Linux Hands on

Kali/ Raspberry pi/ Pihole+Unbound/ OMV/Docker/ Portainer - Notes


  • This document contains unedited notes and has not been formally proofread.
  • The information provided in this document is intended to provide a basic understanding of certain technologies.
  • Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
  • Some websites and software may be flagged as malware by antivirus programs.
  • The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
  • The document is not a substitute for professional advice or expert analysis and should not be used as such.
  • The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
  • The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
  • The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
  • The author reserve the right to update or change the information contained in this document at any time without prior notice.

  • Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
  • It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
  • Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
  • It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
  • It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
  • It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.




This blog article covers:

  • Kali Linux tools: 
  • It explores the various tools available in Kali Linux, a popular operating system used for cybersecurity and penetration testing.
  • Dual booting Kali Linux with Windows: 
  • It provides a guide on how to install and set up Kali Linux alongside Windows, allowing users to choose between the two operating systems during startup.
  • Building a NAS using Raspberry OS Lite: 
  • It explains the process of creating a Network Attached Storage (NAS) system using Raspberry Pi with the lightweight Raspberry OS Lite operating system.
  • Pihole + unbound
  • It explains how you can set up network-wide ad blocking using your own Linux hardware. The Pi-hole is a DNS sinkhole that helps protect your devices from unwanted content, all without the need to install any software on individual devices.
  • VNC Virtual mode Along with OMV
  • These steps enable you to install a basic virtual desktop environment on a headless Raspberry Pi Lite with OpenMediaVault. This allows you to access the desktop using a VNC viewer.



  • upgrade commands
  • DUAL Boot Kali Linux with Windows
  • GVM
  • Nessus
  • WiFi
  • GREP command
  • Configuring VPN
  • Scanning networks on monitor mode
  • Configuring NAS (Network Attached Storage) on Raspberry Pi
    • Install OMV - openMediaVault
    • Install Plex
    • Setting Up NordVPN
    • Enable Firewall on NAS
    • Installing Pihole
    • How to Change DNS in Kali Linux
  • Setting up VNC Server with OMV on Raspberry Pi Lite (Headless)
  • How to connect from Kali to Raspberry- Pi using  VNC-viewer 


Update the kali with complete Distribution upgrade:

  • sudo apt update
  • sudo apt upgrade
  • sudo apt full-upgrade -y
  • sudo apt dist-upgrade -y
Same on windows equivalent
PS C:\Users> winget.exe upgrade --all --include-unknown

How to Get Hostname and version of linux

  • hostnamectl
  • lsb_release -a
  • cat /etc/os-release

  • external ip address
  • $ curl

Search a command to install from CLI:

:~ $ apt search hwinfo

Sorting... Done                                                                                                                    
Full Text Search... Done                                                                                                          
backupninja/oldstable,oldstable 1.2.1-1 all                                                                                        
  lightweight, extensible meta-backup system                                                                                      
forensics-extra/oldstable,oldstable 2.29 all                                                                                      
  Forensics Environment - extra console components (metapackage)                                                                  
hwinfo/oldstable 21.72-1 arm64                                                                                                    
  Hardware identification system                                                                                                  
libhd-dev/oldstable 21.72-1 arm64
  Hardware identification system library and headers

libhd-doc/oldstable,oldstable 21.72-1 all
  Hardware identification system library documentation

libhd21/oldstable 21.72-1 arm64
  Hardware identification system library

:~ $ sudo apt install hwinfo

Kali Linux : Boot loop error

To enter in to terminal window use :- Ctrl+ALT+F1

  • kali@kali: ls -la

Now check the user under  .Xauthority & .ICEauthority, it should be user:user not as root:root

  • kali@kali: sudo chown kali:kali .Xauthority
  • kali@kali: sudo chown kali:kali .ICEauthority
  • kali@kali: reboot

Now the login should work. 

Mount a Network folder on Linux

  • Sudo apt install cifs-utils
  • sudo mkdir /mnt/nwshare
  • sudo mount -t cifs // /mnt/nwshare
    • prompt to enter the network password. 


DUAL Boot Kali Linux with Windows

When Windows option is missing from GRUB boot menu after installing Kali Linux as Dual boot, follow below steps

##Run update & upgrade command

Run os-prober

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo os-prober  


Run update-grub

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo update-grub

Just uncomment the  below command

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo nano /etc/default/grub


Once again Run update-grub

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo update-grub

    Generating grub configuration file ...
    Found Windows

Now Just reboot.
└─$ reboot


GVM: Greenbone Vulnerability Manager

##Run update & upgrade command

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo apt install gvm    

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo gvm-setup

[+] Done

[*] Please note the password for the admin user

[*] User created with password '**********************.

[>] You can now run gvm-check-setup to make sure everything is correctly configured

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo gvm-check-setup 

It seems like your GVM-22.4.1 installation is OK.

  • ┌──(kali㉿kali)-[~]
  • └─$ ss -lnt4 

  • └─$ sudo gvm-start      

[>] Please wait for the GVM services to start.

[>] You might need to refresh your browser once it opens.
[>]  Web UI (Greenbone Security Assistant):
ob for gvmd.service failed because a timeout was exceeded.
See "systemctl status gvmd.service" and "journalctl -xeu gvmd.service" for details.

  • sudo cat /etc/postgresql/15/main/postgresql.conf

How to change Admin password in GVM: 

└─$ sudo runuser -u _gvm -- gvmd --user=admin --new-password=new-password

How to Update GVM feed

└─$ sudo gvm-feed-update  

Sudo greenbone-feed-sync

Verify GVM certificates

└─$ gvm-manage-certs -V

GVM Report Dashboard

GVM dashboard
GVM dashboard

GVM PostgreSQL Collation Error:

The template database was created using collation version 2.36, but the operating system provides version 2.37

└─$ sudo -u postgres psql                                                

could not change directory to "/home/kali": Permission denied
psql (15.3 (Debian 15.3-0+deb12u1))
Type "help" for help.

postgres=# postgres=# ALTER DATABASE template1 REFRESH COLLATION VERSION;

Note:changing version from 2.36 to 2.37



To access detailed information, refer to the topic "Scanning with Nessus" within the  Pentesting- Hands-on article.

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo dpkg -i Nessus-10.5.1-debian10_amd64.deb
 - You can start Nessus Scanner by typing /bin/systemctl start nessusd.service

 - Then go to https://kali:8834/ to configure your scanner
Testing/ ***************

  • ┌──(kali㉿kali)-[~]
  • └─$ /bin/systemctl start nessusd.service



Reference :

└─$ nmcli general                                                

└─$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE  

└─$ sudo systemctl restart NetworkManager

└─$ nmcli radio wifi off  

└─$ nmcli radio wifi on


└─$ nmcli device wifi list

Connect to a password-protected wifi network

$ nmcli device wifi connect "$SSID" password "$PASSWORD"

sudo systemctl start bluetooth.service


GREP command

Nmap : using Grep to filter IP addresses

Syntax : cat ip.txt | grep "text to search" | cut -d"" -f 2 | sort | uniq

  • -f is the field  like 2nd string or 11th string and 
  • -d is the delimiter 
  • sort function
  • unique strings only

└─$ cat ip.txt | grep -e "Status: Up"                                

  • Host: ()    Status: Up
  • Host: ()    Status: Up
  • Host: ()   Status: Up
  • Host: ()   Status: Up
  • Host: ()   Status: Up
  • Host: ()  Status: Up

└─$ nmap -T4 -A -oG ip.txt 

└─$ cat ip.txt | grep -e "Status: Up" | cut -d " " -f2

How to get URL list from

└─$  grep -Po 'http(s?)://[^ \"()\<>]*' gouti1454URL.txt       


└─$ cat gouti1454URL.txt|  grep -Po 'http(s?)://[^ \"()\<>]*'


How to search the History of commands on linux

history | grep compose

history | grep compose
history | grep compose


Configuring VPN to remain anonymous while performing Pentesting:

SOCKS5 get more anonymous identity 

Sudo nano /etc/proxychains4.conf

Just delete the # from dynamic_chain 
Add # on strict_chain

Restarting the network service

└─$ sudo nano /etc/NetworkManager/NetworkManager.conf

└─$ sudo service NetworkManager restart

Adding open source vpn accounts to kali

└─$ sudo apt install network-manager-openvpn -y
└─$ sudo apt install network-manager-pptp -y
sudo apt install network-manager-openvpn -y
sudo apt install network-manager-pptp -y
sudo apt install network-manager-pptp-gnome -y
sudo apt install network-manager-strongswan -y
sudo apt install network-manager-vpnc -y
sudo apt install network-manager-vpnc-gnome -y

Changing MAC address no to get banned, while performing pentest

└─$ macchanger --help
└─$ macchanger wlan0 -s
└─$ sudo macchanger  -r wlan0


Scanning networks on monitor mode

Placing your wifi network into monitor mode

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

sudo airmon-ng check

Killing the process which will interfere with monitor mode
sudo kill 555
sudo kill 699
sudo airmon-ng check
sudo service NetworkManager restart

Just to check what are the connected devices on the open wifi networks
└─$ sudo airodump-ng wlan0 

Configuring NAS (Network Attached Storage) on Raspberry Pi

    A step-by-step guide on how to install NAS (Network Attached Storage) on a Raspberry Pi. It also explains how to use Openmediavault to create shared folders for easy file sharing. Additionally, the tutorial shows how to set up NordVPN Meshnet to securely access the NAS over the internet.

Step 1: 

  • Raspberry Pi Imager-installer:
    • OS= Raspberry PI OS LITE

    • Storage= select sd card

  • Write:

    • use setting to add wifi network & Enable SSH

    • select  Enable SSH then create the user as "pi" & password.

    • then 

    • Click write

Step 2:

  • Insert the image written SD card 
  • Boot rasp-Pi and get he ip address
    • PC settings- Apps -> Optional Features -> Add on optional features - search for open ssh client & open SSH server
  • from PC terminal type ssh username@
  • ssh pinas@
  • ssh  kali@
    • enter the password used while writing the os.

Step 3:

  • pi@raspberrypi:~ $ 
  • Now Updating then Upgrading rasp-Pi
  • Install OMV - openMediaVault
    • sudo wget -O - | sudo bash

Step 4:

  • Need to configure WiFi after installing OMV
  • sudo omv-firstaid
  • Click on Configure Network interface and set up the SSID and Password

Step 5:
  • Now log into OMV

Login openMediaVault
  • Change in Default Password
  • Storage -> disk
  • Storage -> File System
    • Click New -> file system then select the mounted HDD
OMV-file system
OMV-file system
  • Storage -> Shared folders
    • Click Create ->Shared folder name
  • Services 
    • Enable SMB 
    • Shares - select the share folder created earlier
    • Same enable for NFS
  • Users
    • Edit the password for the users
  • PC
    • Right click and select add network folder 
OpenMediaVault Dashboard - desktop
OpenMediaVault Dashboard - desktop

Remove Shared folders from OMV

  • Delete share folders listings
    • First deleted the shared folders from Services- SMB, then NFS
    • Then,  Storage ->shared files
  • Next edit the config file to eliminate internal error 
  • sudo nano /etc/openmediavault/config.xml
    • search for mntent and remove the tag <mntent> ... </mntent>
  • sudo omv-salt deploy run fstab
  • sudo nano /etc/monit/conf.d/openmediavault-filesystem.conf
    • clear any identical references to dev-disk-by-label-NAME
  • Then reboot
  • Now deploy the changes from OMV

Install Plex

  • sudo apt install apt-transport-https
  • echo deb public main | sudo tee /etc/apt/sources.list.d/plexmediaserver.list
  • curl | sudo apt-key add -
  • sudo apt update
  • sudo apt install plexmediaserver
  • sudo systemctl start plexmediaserver
  • sudo systemctl enable plexmediaserver
  • sudo reboot
  • sudo service plexmediaserver status


  • Next step is to choose
  • Server name
    • Add the created shared folders
  • network settings
    • -> secured connections - preferred
    • -> strict TLS configuration 
  • Access Plex going forward on

Setting Up NordVPN

reference article:

Step 1: Installing Nordvpn on NAS -raspberry pi.

  • sudo su
  • root@pi: sh <(wget -qO -
  • root@pi:nordvpn login --token <paste the token generated from NORDVPN account>
  • root@pi: nordvpn set meshnet on
  • root@pi: nordvpn meshnet peer list

Step 2: 
Installing Nordvpn app on the device, which the NAS can be accessed. 

  • To access OpenMediaVault 
    • Type the meshnet name assigned:
    • eg - http://secret.meerkat-alps.nord/
OMV-via NORD from Mobile
OMV-via NORD from Mobile 

  • To access Plex
    • eg - http://secret.meerkat-alps.nord:32400/
Plex - via NORD from Mobile
Plex - via NORD from Mobile 

  • To access shared drive directly on android

    • File manager -> Network storage -> SMB
    • Add manually
    • nordVPN- IP-address/Shared-Folder-name
    • port 445
    • Allowed User Id /Password

Enable Firewall on NAS

  • sudo apt instal ufw
  • sudo ufw status verbose
    • Status: inactive
  • sudo ufw enable
    • Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
    • Firewall is active and enabled on system startup
  •  sudo ufw status verbose or 
  • sudo ufw status numbered
    • Status: active
    • Logging: on (low)
    • Default: deny (incoming), allow (outgoing), disabled (routed)
  • sudo ufw disable
    • Firewall stopped and disabled on system startup

ufw status verbose
ufw status verbose

Can allow to have SSH tunnel connection to the NAS server and Plex server on port 32400. NordVPN is added by default. 

  • sudo ufw app list

  • sudo ufw allow SSH
  • sudo ufw allow 32400
  • sudo ufw app info SSH

  • sudo ufw allow 'www full'

  • sudo ufw allow nfs
The lsof (list open files) command returns the user processes that are actively using a file system

  • sudo lsof -i -P -n

Plex local connection after firewall
Plex local connection after firewall

  • sudo ufw reload

  • Firewall reloaded
  • sudo ufw show added
  • sudo ufw show listening

Headless Console Font Size

To increase the font size on the console terminal of the headless OS
  • sudo dpkg-reconfigure console-setup
    • UTF-8
    • Guess optimal character set
    • Terminal bold
    • 16*32 framebuffer only

Installing Pihole

    This explains how you can set up network-wide ad blocking using your own Linux hardware. The Pi-hole® is a DNS sinkhole that helps protect your devices from unwanted content, all without the need to install any software on individual devices.

  • Installation 
    • pinas@raspi:~ $ sudo curl -sSL | bash
  • Change Password for web interface
    • pinas@raspi:~ $ pihole -a -p

    In an important step, if port 80 is already being used by another server, the Pi-hole needs to be moved to a different port. This can be done by making changes to the "/etc/lighttpd/lighttpd.conf" file.

  • raspi:~ $ sudo cat /etc/lighttpd/lighttpd.conf
    • server.port                 = 81
    • update the above server port to your choice
  • raspi:~ $ sudo cat /etc/lighttpd/external.conf
    • if required create and add same server.port =81

    In the next step, you need to resolve any DNS conflicts by editing the "/etc/systemd/resolved.conf" file. I want to express my gratitude to YouTube channel "DBTechYT" for providing helpful guidance on resolving this issue, which had been a persistent challenge for over a week.

  • raspi:~ $ sudo systemctl stop systemd-resolved
  • raspi:~ $ sudo nano /etc/systemd/resolved.conf
    •     #Edit the file 
    •     [Resolve]
    •     DNS= # adding values
    •     FallbackDNS= adding values
    •     #Domains=
    •     #LLMNR=yes
    •     #MulticastDNS=yes
    •     #DNSSEC=allow-downgrade
    •     #DNSOverTLS=no
    •     #Cache=yes
    •     #DNSStubListener=yes
    •     #ReadEtcHosts=yes
    •     DNSStubListener=no # To ensure that the system uses the values in this file, you need to add a new line.

  • raspi:~ $ sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    Finally, you need to install Pi-hole with Unbound, and it's important to disable the "resolvconf.conf" entry for Unbound. This step is necessary for Debian Bullseye+ releases.

  • pinas@raspi:~ $ sudo apt install unbound
  • pinas@raspi:~ $ sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
  • pinas@raspi:~ $ sudo service unbound restart
  • pinas@raspi:~ $ dig @ -p 5335
  • pinas@raspi:~ $ systemctl is-active unbound-resolvconf.service
    • active
  • pinas@raspi:~ $ sudo cat /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

    • # Generated by resolvconf

    • forward-zone:
    •         name: "."
    •         forward-addr:
    •         forward-addr:

  • pinas@raspi:~ $ sudo sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf
  • pinas@raspi:~ $ sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
  • pinas@raspi:~ $ sudo service unbound restart

  • raspi:~ $ sudo cat /etc/resolv.conf
    • update the nameserver to pihole and

UFW Firewall Rules:

    If you have enabled the firewall, you can add the port to the allow list by running the command 
When these rules are not added, pi-hole will fail to have any clients other than internal IP's.

  • "sudo ufw allow 81"
ufw stores all rules persistent, so you just need to execute the commands below.
  • ufw allow 80/tcp
  • ufw allow 53/tcp
  • ufw allow 53/udp
  • ufw allow 67/tcp
  • ufw allow 67/udp
  • ufw allow 546:547/udp

OMV           :
Portainer    :!/home
Plex            :!/
Pi-hole        :


How to Change DNS in Kali Linux

└─$ sudo cat /etc/resolv.conf
# Generated by NetworkManager

└─$ sudo nano /etc/resolv.conf
nameserver #pi serverip address

Now the resolv.conf is made as only readable mode.
└─$ sudo chattr +i /etc/resolv.conf

└─$ sudo systemctl restart networking.service

If want to edit the resov.conf file once again :- 
└─$ sudo chattr -i /etc/resolv.conf

Setting up VNC Server with OMV on Raspberry Pi Lite (Headless)

    These steps enable you to install a basic virtual desktop environment on a headless Raspberry Pi Lite with OpenMediaVault. This allows you to access the desktop using a VNC viewer.
  • pi@raspi: sudo raspi-config

  • Select the Interface and enable VNC
enable VNC
enable VNC

Installing VNC server and if required vnc viewer

  • pi@raspi: sudo apt-get install realvnc-vnc-server
  • pi@raspi: sudo apt-get install realvnc-vnc-viewer
  • Starting the service
    • pi@raspi: sudo systemctl start vncserver-x11-serviced.service
  • enabling in boot time
    • pi@raspi: sudo systemctl enable vncserver-x11-serviced.service
  • pi@raspi: sudo systemctl status vncserver
    • if the service doesn't start try to kill any early started services 
  • kill running process if any.
    • pi@raspi: sudo netstat -ptnl | grep vnc
    • pi@raspi: sudo kill 986
    • pi@raspi: sudo kill 1006
  • pi@raspi: sudo systemctl start vncserver
  • pi@raspi: sudo systemctl status vncserver.service
  • pi@raspi: vncserver
    • or vncserver-virtual
    • New desktop is raspberryi:1 (
  • pi@raspi: sudo apt-get dist-upgrade
  • pi@raspi: sudo apt-get clean
  • pi@raspi: sudo apt-get install lxde-core lxappearance
  • pi@raspi: sudo apt-get install xterm
Start VNCviewer and key in the address

VNC viewer
VNC viewer

Vnc Viewer : access denied error 

  • "Access denied error" occurs, follow below steps,  

  • pi@raspi: vncserver-virtual 

    • [Don't use Sudo- root user is not added in "users & permissions" by default under RealVNC server settings]
  • pi@raspi:  sudo systemctl restart vncserver.service
  • pi@raspi: sudo systemctl status vncserver.service

  • Option 1

  • Raspi username and password
  • Option 2

    • where authentication is set to VNC password. [refer image - raspi vnc security settings-on]

    • no username - the user name is greyed out 
    • password - use vnc password - changed in the vnc connect window


    You can install the Chromium browser on the VNC virtual desktop, 

which allows you to perform the same operations as logging into the OMV admin page and Pi-hole admin page.

Chromium browser
Chromium browser 

The VNC virtual desktop on Raspberry Pi with OpenMediaVault (OMV) has a simple interface. It is crucial to avoid installing lightdm as it will uninstall OMV from your Raspberry Pi and cause it to crash.

After a few attempts and some exploration, I was able to find more usable fonts and apps.

  • pi@raspi: sudo apt install xserver-xorg-core
  • pi@raspi: sudo apt install xserver-xorg-video-fbdev
  • pi@raspi: sudo apt install xserver-xorg-input-evdev
  • pi@raspi: sudo apt install xinit xfonts-base lxde

Updated icons themes
Updated icons themes

Now, you may connect to the Raspberry Pi NAS from an Android device using the NordVPN Meshnet IP address without a computer or monitor.

How to connect from Kali to Raspberry- Pi using  VNC-viewer 

└─$ sudo vncviewer

no configured security type is supported by 3.3 vnc viewer 

If you encounter the error mentioned above, you can resolve it by applying the following solution.

raspi VNC security settings-on
raspi VNC security settings-on

  • open the VNC Connect window from above virtual desktop,
  • Click on the hamburger menu
  • Security Tab-> 
  • Encryption = Preferred on 
  • Authentication = VNC password

  • A Pop-up window appears
    • Now click Configure  to key in new Password

    • select the checkbox - Allow connections from legacy VNC viewers.
When attempting to launch VNC Viewer from Kali, the output displayed was as follows: 

└─$ sudo vncviewer
  • password - use vnc password - changed in the vnc connect window
  • Connected to RFB server, using protocol version 3.3
  • Performing standard VNC authentication
  • Password:
  • Authentication successful
  • Desktop name "****************"
  • VNC server default format:
  •   32 bits per pixel.
  •   Least significant byte first in each pixel.
  •   True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
  • Using default colormap which is TrueColor.  Pixel format:
  •   32 bits per pixel.
  •   Least significant byte first in each pixel.
  •   True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0

Kali Vnc-viewer
Kali Vnc-viewer



Popular Posts


Chennai :MTC complaint cell Customer Care No.:+91-9445030516 /Toll Free : 18005991500

Privacy Settings for windows