Monday, May 13, 2013

HOWTO : Hiawatha on Ubuntu Desktop 12.04 LTS

Hiawatha is a secured web server. I use it to replace apache for the exploitation due to her lightweight.

Step 0 :

In case /etc/init.d/tntnet is exist, you should disable it before going further.

sudo update-rc.d tntnet disable
sudo /etc/init.d/tntnet stop


Step 1 :

sudo apt-get install build-essential libc6-dev libssl-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev

wget http://www.cmake.org/files/v2.8/cmake-2.8.10.2.tar.gz
tar -xvzf cmake-2.8.10.2.tar.gz
cd cmake-2.8.10.2
./configure
make
sudo make install

wget http://www.hiawatha-webserver.org/files/hiawatha-9.1.tar.gz
tar -xzvf hiawatha-9.1.tar.gz
cd hiawatha-9.1/extra

./make_debian_package

cd ..

sudo dpkg -i hiawatha_9.1_amd64.deb


or

sudo dpkg -i hiawatha_9.1_i386.deb

In case the init script does not at /etc/init.d/, you need to copy it manully.

sudo cp hiawatha-9.1/extra/debian/init.d/hiawatha /etc/init.d/


Step 2 :

update-rc.d hiawatha disable

Step 3 :

To run it.

sudo /etc/init.d/hiawatha start

To stop it.

sudo /etc/init.d/hiawatha stop

Step 4 :

Web shell site :

http://pentestmonkey.net/category/tools/web-shells

Download the php reverse shell.

sudo -sH
cd /opt

wget http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz

tar -xvzf php-reverse-shell-1.0.tar.gz
mv php-reverse-shell-1.0 php-reverse-shell
rm php-reverse-shell-1.0.tar.gz
cp php-reverse-shell.php /var/www/hiawatha/


That's all! See you.