Kali Linux Hands on

KALI LINUX Notes

DISCLAIMER:

  • This document contains unedited notes and has not been formally proofread.
  • The information provided in this document is intended to provide a basic understanding of certain technologies.
  • Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
  • Some websites and software may be flagged as malware by antivirus programs.
  • The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
  • The document is not a substitute for professional advice or expert analysis and should not be used as such.
  • The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
  • The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
  • The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
  • The author reserve the right to update or change the information contained in this document at any time without prior notice.

  • Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
  • It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
  • Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
  • It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
  • It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
  • It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.

REFERENCES:

  • https://www.kali.org/tools/
  • https://www.gnu.org/software/grub/manual/grub/html_node/Command_002dline-and-menu-entry-commands.html
  • https://developer-old.gnome.org/NetworkManager/stable/nmcli.html
  • https://forum.greenbone.net/

**************************************************************

##Update the kali with complete Distribution upgrade:

  • sudo apt update
  • sudo apt upgrade
  • sudo apt dist-upgrade -y

**************************************************************

DUAL Boot Kali Linux with Windows


When Windows option is missing from GRUB boot menu after installing Kali Linux as Dual boot, follow below steps

##Run update & upgrade command

Run os-prober

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo os-prober  

    /dev/sda1:Windows

Run update-grub

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo update-grub

Just uncomment the  below command

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo nano /etc/default/grub

    #GRUB_DISABLE_OS_PROBER=false

Once again Run update-grub

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo update-grub

    Generating grub configuration file ...
    done
    Found Windows

Now Just reboot.
┌──(kali㉿kali)-[~]
└─$ reboot


**************************************************************

GVM:

##Run update & upgrade command

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo apt install gvm    

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo gvm-setup

[+] Done

[*] Please note the password for the admin user

[*] User created with password '**********************.

[>] You can now run gvm-check-setup to make sure everything is correctly configured

  • ┌──(kali㉿kali)-[~]
  • └─$ sudo gvm-check-setup 

It seems like your GVM-22.4.1 installation is OK.

  • ┌──(kali㉿kali)-[~]
  • └─$ ss -lnt4 

  • └─$ sudo gvm-start      

[>] Please wait for the GVM services to start.
[>] You might need to refresh your browser once it opens.
[>]  Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
ob for gvmd.service failed because a timeout was exceeded.
See "systemctl status gvmd.service" and "journalctl -xeu gvmd.service" for details.

  • sudo nano /etc/postgresql/15/main/postgresql.conf

How to Update GVM feed

┌──(kali㉿kali)-[~]
└─$ sudo gvm-feed-update 

Verify GVM certificates

┌──(kali㉿kali)-[~]
└─$ gvm-manage-certs -V

**************************************************************

Nessus


To access detailed information, refer to the topic "Scanning with Nessus" within the  Pentesting- Hands-on article.
  • ┌──(kali㉿kali)-[~]
  • └─$ sudo dpkg -i Nessus-10.5.1-debian10_amd64.deb
 - You can start Nessus Scanner by typing /bin/systemctl start nessusd.service
 - Then go to https://kali:8834/ to configure your scanner
Testing/ ***************
  • ┌──(kali㉿kali)-[~]
  • └─$ /bin/systemctl start nessusd.service

**************************************************************

WiFi

Reference : https://developer-old.gnome.org/NetworkManager/stable/nmcli.html

┌──(kali㉿kali)-[~]
└─$ nmcli general                                                
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN   

┌──(kali㉿kali)-[~]
└─$ nmcli connection show
NAME                UUID                                  TYPE      DEVICE  

┌──(kali㉿kali)-[~]
└─$ sudo systemctl restart NetworkManager

┌──(kali㉿kali)-[~]
└─$ nmcli radio wifi off  

┌──(kali㉿kali)-[~]
└─$ nmcli radio wifi on

┌──(kali㉿kali)-[~]

└─$ nmcli device wifi list

Connect to a password-protected wifi network

$ nmcli device wifi connect "$SSID" password "$PASSWORD"

**************************************************************

GREP command

Nmap : using Grep to filter IP addresses

Syntax : cat ip.txt | grep "text to search" | cut -d"" -f 2 | sort | uniq
  • -f is the field  like 2nd string or 11th string and 
  • -d is the delimiter 
  • sort function
  • unique strings only

┌──(kali㉿kali)-[~]
└─$ cat ip.txt | grep -e "Status: Up"                                
Host: 192.168.1.1 ()    Status: Up
Host: 192.168.1.4 ()    Status: Up
Host: 192.168.1.17 ()   Status: Up
Host: 192.168.1.20 ()   Status: Up
Host: 192.168.1.22 ()   Status: Up
Host: 192.168.1.250 ()  Status: Up

┌──(kali㉿kali)-[~]
└─$ nmap -T4 -A 192.168.1.0/24 -oG ip.txt 

┌──(kali㉿kali)-[~]
└─$ cat ip.txt | grep -e "Status: Up" | cut -d " " -f2
192.168.1.1
192.168.1.4
192.168.1.17
192.168.1.20
192.168.1.22
192.168.1.250

How to get URL list from www.website.com/sitemap.html


┌──(kali㉿kali)-[~]
└─$  grep -Po 'http(s?)://[^ \"()\<>]*' gouti1454URL.txt                            
http://www.sitemaps.org/schemas/sitemap/0.9
https://www.gouti1454.com/p/kali-linux-hands-on.html
grep_url_sitemap_01
grep_url_sitemap_01

┌──(kali㉿kali)-[~]
└─$ cat gouti1454URL.txt|  grep -Po 'http(s?)://[^ \"()\<>]*'
http://www.sitemaps.org/schemas/sitemap/0.9
https://www.gouti1454.com/p/kali-linux-hands-on.html
grep_url_sitemap_02
grep_url_sitemap_02


**************************************************************

Configuring VPN to remain anonymous while performing Pentesting:


SOCKS5 get more anonymous identity 

Sudo nano /etc/proxychains4.conf

Just delete the # from dynamic_chain 
Add # on strict_chain

Restarting the network service

┌──(kali㉿kali)-[~]
└─$ sudo nano /etc/NetworkManager/NetworkManager.conf
 manager=true

┌──(kali㉿kali)-[~]
└─$ sudo service NetworkManager restart

Adding open source vpn accounts to kali

┌──(kali㉿kali)-[~]
└─$ sudo apt install network-manager-openvpn -y
└─$ sudo apt install network-manager-pptp -y
sudo apt install network-manager-openvpn -y
sudo apt install network-manager-pptp -y
sudo apt install network-manager-pptp-gnome -y
sudo apt install network-manager-strongswan -y
sudo apt install network-manager-vpnc -y
sudo apt install network-manager-vpnc-gnome -y

Changing MAC address no to get banned, while performing pentest

┌──(kali㉿kali)-[~]
└─$ macchanger --help
┌──(kali㉿kali)-[~]
└─$ macchanger wlan0 -s
┌──(kali㉿kali)-[~]
└─$ sudo macchanger  -r wlan0

**************************************************************

Scanning networks on monitor mode

Placing your wifi network into monitor mode

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

sudo airmon-ng check

Killing the process which will interfere with monitor mode
sudo kill 555
sudo kill 699
sudo airmon-ng check
sudo service NetworkManager restart


Just to check what are the connected devices on the open wifi networks
┌──(kali㉿kali)-[~]
└─$ sudo airodump-ng wlan0 
**************************************************************

Comments

Post a Comment

Popular Posts

Chennai :MTC complaint cell 044-23455858, 9445030516 and 9383337639

MTC  website :  https://mtcbus.tn.gov.in/ Phone : +91 9445030516 / 044 23455888 Route Information : https://mtcbus.tn.gov.in//Home/routewiseinfo Bus timing search : https://mtcbus.tn.gov.in/Home/bustimingsearch Route wise info :https://mtcbus.tn.gov.in/Home/routewiseinfo The Metropolitan Transport Corporation’s (MTC) complaint cell has received over 100 complaints ever since it was upgraded from a 12-hour facility to a 24-hour service.   The numbers — 044-23455858, 9445030516 and 9383337639 — have been functioning as MTC’s helpline for the past couple of years.
Read more

Marriage Registration Online steps [Tamil Nadu]

Marriage Registration Online 1. Hindu Marriage Act 2. TamilNadu Marriage Act Steps To follow 1. Log into :-> https://tnreginet.gov.in/portal/  2. Click on "User Registration"   under " LOGIN " section 3. Now Login with UserID & Password  Hindu Marriage Registration 4. After Log in then select  Home > Marriage Registration > Hindu Marriage Registration 5. Fill in the details     1. Husband details           A.  Details Must be know - District, Taluk, Village and then f rom Drop down select the " street name "         B . if any of the parent is not alive mark the same and produce the death certificate while submitting the application in-person.      2. Wife Details          A. same as above, have all the information to fill in details  3. Witness Options     A. 3 Witness are required as mandate.     B. Select from the Drop down Witness Option s 4. Other Details     A.  Details of person who solemnized - the Priest name           or Any other
Read more

Enable additional Security layer for Logging into: Google, Facebook and Twitter

Image
How to keep your  Accounts safe From online frauds/ hacks.  The most important part is to secure your Login password . There is an additional security step to certify your login. Known as “2-Step Authentication”. Let us go through the steps how enable them, before that you have to download two apps as mentioned below. Download -> “Authenticator” app from Google Play Store. -> “Barcode Scanner” app from Google Play store. Google: Login into account: -> Select “ MY Account ” -> Under “ Sign-in & Security ” -> Under “Signing in to Google” -> Under “ Password & sign-in method ” -> Select “2-Step Verification” -> Click to enable them and flow through the steps provided. -> Open “Authenticator” app, Scan the code and complete the workflow. Twitter: Login into Account -> Select “ Settings and Privacy ” -> Under Security -> “ Select a code generator app ”, follow the steps as followed. -> Open “Authe
Read more

Fraud Practice by JBL India Harman India

Image
 #BoycottJBLSoundIn  #HarmanIndia products for selling poor quality and refusing to service products. Harman India JBL  #RightToRepair Grievance Details : Respected Sir Madam The Product JBL quantum 300 was purchased from Amazon India on 6 Aug 2020 for a price off 4999 rupees and has one year warranty. The Issue with the product, the mike function stopped working from 7 July 2021. The same was issue was raised with JBL customer care india_escalations@harman.com, on 7/10/2021 10:27 AM They have refused to do after sales repair services or replace the product, citing volume button is broken which is present at the side of the headphone. The customer care team has responded with refusal of product replacement and repair. They have provided with 10% discount coupon on purchase of their new product, as a resolution. I'm attaching the invoice, customer care refusal email and JBL headphone photo as references Reference number from customer care Harman International Case 08388082 Respons
Read more

How to get Canadian PR

# Alert : Dont get fooled but consulting agents/ agency. All the forms and paper work has to be done by self and there is no agent is allowed to create Express entry account from Canadian government website. # How to get Canadian PR: ****************** General Info:-  "For PR : only way in is express entry" 1. Express entry profile:  It Has a score called CRS  Calculate your score roughly and if it crosses 450 ( now late 2020 it should be 460-470) then there is a good chance of getting a PR if not to be plain there might be chances but difficult.  2. For express entry profile:  Profile cost is free online gov profile  Eligibility to have a profile;:  IELTS score card (13500₹)  WES : world education system  education credentials to be accredited (15000₹) 3. Website  https://www.cic.gc.ca/english/immigrate/skilled/crs-tool.asp 4. Calculate your score through the above tool link:- Under question 5 give your test results recent within 2 years a yes  Test as IELTS  Score as follow
Read more

Whatsapp privacy check-up May 2023

Image
Whatsapp update May 2023 Whatsapp's privacy check-up features provide users with the ability to review and customize various aspects of their privacy settings. Choose who can contact you Control your personal info Add more privacy to your chats Add more protection to your account Privacy-checkup Choose who can contact you Control your personal info Add more privacy to your chats Add more protection to your account
Read more