System Administration & Configuration

Detecting which system manager is running on Linux System

Objective There are multiple system managers which can by possibly running on your Linux system. The current most common system managers are SysV (init), Systemd and Upstart. You may find this short guide to be of use to you, if you are unsure which, system manager is running on your Linux system. Requirements Privileged access to your Linux system is required. Difficulty EASY Conventions
Read More...

How to disable Docker's iptables on Systemd Linux systems

Objective In some cases, it is necessary to disable Docker's IPtables rules to avoid overwriting any existing firewall rules. The following article describes a simple to follow procedure on how to disable disable Docker's IPtables rules on Systemd Linux systems. Requirements Privileged access to your Systemd Linux is required. Difficulty EASY Conventions
Read More...

Test And Recover Your Passwords By Cracking Them With Hashcat

Introduction Hashcat is a robust password cracking tool that can help you recover lost passwords, audit password security, benchmark, or just figure out what data is stored in a hash. There are a number of great password cracking utilities out there, but Hashcat is known for being efficient, powerful, and full featured. Hashcat makes use of GPUs to accelerate hash cracking. GPUs are much better and handling cryptographic work than CPUs are, and they can be utilized in much greater numbers than...
Read More...

Encrypt Your Email With GPG, Thunderbird, and Enigmail

Introduction Encrypting everything online is becoming more important by the day. Email is no different. For Linux users, the process is actually very simple with three common open source tools; Mozilla Thunderbird, Enigmail, and GNU PGP(GPG.) Through the use of these three tools, you can send and receive encrypted messages easily, and protect yourself and the people you're communicating with from attackers and privacy invasions. Gathering The Pieces Install GPG The first thing that you will...
Read More...

How to Securely Transfer Files With SFTP

Introduction Transferring files between computers can be a pain. FTP is somewhat clunky and old, and using online services isn't direct and is less than ideal for handling sensitive files. Git works well for code and text, but isn't the best for binary files and requires a repository to be configured. So, what's a good solution for sending files directly between computers? SFTP. SFTP is a secure file transfer protocol that makes use of SSH to send files between computers. It is encrypted and...
Read More...

Secure your SSH with passwordless connection

Introduction SSH is in essential tool for any Linux user, but many people aren't making the most of its robust capabilities, namely secure logins with keys. SSH key pairs allow you to login much more securely by limiting logins to only those computers that possess an encrypted key that has been paired with the login target. Unlike passwords, these keys can't be guessed, so there's no need to worry about someone trying thousands of passwords to break into your computer or server. No key equals...
Read More...

Ansible installation on CentOS 7 Linux

Objective The following guide describes simple to follow steps on how to install the open-source automation engine Ansible on CentOS Linux. Operating System and Software Versions Operating System: - CentOS 7 Linux Software: - Ansible 2.2 ( EPEL ) & Ansible 2.4 ( Source ) Requirements Privileged access to your CentOS Linux system will be required to perform the Ansible installation. Difficulty MEDIUM Conventions
Read More...

Protect Your Online Privacy With The Tor Browser Bundle

Introduction For anyone looking to protect their privacy online, Tor is an invaluable tool. It is both one of the most reliable ways to hide your identity and one of the easiest to use. There are multiple different ways to use Tor, but the simplest and quickest is the Tor Browser bundle. It is a self-contained Tor installation coupled with a specially configured Firefox installation designed to get you up an running with as few hassles and as little configuration as possible. Despite its...
Read More...

Ansible Installation on Debian 9 Stretch Linux from Source

Objective The following guide describes simple to follow steps on how to install the latest version of the open-source automation engine Ansible. Operating System and Software Versions Operating System: - Debian Stretch 9 Requirements Privileged access to you Debian Linux system will be required. Difficulty EASY Conventions
Read More...

How to perform a faster data compression with pbzip2

Introduction What if you would be able to perform a data compression four times faster, with the same compression ratio as you normally do. Pbzip2 command line utility can easily accomplish this as it gives you an option to select number CPU and amount of RAM to be used during the compression process. Regular tar and bzip2 compression We all know the regular command to perform tar and bzip2 directory compression. The below command will tar and compress our sandbox directory FOOBAR . We are...
Read More...

Manage Vim Plugins With Pathogen

Introduction There's no denying that Vim is awesome on its own. It provides users with unprecedented configuration potential and quick, powerful commands. That said, Vim can get even better with the use of plugins. There are hundreds of plugins that can seriously amp-up your Vim installation. Many of them are tailored for specific uses, like programming in a certain language or even writing. Others are more general and enhance Vim's existing capabilities. Whichever it is that you need, you're...
Read More...

How to install latest Firefox Browser on Debian 9 Stretch Linux

Objective Debian Linux comes with Firefox ESR (Extended Support Release) version, which in some rare scenarios may not adequately fit your needs. The objective is to replace the Debian's default Firefox ESR with the latest bleeding edge Firefox. Operating System and Software Versions Operating System: - Debian 9 Stretch Requirements Privileged access to your Debian Linux system will be required. Difficulty EASY Conventions
Read More...

Tweet From the Linux Command Line With Rainbow Stream

Introduction Rainbow Stream allows you to manage just about every aspect of your Twitter account from the command line. Yes, you did read that right. It's a full featured command line Twitter client written in Python. Chances are, you're falling into one of two camps right about now. If you're in the slightly insane one that thinks this is a good idea, stay tuned. Rainbow Stream actually does provide an simple and intuitive Twitter experience from the Linux command line. Prerequisite Packages...
Read More...

Learn Burp Suite on Kali Linux: Part 4

Introduction It's important to remember that Burp Suite is a software suite, and that's why a whole series was needed to cover even just the basics. Because it is a suite, there are also more tools bundled in that work in conjunction with one another and the proxy that you're already familiar with. These tools can make testing any number of aspects of a web application much simpler. This guide isn't going to go into every tool, and it isn't going into too much depth. Some of the tools in Burp...
Read More...

Learn Burp Suite on Kali Linux: Part 3

Introduction In this third part of the Burp Suite series, you will learn how to actually collect proxied traffic with Burp Suite and use it launch and actual brute force attack. It will run somewhat parallel to our guide on Testing WordPress Logins with Hydra . In this case, though, you will use Burp Suite to gather information on WordPress. The purpose of this guide is to illustrate how the information gathered by Burp Suite's proxy can be used to conduct a penetration test. Do Not use this...
Read More...

Learn Burp Suite on Kali Linux: Part 2

Introduction In this second part of the Burp Suite series you will lean how to use the Burp Suite proxy to collect data from requests from your browser. You will explore how an intercepting proxy works and how to read the request and response data collected by Burp Suite. The third part of the guide will take you through a realistic scenario of how you would use the data collected by the proxy for a real test. There are more tools built in to Burp Suite that you can use the data that you...
Read More...

Learn Burp Suite on Kali Linux: Part 1

Introduction When it comes to testing the security of web applications, you'd have a hard time finding a set of tools better than Burp Suite from Portswigger web security. It allows you to intercept and monitor web traffic along with detailed information about the requests and responses to and from a server. There are way too many features in Burp Suite to cover in just one guide, so this one will be broken down into four parts. This first part will cover setting up Burp Suite and using it as...
Read More...

Test WordPress Logins With Hydra on Kali Linux

Introduction There are web forms all over the Internet. Even sites that don't usually allow regular users to log in probably have an admin area. It's important when running and deploying a site to make sure that the passwords gating access to sensitive controls and admin panels are as secure as possible. There are different ways to attack a web application, but this guide is going to cover using Hydra to perform a brute force attack on a log in form. The target platform of choice is WordPress....
Read More...

SSH Password Testing With Hydra on Kali Linux

Introduction Hail Hydra! Okay, so we're not talking about the Marvel villains here, but we are talking about a tool that can definitely do some damage. Hydra is a popular tool for launching brute force attacks on login credentials. Hydra has options for attacking logins on a variety of different protocols, but in this instance, you will learn about testing the strength of your SSH passwords. SSH is present on any Linux or Unix server and is usually the primary way admins use to access and...
Read More...

Creating Wordlists with Crunch on Kali Linux

Introduction Wordlists are a key part of brute force password attacks. For those readers that aren't familiar, a brute force password attack is an attack in which an attacker uses a script to repeatedly attempt to log into an account until they receive a positive result. Brute force attacks are fairly overt and can cause a properly configured server to lock out an attacker or their IP. This is the point of testing the security of log in systems this way. Your server should ban attackers that...
Read More...