In this final post of the series, we will be setting up a WordPress website within the training system. As a recap, we now have cyberchef, CTFd (running as a docker container), apache, nginx, bind, mysql, postfix, dovecot and roundcube all configured and successfully running on an Ubuntu 24.04 server. At the time of writing this, I have everything running on a Raspberry Pi 4 Model B (with 1Gb of RAM).
If you’ve been following along so far, most if not all of the dependencies required for installing and configuring WordPress should already be there for you.
With that said, the first thing we need to do is download a copy of WordPress
wget https://wordpress.org/latest.zipNext, we need to configure a folder to host this in apache, and add the chosen domain name to DNS.
sudo mkdir /var/www/html/example.localsudo vi /etc/bind/zones/.localFor the zone, we will need to add the following line (Where 192.168.1.100 is the IP address of the server you’re working on and example.local is the domain name you want to make the website available from):
example.local A 192.168.1.100Finally, we will need to make the website available through nginx
sudo vi /etc/nginx/sites-available/example.localThe configuation for the site should look like the following (changing php7.4-fpm to match the version of PHP you have installed)
server {
listen 80;
listen [::]:80;
server_name example.local;
root /var/www/html/example.local;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ = 404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock
}
}NOTE: It is important to keep index.html within the nginx server configuration. A static HTML page can later be created and moved to the apache directory to simulate a website defacement attack.
The next step is to enable this website within nginx
sudo ln -s /etc/nginx/sites-available/example.local /etc/nginx/sites-enabled/example.local Restart apache, nginx and bind to get the changes implemented.
sudo systemctl restart nginx apache2 bind9With the site ready to be served, copy and unzip the WordPress files into the web directory.
cp ~/latest.zip /var/www/html/example.local/
cd /var/www/html/example.local/
unzip latest.zip
mv ./wordpress/* ./
rm -r ./wordpress
rm latest.zipWith the wordpress files now ready for hosting, the final step will be to create MySQL user and database for hosting the site.
sudo mysqlWith the mysql prompt open, create a new user (changing the example_user and password fields as required. Make a note of this details, as you will need them later)
CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'password' Next, we will need to create a database for our website. I have used example_local to make it easier to match the database to the website.
CREATE DATABASE example_local;After that is done we will need to add permissions to our user so that they can access it.
GRANT ALL PRIVILEGES ON example_local.* TO 'example_user'@'localhost';With the database setup, and user permissions applied, type exit to get back to the main terminal.
The final step for getting the website sorted is to configure WordPress to use this new database.
cp /var/www/html/example.local/wp-config-sample.php /var/www/html/example.local/wp-config.php
vi /var/www/html/example.local/wp-config.php Change the following values to match what you created in the previous steps.
...
define( 'DB_NAME', 'example_local' );
...
define( 'DB_USER', 'example_user' );
...
define( 'DB_PASSWORD', 'password' );
...The remaining configuration can remain unchanged.
To complete the setup, navigate to the website in on your web browser and follow the WordPress installation process from there. You will need to create WordPress admin account, and once that’s completed you can login and modify the site however you need.
Simply repeat these steps to setup any websites you might need to run your exercise.
Once you have setup all your websites – it’s a good idea to update the permissions of the /var/www/html folder and subfolders.
sudo chown -R www-data:www-data /var/www/htmlRunning an exercise using the system
In the very first post of this series, I mentioned that this was all setup to assist with building and running interactive cyber exercises using a portable system.
This environment is highly customisable, and can be used to provide interactivity to an existing TTX – providing injects through a website, or email communications direct to participants for example. Or, as in my case, used to develop and fully integrate into a brand new exercise. One where each team gets their own website (and email accounts). I might simulate a denial of service attack by modifying their site’s nginx configuration, making it unavailable on the network. I might also decide to send an email to a team to tell them data has been leaked on the dark web (I have create a static HTML page for such a purpose) or I might decide to deface one team website (By copying a pre-prepared index.html into the websites root folder) before systematically defacing the remaining teams throughout the exercise.
I have also created websites to simulate news media outlets, and social media platforms – allowing teams an opportunity to craft crisis communications or respond in near real-time as the exercise unfolds. The creation of these websites isn’t covered here, and is left as a future exercise for anyone interested.
This platform is still under active development and no doubt additional features and tweaks will be made as I use it as part of my training. I already have a list of features that I’m working on – including automating exercises, embedding TTX scenarios into their own website(s) and creating an admin portal that allows for the running (and resetting) of the platform by the facilitator.
DFIR.Dog 