDAP
//but not in MediaWiki.
//Default: false.
#$wgLDAPDisableAutoCreate = array(
#"testADdomain"=>true
#);
//Allow the use of the local database as well as the LDAP database.
//wiki admin user is in local DB!
$wgLDAPUseLocal = true;

FreeMind extension

http://www.mediawiki.org/wiki/Extension:FreeMind

Eeldused

Nõrk turva on aksepteeritav - mm failide uploadimiseks tuleb keelata wiki skriptide kontroll ning see võib viia igasugu pahade asjadeni nagu javaskripti injection jne.
Olete valmis muutma wiki koodi

Download & install

www-data@kaka:/var/www/wiki/extensions# wget http://freemind.sourceforge.net/dimitry_mediawiki_freemind_extension/MediawikiExtension.zip
--2009-03-13 13:47:05--  http://freemind.sourceforge.net/dimitry_mediawiki_freemind_extension/MediawikiExtension.zip
Lahendan freemind.sourceforge.net... 216.34.181.96
Loon ühendust serveriga freemind.sourceforge.net|216.34.181.96|:80... ühendus loodud.
HTTP päring saadetud, ootan vastust... 200 OK
Pikkus: 6242 (6,1K) [application/zip]
Saving to: `MediawikiExtension.zip'

100%[==============================================================>] 6 242       --.-K/s   in 0,1s

2009-03-13 13:47:07 (45,1 KB/s) - `MediawikiExtension.zip' salvestatud [6242/6242]

Lae alla järgmised failid:
http://sourceforge.net/project/downloading.php?group_id=7118&use_mirror=easynews&filename=freemind-browser-0_7_1.zip&36406726
http://www.efectokiwano.net/mm/freeMindFlashBrowser.zip
Paki failid lahti: 

www-data@kaka:/var/www/wiki/extensions# unzip MediawikiExtension.zip
Archive:  MediawikiExtension.zip
  inflating: FreeMind.php
replace README? [y]es, [n]o, [A]ll, [N]one, [r]ename: n
  inflating: freemind/appletwindow.php
  inflating: freemind/appletwindowFunction.php
  inflating: freemind/flashwindow.php
  inflating: freemind/flashwindowFunction.php
www-data@kaka:~/wiki/extensions$ rm MediawikiExtension.zip
www-data@kaka:/var/www/wiki/extensions# cd freemind
www-data@kaka:/var/www/wiki/extensions/freemind# cp /home/argoe/Töölaud/free* .
www-data@kaka:/var/www/wiki/extensions/freemind# unzip freemind-browser-0_7_1.zip
Archive:  freemind-browser-0_7_1.zip
  inflating: freemindbrowser.jar
  inflating: freemindbrowser.html
www-data@kaka:/var/www/wiki/extensions/freemind# unzip freeMindFlashBrowser.zip
Archive:  freeMindFlashBrowser.zip
  inflating: bola.jpg
  inflating: bola4.gif
 extracting: estrella.png
  inflating: flashfreemind.css
  inflating: flashobject.js
  inflating: freeMindFlashBrowser.mm
  inflating: freeMindFlashBrowser.mm.bak
  inflating: mindmaps.html
  inflating: readme.txt
  inflating: visorFreemind.swf
www-data@kaka:~/wiki/extensions/freemind$ rm *.zip

Seadistus

LocalSettings.php faili lisa järgmine rida: 

include('extensions/FreeMind.php');

! Selleks, et mm tüüpi faile uploadida, on vaja keelata skriptide kontroll uploadidtud failides Juhendid:
http://freemind.sourceforge.net/wiki/index.php/Talk:Embedded_Mind_Maps#This_file_contains_HTML_or_script_code_that_may_be_erroneously_be_interpreted_by_a_web_browser
http://www.mediawiki.org/wiki/Allowing_HTML_Uploads

Kasutus ja näide

! Freemind töötab vaid wikisse uploaditud failidega 

<mm>[[Osadmin2009.mm]]</mm>

WebsiteFrame extension

http://www.mediawiki.org/wiki/Extension:Website_in_iFrame

Eeldused

Nõrk turva on aksepteeritav - extansion loob võimaluse cross-site skriptimiseks http://en.wikipedia.org/wiki/Cross-site_scripting

Download & install

http://www.mediawiki.org/wiki/Extension:Website_in_iFrame lehel on kood üleval. Salvesta see extensions kataloogi faili websiteFrame.php

Seadistus

LocalSettings.php faili lisa järgmine rida: 

include("extensions/websiteFrame.php");

Kasutus ja näide

Tuleb kasutada täielikku URLi a'la http://www.yourWebsite.com 

<websiteFrame>
website=[website URL]
name=[string]
align=[top,middle,bottom,left,right]
height=[number]
width=[number,percentage]
border=[number]
scroll=[yes,no,auto]
longdescription=[long description URI]
</websiteFrame>

Groupportal extension

http://www.mediawiki.org/wiki/Extension:GroupPortal

Eeldused

admin viitsib tekitada mõne kasutajagrupi koos õigustega, vaja tekitada ka mitu avalehte.
Kasutaja, kes on eraldi esilehega grupis, ei saa enam wiki originaal esilehte muuta.

Download & install

www-data@kaka:~/wiki$ cd extensions/
www-data@kaka:~/wiki/extensions$ wget http://upload.wikimedia.org/ext-dist/GroupPortal-MW1.14-r30722.tar.gz
--2009-03-14 11:38:17--  http://upload.wikimedia.org/ext-dist/GroupPortal-MW1.14-r30722.tar.gz
Lahendan upload.wikimedia.org... 91.198.174.3
Loon ühendust serveriga upload.wikimedia.org|91.198.174.3|:80... ühendus loodud.
HTTP päring saadetud, ootan vastust... 200 OK
Pikkus: 803 [application/x-tar]
Saving to: `GroupPortal-MW1.14-r30722.tar.gz'

100%[================================================>] 803         --.-K/s   in 0,002s

2009-03-14 11:38:17 (426 KB/s) - `GroupPortal-MW1.14-r30722.tar.gz' salvestatud [803/803]

www-data@kaka:~/wiki/extensions$ tar -xvf GroupPortal-MW1.14-r30722.tar.gz
GroupPortal/
GroupPortal/GroupPortal.php
www-data@kaka:~/wiki/extensions$ rm GroupPortal-MW1.14-r30722.tar.gz
www-data@kaka:~/wiki/extensions$

Seadistus

LocalSettings.php faili lisa järgmine rida: 

require_once( "extensions/GroupPortal/GroupPortal.php" );

Kasutus ja näide

Tekitage kasutajagrupp http://www.mediawiki.org/wiki/Manual:User_rights
n. lisades järgneva rea LocalSettings.php faili tekitate grupi kala ning annate neile kõikide lehtede lugemisõiguse:

$wgGroupPermissions['kala']['read'] = true;

!Kui gruppi on lisatud mõni isik ning kui grupi nime muuta või kustutada, jääb ta kuhugi mysql baasi ikkagi alles ning
seda listitakse jätkuvalt mõningatel erilehtedel. Parandada saab otse baasist.

Lisa soovitud kasutajad soovitud gruppi: Eri:UserRights

Tekitage MediaWiki:Groupportal leht ning lisage sinna gruppide ja esilehtede mapping.
Näiteks: 

kala|freemind 
sysop|Sysop Home
*|Portals
RandomGroup|Random Home

GraphViz extension

http://www.mediawiki.org/wiki/Extension:GraphViz

Eeldused

Vaja installeerida graphviz pakk:
root@kaka:~#apt-get install graphviz

Download & install

www-data@kaka:~/wiki$ cd extensions/
www-data@kaka:~/wiki/extensions$ wget http://mwextensions.cvs.sourceforge.net/*checkout*/mwextensions/mediawikiextensions/Graphviz.php
Hoiatus: HTTP ei toeta jokkereid.
--2009-03-14 12:18:27--  http://mwextensions.cvs.sourceforge.net/*checkout*/mwextensions/mediawikiextensions/Graphviz.php
Lahendan mwextensions.cvs.sourceforge.net... 216.34.181.108
Loon ühendust serveriga mwextensions.cvs.sourceforge.net|216.34.181.108|:80... ühendus loodud.
HTTP päring saadetud, ootan vastust... 200 OK
Pikkus: määramata [text/plain]
Saving to: `Graphviz.php'

    [ <=>                                                                                                                                                        ] 2 322       --.-K/s   in 0,005s

2009-03-14 12:18:27 (450 KB/s) - `Graphviz.php' salvestatud [2322]

Seadistus

LocalSettings.php faili lisa järgmised read ning vaata, et dot asukoht oleks süsteemis sama. 

include("extensions/Graphviz.php");
$wgGraphVizSettings->dotCommand = "/usr/bin/dot";

Kasutus ja näide

Palju näiteid on veebis http://www.graphviz.org/Gallery.php 

<graphviz renderer='neato' caption='Hello Neato'>
graph G {
   run -- intr;
   intr -- runbl;
   runbl -- run;
   run -- kernel;
   kernel -- zombie;
   kernel -- sleep;
   kernel -- runmem;
   sleep -- swap;
   swap -- runswap;
   runswap -- new;
   runswap -- runmem;
   new -- runmem;
   sleep -- runmem;
}
</graphviz>

PDF Export extension

http://www.mediawiki.org/wiki/Extension:Pdf_Export

Eeldused

Vaja installeerida htmldoc pakk + pakid millest ta sõltub:

root@kaka:~# apt-get install htmldoc
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  htmldoc-common libfltk1.1
The following NEW packages will be installed:
  htmldoc htmldoc-common libfltk1.1
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 5855kB of archives.
After this operation, 10,1MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ee.archive.ubuntu.com intrepid/main htmldoc-common 1.8.27-3 [5192kB]
Get:2 http://ee.archive.ubuntu.com intrepid/main libfltk1.1 1.1.9-4 [460kB]
Get:3 http://ee.archive.ubuntu.com intrepid/main htmldoc 1.8.27-3 [202kB]
Fetched 5855kB in 24s (238kB/s)
Varem valimata paki htmldoc-common valimine.
(Andmebaasi lugemine ... hetkel on paigaldatud 109296 faili ja kataloogi.)
Paki htmldoc-common lahtipakkimine (failist .../htmldoc-common_1.8.27-3_all.deb) ...
Varem valimata paki libfltk1.1 valimine.
Paki libfltk1.1 lahtipakkimine (failist .../libfltk1.1_1.1.9-4_i386.deb) ...
Varem valimata paki htmldoc valimine.
Paki htmldoc lahtipakkimine (failist .../htmldoc_1.8.27-3_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for menu ...
Paki htmldoc-common (1.8.27-3) paikasättimine ...
Paki libfltk1.1 (1.1.9-4) paikasättimine ...

Paki htmldoc (1.8.27-3) paikasättimine ...

Processing triggers for libc6 ...
ldconfig deferred processing now taking place
Processing triggers for menu ...

Download & install

4 php faili kood on saadaval http://www.mediawiki.org/wiki/Extension:Pdf_Export/Source_Code
tee uus kataloog ning salvesta need sinna. 

www-data@kaka:~/wiki$ cd extensions/
www-data@kaka:~/wiki/extensions$ mkdir PdfExport

Seadistus

LocalSettings.php faili lisa järgmine rida: 

require_once("extensions/PdfExport/PdfExport.php");

Kasutus

Tööriistakastis on link "Print as PDF", sellel klikkides prinditakse hetkel aktiivne wiki leht PDF faili.
! Fail laetakse alla kui index.php, nime ja laiendi peab käsitsi ümber nimetama!

FCKeditor extension

http://www.mediawiki.org/wiki/Extension:FCKeditor_(by_FCKeditor_and_Wikia)
http://mediawiki.fckeditor.net/index.php/FCKeditor_integration_guide

Eeldused

Peab arvestama, et FCK editor mudib ära olemasolevad artiklid, kui need uuesti salvestada ning see ei pruugi alati kõige paremini lõppeda!
Lingid tehakse ringi, reavahetusi kustutatakse jne. Ei ole mõistlik paigaldada siis, kui kavatsetakse edaspidi veel käsitsi artikleid edida.

Download & install

tiri alla 1 fail veebist, http://rs426.rapidshare.com/files/205304883/FCKeditor.zip
kopi see extensions kataloogi ning paki lahti. 

www-data@kaka:~/wiki$ cd extensions/
www-data@kaka:~/wiki/extensions/$ cp /home/argoe/Töölaud/FCKeditor.zip .                                                                                                                      
www-data@kaka:~/wiki/extensions/$ unzip FCKeditor.zip  
www-data@kaka:~/wiki/extensions$ rm FCKeditor.zip

Seadistus

LocalSettings.php faili lisa järgmine rida: 

require_once( "$IP/extensions/FCKeditor/FCKeditor.php" );
$wgUseAjax = true;

Kasutus

Voila - ongi kohe eriti fancy word-lookalike menüü olemas! õnneks või õnnetuseks on menüü vasakul ülemises nurgas olemas nupp kirjaga "wikitext" :D

Retrieved from "https://wiki.itcollege.ee/index.php?title=Website_Local_Attack&oldid=105417"