Kali/ Raspberry pi/ Pihole+Unbound/ OMV/Docker/ Portainer - Notes

DISCLAIMER:

This document contains unedited notes and has not been formally proofread.
The information provided in this document is intended to provide a basic understanding of certain technologies.
Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
Some websites and software may be flagged as malware by antivirus programs.
The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
The document is not a substitute for professional advice or expert analysis and should not be used as such.
The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
The author reserve the right to update or change the information contained in this document at any time without prior notice.

Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.

REFERENCES:

https://www.kali.org/tools/

https://www.gnu.org/software/grub/manual/grub/html_node/Command_002dline-and-menu-entry-commands.html

https://developer-old.gnome.org/NetworkManager/stable/nmcli.html

https://forum.greenbone.net/

https://docs.pi-hole.net/guides/dns/unbound/

**************************************************************

This blog article covers:

Kali Linux tools:

It explores the various tools available in Kali Linux, a popular operating system used for cybersecurity and penetration testing.

Dual booting Kali Linux with Windows:

It provides a guide on how to install and set up Kali Linux alongside Windows, allowing users to choose between the two operating systems during startup.

Building a NAS using Raspberry OS Lite:

It explains the process of creating a Network Attached Storage (NAS) system using Raspberry Pi with the lightweight Raspberry OS Lite operating system.

Pihole + unbound

It explains how you can set up network-wide ad blocking using your own Linux hardware. The Pi-hole is a DNS sinkhole that helps protect your devices from unwanted content, all without the need to install any software on individual devices.

VNC Virtual mode Along with OMV

These steps enable you to install a basic virtual desktop environment on a headless Raspberry Pi Lite with OpenMediaVault. This allows you to access the desktop using a VNC viewer.

**************************************************************

DUAL Boot Kali Linux with Windows

When Windows option is missing from GRUB boot menu after installing Kali Linux as Dual boot, follow below steps

##Run update & upgrade command

Run os-prober

┌──(kali㉿kali)-[~]
└─$ sudo os-prober

/dev/sda1:Windows

Run update-grub

┌──(kali㉿kali)-[~]
└─$ sudo update-grub

Just uncomment the below command

┌──(kali㉿kali)-[~]
└─$ sudo nano /etc/default/grub

#GRUB_DISABLE_OS_PROBER=false

Once again Run update-grub

┌──(kali㉿kali)-[~]
└─$ sudo update-grub

Generating grub configuration file ...
done

Found Windows

Now Just reboot.

┌──(kali㉿kali)-[~]
└─$ reboot

**************************************************************

GVM: Greenbone Vulnerability Manager

##Run update & upgrade command

┌──(kali㉿kali)-[~]
└─$ sudo apt install gvm

┌──(kali㉿kali)-[~]
└─$ sudo gvm-setup

[+] Done

[*] Please note the password for the admin user

[*] User created with password '**********************.

[>] You can now run gvm-check-setup to make sure everything is correctly configured

┌──(kali㉿kali)-[~]
└─$ sudo gvm-check-setup

It seems like your GVM-22.4.1 installation is OK.

┌──(kali㉿kali)-[~]
└─$ ss -lnt4

└─$ sudo gvm-start

[>] Please wait for the GVM services to start.

[>] You might need to refresh your browser once it opens.
[>] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
ob for gvmd.service failed because a timeout was exceeded.
See "systemctl status gvmd.service" and "journalctl -xeu gvmd.service" for details.

sudo cat /etc/postgresql/15/main/postgresql.conf

How to change Admin password in GVM:

┌──(kali㉿kali)-[~]

└─$ sudo runuser -u _gvm -- gvmd --user=admin --new-password=new-password

How to Update GVM feed

┌──(kali㉿kali)-[~]

└─$ sudo gvm-feed-update

Sudo greenbone-feed-sync

Verify GVM certificates

┌──(kali㉿kali)-[~]

└─$ gvm-manage-certs -V

GVM Report Dashboard

GVM dashboard

GVM PostgreSQL Collation Error:

The template database was created using collation version 2.36, but the operating system provides version 2.37

┌──(kali㉿kali)-[~]

└─$ sudo -u postgres psql

could not change directory to "/home/kali": Permission denied

psql (15.3 (Debian 15.3-0+deb12u1))

Type "help" for help.

postgres=# postgres=# ALTER DATABASE template1 REFRESH COLLATION VERSION;

Note:changing version from 2.36 to 2.37

**************************************************************

Nessus

To access detailed information, refer to the topic "Scanning with Nessus" within the Pentesting- Hands-on article.

┌──(kali㉿kali)-[~]
└─$ sudo dpkg -i Nessus-10.5.1-debian10_amd64.deb

- You can start Nessus Scanner by typing /bin/systemctl start nessusd.service

- Then go to https://kali:8834/ to configure your scanner
Testing/ ***************

┌──(kali㉿kali)-[~]
└─$ /bin/systemctl start nessusd.service

**************************************************************

WiFi

Reference : https://developer-old.gnome.org/NetworkManager/stable/nmcli.html

┌──(kali㉿kali)-[~]

└─$ nmcli general

STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN

┌──(kali㉿kali)-[~]

└─$ nmcli connection show

NAME UUID TYPE DEVICE

┌──(kali㉿kali)-[~]

└─$ sudo systemctl restart NetworkManager

┌──(kali㉿kali)-[~]

└─$ nmcli radio wifi off

┌──(kali㉿kali)-[~]

└─$ nmcli radio wifi on

┌──(kali㉿kali)-[~]

└─$ nmcli device wifi list

Connect to a password-protected wifi network

$ nmcli device wifi connect "$SSID" password "$PASSWORD"

Bluetooth:

sudo systemctl start bluetooth.service

**************************************************************

GREP command

Nmap : using Grep to filter IP addresses

Syntax : cat ip.txt | grep "text to search" | cut -d"" -f 2 | sort | uniq

-f is the field like 2nd string or 11th string and

-d is the delimiter

sort function

unique strings only

┌──(kali㉿kali)-[~]

└─$ cat ip.txt | grep -e "Status: Up"

Host: 192.168.1.1 () Status: Up

Host: 192.168.1.4 () Status: Up

Host: 192.168.1.17 () Status: Up

Host: 192.168.1.20 () Status: Up

Host: 192.168.1.22 () Status: Up

Host: 192.168.1.250 () Status: Up

┌──(kali㉿kali)-[~]

└─$ nmap -T4 -A 192.168.1.0/24 -oG ip.txt

┌──(kali㉿kali)-[~]

└─$ cat ip.txt | grep -e "Status: Up" | cut -d " " -f2

192.168.1.1

192.168.1.4

192.168.1.17

192.168.1.20

192.168.1.22

192.168.1.250

How to get URL list from www.website.com/sitemap.html

┌──(kali㉿kali)-[~]

└─$ grep -Po 'http(s?)://[^ \"()\<>]*' gouti1454URL.txt

http://www.sitemaps.org/schemas/sitemap/0.9

https://www.gouti1454.com/p/kali-linux-hands-on.html

grep_url_sitemap_01

┌──(kali㉿kali)-[~]

└─$ cat gouti1454URL.txt| grep -Po 'http(s?)://[^ \"()\<>]*'

http://www.sitemaps.org/schemas/sitemap/0.9

https://www.gouti1454.com/p/kali-linux-hands-on.html

grep_url_sitemap_02

How to search the History of commands on linux

history | grep compose

**************************************************************

Configuring VPN to remain anonymous while performing Pentesting:

SOCKS5 get more anonymous identity

Sudo nano /etc/proxychains4.conf

Just delete the # from dynamic_chain

Add # on strict_chain

Restarting the network service

┌──(kali㉿kali)-[~]

└─$ sudo nano /etc/NetworkManager/NetworkManager.conf

manager=true

┌──(kali㉿kali)-[~]

└─$ sudo service NetworkManager restart

Adding open source vpn accounts to kali

┌──(kali㉿kali)-[~]

└─$ sudo apt install network-manager-openvpn -y

└─$ sudo apt install network-manager-pptp -y

sudo apt install network-manager-openvpn -y

sudo apt install network-manager-pptp -y

sudo apt install network-manager-pptp-gnome -y

sudo apt install network-manager-strongswan -y

sudo apt install network-manager-vpnc -y

sudo apt install network-manager-vpnc-gnome -y

Changing MAC address no to get banned, while performing pentest

┌──(kali㉿kali)-[~]

└─$ macchanger --help

┌──(kali㉿kali)-[~]

└─$ macchanger wlan0 -s

┌──(kali㉿kali)-[~]

└─$ sudo macchanger -r wlan0

**************************************************************

Scanning networks on monitor mode

Placing your wifi network into monitor mode

ifconfig wlan0 down

iwconfig wlan0 mode monitor

ifconfig wlan0 up

sudo airmon-ng check

Killing the process which will interfere with monitor mode

sudo kill 555

sudo kill 699

sudo airmon-ng check

sudo service NetworkManager restart

Just to check what are the connected devices on the open wifi networks

┌──(kali㉿kali)-[~]

└─$ sudo airodump-ng wlan0

**************************************************************

Configuring NAS (Network Attached Storage) on Raspberry Pi

A step-by-step guide on how to install NAS (Network Attached Storage) on a Raspberry Pi. It also explains how to use Openmediavault to create shared folders for easy file sharing. Additionally, the tutorial shows how to set up NordVPN Meshnet to securely access the NAS over the internet.

Step 1:

Raspberry Pi Imager-installer:

OS= Raspberry PI OS LITE

Storage= select sd card

Write:

use setting to add wifi network & Enable SSH

select Enable SSH then create the user as "pi" & password.

then

Click write

Step 2:

Insert the image written SD card

Boot rasp-Pi and get he ip address

PC settings- Apps -> Optional Features -> Add on optional features - search for open ssh client & open SSH server

from PC terminal type ssh username@10.10.0.1
ssh pinas@10.10.1.5
ssh kali@10.10.1.131

enter the password used while writing the os.

Step 3:

pi@raspberrypi:~ $

Now Updating then Upgrading rasp-Pi

Install OMV - openMediaVault

sudo wget -O - https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install | sudo bash

Step 4:

Need to configure WiFi after installing OMV

sudo omv-firstaid

Click on Configure Network interface and set up the SSID and Password

omv-firstaid

Step 5:

Now log into OMV

http://10.10.0.1/#/login

Change in Default Password
Storage -> disk

OMV_Disks

Storage -> File System

Click New -> file system then select the mounted HDD

OMV-file system

Storage -> Shared folders

Click Create ->Shared folder name

Services

Enable SMB
Shares - select the share folder created earlier

Services

Same enable for NFS

Users

Edit the password for the users

Right click and select add network folder

OpenMediaVault Dashboard - desktop

Remove Shared folders from OMV

Delete share folders listings

First deleted the shared folders from Services- SMB, then NFS

Then, Storage ->shared files

Next edit the config file to eliminate internal error

sudo nano /etc/openmediavault/config.xml

search for mntent and remove the tag <mntent> ... </mntent>

sudo omv-salt deploy run fstab

sudo nano /etc/monit/conf.d/openmediavault-filesystem.conf

clear any identical references to dev-disk-by-label-NAME

Then reboot

Now deploy the changes from OMV

Install Plex

sudo apt install apt-transport-https

echo deb https://downloads.plex.tv/repo/deb public main | sudo tee /etc/apt/sources.list.d/plexmediaserver.list

curl https://downloads.plex.tv/plex-keys/PlexSign.key | sudo apt-key add -

sudo apt update

sudo apt install plexmediaserver

sudo systemctl start plexmediaserver

sudo systemctl enable plexmediaserver

sudo reboot

sudo service plexmediaserver status

10.10.1.1:32400/web

Next step is to choose

Server name

Add the created shared folders

network settings

-> secured connections - preferred

-> strict TLS configuration

Access Plex going forward on https://app.plex.tv/desktop/

Setting Up NordVPN

reference article:

https://meshnet.nordvpn.com/how-to/remote-files-media-access/remote-openmediavault-nas

Step 1: Installing Nordvpn on NAS -raspberry pi.

sudo su

root@pi: sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)

root@pi:nordvpn login --token <paste the token generated from NORDVPN account>

root@pi: nordvpn set meshnet on

root@pi: nordvpn meshnet peer list

Step 2:

Installing Nordvpn app on the device, which the NAS can be accessed.

To access OpenMediaVault

Type the meshnet name assigned:

eg - http://secret.meerkat-alps.nord/

OMV-via NORD from Mobile

To access Plex

eg - http://secret.meerkat-alps.nord:32400/

Plex - via NORD from Mobile

To access shared drive directly on android

File manager -> Network storage -> SMB

Add manually

nordVPN- IP-address/Shared-Folder-name

port 445

Allowed User Id /Password

Enable Firewall on NAS

sudo apt instal ufw

sudo ufw status verbose

Status: inactive

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y

Firewall is active and enabled on system startup

sudo ufw status verbose or

sudo ufw status numbered

Status: active

Logging: on (low)

Default: deny (incoming), allow (outgoing), disabled (routed)

sudo ufw disable

Firewall stopped and disabled on system startup

ufw status verbose

Can allow to have SSH tunnel connection to the NAS server and Plex server on port 32400. NordVPN is added by default.

sudo ufw app list

sudo ufw allow SSH

sudo ufw allow 32400

sudo ufw app info SSH

sudo ufw allow 'www full'

sudo ufw allow nfs

The lsof (list open files) command returns the user processes that are actively using a file system

sudo lsof -i -P -n

Plex local connection after firewall

sudo ufw reload

Firewall reloaded

sudo ufw show added

sudo ufw show listening

Headless Console Font Size

To increase the font size on the console terminal of the headless OS

sudo dpkg-reconfigure console-setup

UTF-8

Guess optimal character set

Terminal bold

16*32 framebuffer only

Installing Pihole

This explains how you can set up network-wide ad blocking using your own Linux hardware. The Pi-hole® is a DNS sinkhole that helps protect your devices from unwanted content, all without the need to install any software on individual devices.

Installation

pinas@raspi:~ $ sudo curl -sSL https://install.pi-hole.net | bash

Change Password for web interface

pinas@raspi:~ $ pihole -a -p

In an important step, if port 80 is already being used by another server, the Pi-hole needs to be moved to a different port. This can be done by making changes to the "/etc/lighttpd/lighttpd.conf" file.

raspi:~ $ sudo cat /etc/lighttpd/lighttpd.conf

server.port = 81

update the above server port to your choice

raspi:~ $ sudo cat /etc/lighttpd/external.conf

if required create and add same server.port =81

In the next step, you need to resolve any DNS conflicts by editing the "/etc/systemd/resolved.conf" file. I want to express my gratitude to YouTube channel "DBTechYT" for providing helpful guidance on resolving this issue, which had been a persistent challenge for over a week.

raspi:~ $ sudo systemctl stop systemd-resolved

raspi:~ $ sudo nano /etc/systemd/resolved.conf

#Edit the file

[Resolve]

DNS=1.1.1.1 # adding values

FallbackDNS=1.0.0.1# adding values

#Domains=

#LLMNR=yes

#MulticastDNS=yes

#DNSSEC=allow-downgrade

#DNSOverTLS=no

#Cache=yes

#DNSStubListener=yes

#ReadEtcHosts=yes

DNSStubListener=no # To ensure that the system uses the values in this file, you need to add a new line.

raspi:~ $ sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Finally, you need to install Pi-hole with Unbound, and it's important to disable the "resolvconf.conf" entry for Unbound. This step is necessary for Debian Bullseye+ releases.

https://docs.pi-hole.net/guides/dns/unbound/

pinas@raspi:~ $ sudo apt install unbound

pinas@raspi:~ $ sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

pinas@raspi:~ $ sudo service unbound restart

pinas@raspi:~ $ dig pi-hole.net @127.0.0.1 -p 5335

pinas@raspi:~ $ systemctl is-active unbound-resolvconf.service

active

pinas@raspi:~ $ sudo cat /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

# Generated by resolvconf
forward-zone:
name: "."
forward-addr: 10.10.1.1
forward-addr:

pinas@raspi:~ $ sudo sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf

pinas@raspi:~ $ sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

pinas@raspi:~ $ sudo service unbound restart

raspi:~ $ sudo cat /etc/resolv.conf

update the nameserver to pihole and 1.1.1.1

UFW Firewall Rules:

If you have enabled the firewall, you can add the port to the allow list by running the command

When these rules are not added, pi-hole will fail to have any clients other than internal IP's.

"sudo ufw allow 81"

ufw stores all rules persistent, so you just need to execute the commands below.

https://docs.pi-hole.net/main/prerequisites/

ufw allow 80/tcp
ufw allow 53/tcp
ufw allow 53/udp
ufw allow 67/tcp
ufw allow 67/udp
ufw allow 546:547/udp

OMV : http://10.10.1.5/#/dashboard

Portainer : https://10.10.1.5:9443/#!/home

Plex : http://10.10.1.5:32400/web/index.html#!/

Pi-hole : http://10.10.1.5:81/admin/index.php

Pi-hole

How to Change DNS in Kali Linux

┌──(kali㉿kali)-[~]

└─$ sudo cat /etc/resolv.conf

# Generated by NetworkManager

nameserver 10.0.0.1

┌──(kali㉿kali)-[~]

└─$ sudo nano /etc/resolv.conf

nameserver 10.0.0.5 #pi serverip address

Now the resolv.conf is made as only readable mode.

┌──(kali㉿kali)-[~]

└─$ sudo chattr +i /etc/resolv.conf

┌──(kali㉿kali)-[~]

└─$ sudo systemctl restart networking.service

If want to edit the resov.conf file once again :-

┌──(kali㉿kali)-[~]

└─$ sudo chattr -i /etc/resolv.conf

Setting up VNC Server with OMV on Raspberry Pi Lite (Headless)

These steps enable you to install a basic virtual desktop environment on a headless Raspberry Pi Lite with OpenMediaVault. This allows you to access the desktop using a VNC viewer.

pi@raspi: sudo raspi-config

raspi-config

Select the Interface and enable VNC

enable VNC

Installing VNC server and if required vnc viewer

pi@raspi: sudo apt-get install realvnc-vnc-server

pi@raspi: sudo apt-get install realvnc-vnc-viewer

Starting the service

pi@raspi: sudo systemctl start vncserver-x11-serviced.service

enabling in boot time

pi@raspi: sudo systemctl enable vncserver-x11-serviced.service

pi@raspi: sudo systemctl status vncserver

if the service doesn't start try to kill any early started services

kill running process if any.

pi@raspi: sudo netstat -ptnl | grep vnc

pi@raspi: sudo kill 986

pi@raspi: sudo kill 1006

pi@raspi: sudo systemctl start vncserver

pi@raspi: sudo systemctl status vncserver.service

pi@raspi: vncserver

or vncserver-virtual

New desktop is raspberryi:1 (10.0.0.1:1)

pi@raspi: sudo apt-get dist-upgrade

pi@raspi: sudo apt-get clean

pi@raspi: sudo apt-get install lxde-core lxappearance

pi@raspi: sudo apt-get install xterm

Start VNCviewer and key in the address 10.0.0.1:1

VNC viewer

Vnc Viewer : access denied error

"Access denied error" occurs, follow below steps,

pi@raspi: vncserver-virtual

[Don't use Sudo- root user is not added in "users & permissions" by default under RealVNC server settings]

pi@raspi: sudo systemctl restart vncserver.service

pi@raspi: sudo systemctl status vncserver.service

Option 1

Raspi username and password

Option 2

where authentication is set to VNC password. [refer image - raspi vnc security settings-on]

no username - the user name is greyed out

password - use vnc password - changed in the vnc connect window

You can install the Chromium browser on the VNC virtual desktop,

which allows you to perform the same operations as logging into the OMV admin page and Pi-hole admin page.

Chromium browser

The VNC virtual desktop on Raspberry Pi with OpenMediaVault (OMV) has a simple interface. It is crucial to avoid installing lightdm as it will uninstall OMV from your Raspberry Pi and cause it to crash.

After a few attempts and some exploration, I was able to find more usable fonts and apps.

pi@raspi: sudo apt install xserver-xorg-core

pi@raspi: sudo apt install xserver-xorg-video-fbdev

pi@raspi: sudo apt install xserver-xorg-input-evdev

pi@raspi: sudo apt install xinit xfonts-base lxde

Updated icons themes

Now, you may connect to the Raspberry Pi NAS from an Android device using the NordVPN Meshnet IP address without a computer or monitor.

How to connect from Kali to Raspberry- Pi using VNC-viewer

┌──(kali㉿kali)-[~]

└─$ sudo vncviewer 10.0.0.1:1

no configured security type is supported by 3.3 vnc viewer

If you encounter the error mentioned above, you can resolve it by applying the following solution.

raspi VNC security settings-on

open the VNC Connect window from above virtual desktop,

Click on the hamburger menu

Security Tab->

Encryption = Preferred on

Authentication = VNC password

A Pop-up window appears

Now click Configure to key in new Password

select the checkbox - Allow connections from legacy VNC viewers.

When attempting to launch VNC Viewer from Kali, the output displayed was as follows:

┌──(kali㉿kali)-[~]

└─$ sudo vncviewer 10.0.0.1:1

password - use vnc password - changed in the vnc connect window

Connected to RFB server, using protocol version 3.3
Performing standard VNC authentication
Password:
Authentication successful
Desktop name "****************"
VNC server default format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Using default colormap which is TrueColor. Pixel format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0

Kali Vnc-viewer

**************************************************************

Featured Post

Linux Hands on

Kali/ Raspberry pi/ Pihole+Unbound/ OMV/Docker/ Portainer - Notes

DISCLAIMER:

REFERENCES:

This blog article covers:

**************************************************************

Contents:

Update the kali with complete Distribution upgrade:

How to Get Hostname and version of linux

Kali Linux : Boot loop error

DUAL Boot Kali Linux with Windows

GVM: Greenbone Vulnerability Manager

How to change Admin password in GVM:

How to Update GVM feed

Verify GVM certificates

GVM PostgreSQL Collation Error:

Nessus

WiFi

GREP command

Configuring VPN to remain anonymous while performing Pentesting:

Restarting the network service

Adding open source vpn accounts to kali

Changing MAC address no to get banned, while performing pentest

Scanning networks on monitor mode

Configuring NAS (Network Attached Storage) on Raspberry Pi

Remove Shared folders from OMV

Install Plex

Setting Up NordVPN

Enable Firewall on NAS

Headless Console Font Size

Installing Pihole

UFW Firewall Rules:

How to Change DNS in Kali Linux

Setting up VNC Server with OMV on Raspberry Pi Lite (Headless)

Installing VNC server and if required vnc viewer

Vnc Viewer : access denied error

You can install the Chromium browser on the VNC virtual desktop,

How to connect from Kali to Raspberry- Pi using VNC-viewer

Comments

Post a Comment

Popular Posts