Microsoft WSL is a very good technology when we want to run Linux applications on our Windows computer. When we install a distro from the Microsoft Store we can only install one instance of it. But with some work we can have multiple instances of the same distro.
Continue reading “How to run multiple instances of the same distro in WSL?”How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!
The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.
Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!”TryHackMe | Kenobi [write-up]
In this room we practice to enumerate and exploit vulnerabilities on Linux servers.
How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!
In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.
In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.
Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!”TryHackMe | Vulnversity [write-up]
Let’s walk through the Vulnversity room of tryhackme.com. This write-up is written for educational purposes. Please do not use it for cheating or skipping the tasks.
How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!
In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.
Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”TryHackMe | OWASP Juice Shop [write-up]
In this article I go through the OWASP Juice Shop room of tryhackme.com. This room is a practical review of the OWASP Top 10 vulnerabilities. This is a base security consideration for those who want to develop web applications.
How and why to use software RAID on Linux?
RAID stands for Redundant Array of Independent Disks. It is used for performance, availability and security reasons. Different virtual and physical storage devices can be combined into logical RAID arrays in different configuration levels (like RAID 0 is striping and RAID 1 is mirroring). The array looks like a single device on the computer. RAID is useful when we want to handle a large amount of data. It enhances speed and increases our storage capacity. The possible data loss because of disk failure is mitigated by adding parity disks to our configuration.
Fixing the “Error connecting…” issue in Kali KeX on WSL (updated: 2023. 01. 12.)
Requirements:
- Kali distro is installed
- KeX is installed
- Kali is WSL version 2
- Coffee is ready for consumption
Time to time the Kali desktop on WSL stops working and spits out the following message:
Error connecting to the KeX server.
Please try "kex start" to start the service.
If the server fails to start, please try "kex kill" or restart your WSL2 session and try again.
Of course the “solution” from the error message does not work.
Continue reading “Fixing the “Error connecting…” issue in Kali KeX on WSL (updated: 2023. 01. 12.)”What is LUKS and how to use it? Let’s encrypt our filesystem on Linux!
LUKS stands for Linux Unified Key Setup. It is an encryption specification that was written for Linux systems in 2004. LUKS is used to encrypt block devices and partitions. This encryption helps to keep our data safe in rest.
Basic NMAP commands survival guide
It is just a quick survival guide to NMAP commands without investigating the rabbit hole of live host discovery, port scanning and firewall evasion techniques.
Continue reading “Basic NMAP commands survival guide”How to install a Debian Linux Penetration Testing machine?
There are excellent Linux distributions for Cyber Security professionals like Kali. They ship all the the bells and whistles that is needed for the tasks. If we want to learn how to put together our own Penetration Testing system we can use a fresh Debian Linux box. I created a small setup from the NetInstall iso starting from the defaults.
Continue reading “How to install a Debian Linux Penetration Testing machine?”Cyber Security landscape 2023
As we just dipped our pinky into 2023 the articles about Cyber Security in 2023 started to pop up on the internet. Some of them are exploring the the field as a career path and others talk about the new threats and vulnerabilities. I will review what I see about these topics.
How to check the accommodation for hidden devices
Here is the winter holiday season and a lot of people travel and use apartments, hotel rooms, AirBNB etc. Hidden cameras and sound recording devices are small and stealthy. There is no way to be 100% sure that our room is not “wired”, but we can look around in the network if we use it and investigate our surroundings.
Continue reading “How to check the accommodation for hidden devices”What is the Logical Volume Manager (LVM) and how to use it?
LVM stands for Logical Volume Manager, it is a tool for file system and disk management on Linux. It can work in different ways like allocating whole devices, but the general usage is putting the LVM on a partition. One of the most common System [Engineer|Administrator] and DevOps interview topic is creating and resizing LVM volumes.
Continue reading “What is the Logical Volume Manager (LVM) and how to use it?”
Tom's IT Cafe 