Ansible playbooks are YAML files with target host/group information, command execution and some loops and logic. A playbook is a blueprint of an operation on our managed nodes. Playbooks are the first step towards managing infrastructure as code.
Continue reading “Getting started with Ansible playbooks: more steps towards DevOps”Category: Old Posts – History
Posts archive till up to December 2025.
Getting started with Ansible for managing our personal lab – ad-hoc commands
After we installed Ansible and tested that it works well, then we want to make it work for us. There are three methods Ansible can operate. The first one is running so called ad-hoc commands with the ansible command line tool. The second option is to write re-usable code (playbooks, roles and variables) and run them with the ansible-playbook command. Both commands use the push mechanism to interact with the controlled nodes. A third option is a tool called ansible-pull that (as its name suggests) pulls the configuration onto a managed machine from a source code management repo. Let’s take a look at the easiest method, the ad-hoc commands first!
Continue reading “Getting started with Ansible for managing our personal lab – ad-hoc commands”Windows as Ansible control host in WSL2
We all want to work smarter, not harder. (Or at least some of us…) Automating the repetitive tasks was always a huge leap forward even before the “DevOps times” when we wrote shell scripts and Perl code to create automation out of the box. Today we have the luxury of choosing between a lot of automation and orchestration frameworks.
Continue reading “Windows as Ansible control host in WSL2”TryHackMe | Attacktive Directory [write-up]
Microsoft Active Directory can be found at every medium/large organization (99% according to the THM room). This is why it is a common target for black hats and other malicious actors. In the Attacktive Directory room we can learn a lot about targeting the services in an AD.
I use the THM in-browser Kali Linux for this task!
Continue reading “TryHackMe | Attacktive Directory [write-up]”How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!
With Burp Suite we can initiate dictionary attacks against a website. This time in this simulated attack we will brute force the login field of the Juice Shop web application. We already know the email address of an admin user, so we have to make sure to find the right password.
Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!”How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!
In this article we will investigate other functionalities of the Cyber Security test tool Hydra. In one of the previous articles we cracked a user password on a Linux system through SSH. In this example we do not know the exact username of any FTP user. We will create a list of possible usernames along our password list. All of these operations happen in a personal lab.
Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!”How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!
The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.
Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!”TryHackMe | Kenobi [write-up]
In this room we practice to enumerate and exploit vulnerabilities on Linux servers.
TryHackMe | Vulnversity [write-up]
Let’s walk through the Vulnversity room of tryhackme.com. This write-up is written for educational purposes. Please do not use it for cheating or skipping the tasks.
How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!
In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.
Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”TryHackMe | OWASP Juice Shop [write-up]
In this article I go through the OWASP Juice Shop room of tryhackme.com. This room is a practical review of the OWASP Top 10 vulnerabilities. This is a base security consideration for those who want to develop web applications.
Cyber Security landscape 2023
As we just dipped our pinky into 2023 the articles about Cyber Security in 2023 started to pop up on the internet. Some of them are exploring the the field as a career path and others talk about the new threats and vulnerabilities. I will review what I see about these topics.
Password Manager upgrade: I switched to KeepassXC
I’ve been using the Keepass password vault for years. I don’t remember when I started to keep my secrets in it, but it can be easily a decade ago. Though I always liked Keepass, and its features are strong, times have changed and I looked for something fresher and more elegant. My choice is KeepassXC. Read more to see why!
Continue reading “Password Manager upgrade: I switched to KeepassXC”Password Manager 101
In 2022 there is no excuse to do not use a reliable password manager. Period!
In the age of passwordless authentication, IoT, smart devices and high speed internet connection data breaches are more common than usual, mostly because of the insecure password usage. Remembering long and difficult passwords is really counter productive but luckily there is the solution: password managers! The era of post-its attached to the display with corporate or private secrets must be over. Even the corporate security starts with the individual level safety. Today’s cyber world demands strong and thorough security considerations even in our personal lives. We have bank account credentials, paid subscriptions and other stored card informations on different websites and mobile devices. So, do YOU use weak or shared passwords? Do you have any default passwords in your devices? Think about it a bit!
Continue reading “Password Manager 101”How to use Python virtual environments in Visual Studio Code?
I need both Linux and Windows environments at the same computer. I have been a Linux desktop user for almost 20 years, but some of the tools I use recently require Windows 10. Dual boot was a great solution, but it required double hard disk space and maintenance. One of my daily driver tools is Windows-only and a heavy GPU consumer, thus I changed my primary OS to Windows, and my Linux experience relies on WSL (Windows Subsystem for Linux).
Continue reading “How to use Python virtual environments in Visual Studio Code?”
Tom's IT Cafe 