How to backup VMWare Workstation Player machines?

2023-01-242023-01-26 ~ Tom's IT Cafe ~ Leave a comment

The Workstation Player of VMWare is a lightweight and free desktop virtualization hypervisor for non-commercial users. We can learn about virtualization and use it for practicing for free. We can run Windows, Linux and BSD systems on our host machine. The Workstation Player supports Windows and Linux as host for virtualization.

The free solution comes with some limitations. The following technique will let us to take backups or snapshots of our virtual machines. Only use it for personal practice and learning! Business and nonprofit use is considered commercial use!

Continue reading →

How to run multiple instances of the same distro in WSL?

2023-01-242023-01-23 ~ Tom's IT Cafe ~ 2 Comments

Microsoft WSL is a very good technology when we want to run Linux applications on our Windows computer. When we install a distro from the Microsoft Store we can only install one instance of it. But with some work we can have multiple instances of the same distro.

Continue reading →

How to break in web applications using Burp Suite? Real web hacking in practice as a Penetration Tester!

2023-01-232023-04-28 ~ Tom's IT Cafe ~ Leave a comment

The OWASP Top 10 is a standard awareness document that lists the most common weaknesses of modern web applications. Burp Suite will help our application security testing along the Developer Mode of the browser. We will break in to the OWASP Juice Shop, the most modern and sophisticated insecure web shop.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!

2023-01-202023-01-20 ~ Tom's IT Cafe ~ 2 Comments

In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.

In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

TryHackMe | Vulnversity [write-up]

2023-01-192023-01-18 ~ Tom's IT Cafe ~ Leave a comment

Let’s walk through the Vulnversity room of tryhackme.com. This write-up is written for educational purposes. Please do not use it for cheating or skipping the tasks.

Continue reading →

How and why to use software RAID on Linux?

2023-01-132023-01-18 ~ Tom's IT Cafe ~ 2 Comments

RAID stands for Redundant Array of Independent Disks. It is used for performance, availability and security reasons. Different virtual and physical storage devices can be combined into logical RAID arrays in different configuration levels (like RAID 0 is striping and RAID 1 is mirroring). The array looks like a single device on the computer. RAID is useful when we want to handle a large amount of data. It enhances speed and increases our storage capacity. The possible data loss because of disk failure is mitigated by adding parity disks to our configuration.

Continue reading →

Fixing the “Error connecting…” issue in Kali KeX on WSL (updated: 2023. 01. 12.)

2023-01-122023-01-12 ~ Tom's IT Cafe ~ Leave a comment

Requirements:

Kali distro is installed
KeX is installed
Kali is WSL version 2
Coffee is ready for consumption

Time to time the Kali desktop on WSL stops working and spits out the following message:

Error connecting to the KeX server.
Please try "kex start" to start the service.
If the server fails to start, please try "kex kill" or restart your WSL2 session and try again.

Of course the “solution” from the error message does not work.

Continue reading →

What is LUKS and how to use it? Let’s encrypt our filesystem on Linux!

2023-01-102023-01-11 ~ Tom's IT Cafe ~ Leave a comment

LUKS stands for Linux Unified Key Setup. It is an encryption specification that was written for Linux systems in 2004. LUKS is used to encrypt block devices and partitions. This encryption helps to keep our data safe in rest.

Continue reading →

How to check the accommodation for hidden devices

2022-12-302022-12-29 ~ Tom's IT Cafe ~ Leave a comment

Here is the winter holiday season and a lot of people travel and use apartments, hotel rooms, AirBNB etc. Hidden cameras and sound recording devices are small and stealthy. There is no way to be 100% sure that our room is not “wired”, but we can look around in the network if we use it and investigate our surroundings.

Continue reading →

What is the Logical Volume Manager (LVM) and how to use it?

2022-12-22 ~ Tom's IT Cafe ~ Leave a comment

LVM stands for Logical Volume Manager, it is a tool for file system and disk management on Linux. It can work in different ways like allocating whole devices, but the general usage is putting the LVM on a partition. One of the most common System [Engineer|Administrator] and DevOps interview topic is creating and resizing LVM volumes.

Continue reading →

Understanding the Linux Cron and Crontab

2022-12-192022-12-16 ~ Tom's IT Cafe ~ Leave a comment

The UNIX/Linux systems have a powerful tool for scheduling tasks while the computer is running. The daemon that is responsible for initiating the tasks (called cronjobs) is called cron, while the tool that lets us edit the configuration is the crontab. Once we understand the basics of cron we can easily master editing the cron files.

Continue reading →

How to upgrade to Debian Bullseye from Buster in WSL?

2022-12-162022-12-14 ~ Tom's IT Cafe ~ Leave a comment

If we installed a Debian WSL distro on our computer, there is a chance that in 6-9 months a new release will come out. We want to keep our system updated, so a distribution upgrade should happen in our WSL ecosystem.

Continue reading →

Understanding the Linux file permissions

2022-12-152022-12-15 ~ Tom's IT Cafe ~ Leave a comment

Linux supports multiple users and groups on the system to log in, create, modify and delete files and folders. System files and folders must be protected from the ordinary users to avoid accidental deletion or modification. Configuration files can contain sensitive data like passwords and certificates. Our home user directory can contain our private secrets as well. In UNIX/Linux there is a permission and owner/group system in place.

Continue reading →

How to backup and restore a distro on WSL?

2022-12-142022-12-14 ~ Tom's IT Cafe ~ Leave a comment

Backing up and restoring WSL distros are easy! Simply exporting the stopped distro into an archive file works pretty well. The archive can be moved on an external disk or cloud share. Restoring a backup is importing back the generated archive.

Moreover we can add multiple instances of the same distro with exporting then importing it. With this we can have for example three different Debian boxes in WSL.

Continue reading →

How to rename (or backup) a Python virtual environment?

2022-12-132022-12-10 ~ Tom's IT Cafe ~ Leave a comment

I find it much easier to create a venv with the same packages than renaming one. I found magic sed commands and directory traversal scripts, but they did a half work or nothing. I found out that recreating an env is easier and faster.

Continue reading →