From ee4c6a15874bd4d8021cadd99499300a5b113a5c Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Wed, 15 Jun 2016 14:22:46 +0100 Subject: [PATCH 1/9] WORK IN PROGRESS - Updates and cleanups Updated instructions for installing Kali. General cleanups. --- managing-os/kali.md | 166 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 129 insertions(+), 37 deletions(-) diff --git a/managing-os/kali.md b/managing-os/kali.md index 466f4806..cc302a1b 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -7,54 +7,146 @@ permalink: /doc/kali/ How to Create a Kali Linux VM ============================= -This guide is being created to give guidance on ways in which you could implement Kali Pen-Testing distrubution within Qubes-OS. +This guide will explain how to create your own [Kali] Linux VM as a VM +template. The basic idea is to personalize the template with the tools you need +and then spin up isolated appVMs based on the template. -There are multiple ways in which this can be achieved, for example you could create a HVM and use the ISO to install the system straight to that virtual machine. +The steps can be summarised as: + +1. Customize a Debian template with the Kali sources +3. Install the Kali tools +4. Use the template to build appVM so that you can maintain isolation between + e.g. pentesting jobs -Build Based on Debian Template ---- +**IMPORTANT NOTE** Following the instructions below and in particular installing kali-linux-full will **BREAK YOUR VM**. Don't do it. It needs further investigation. The problem is: -1 - Install debian-8 template (if not already installed) - -2 - Clone debian-8 template - -3 - Add kali repo to /etc/apt/sources.list: - - * deb http://http.kali.org/kali kali-rolling main non-free contrib - -4 - Find and add kali signing keys: - - * gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 (this is the key ID I found on Kali web site) - - * gpg --list-keys --with-fingerprint 7D8D0BF6 - - * gpg --export --armor 7D8D0BF6 > kali.asc - - * sudo apt-key add kali.asc - - * sudo apt-key list - -5 - sudo apt-get update - -6 - sudo halt - -7 - backup template (cloned...) - -8 - sudo apt-get apt-get install kali-*** (or similar) --> installs fine but break the template X settings. As mentioned, X packaged need to be masked prior to this, I did not take the time to look-up how to do that... - -9 - Create a appvm from the kali template and attach necessary devices. + * Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-* -Note: +Steps to build a Kali template +------------------------------ -If you do not want to modify the sources.list file and add the signing keys yourself, alternatively you can use KATOOLIN after cloning the Debian Template. Guide on how to use KATOOLIN - http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ +### Get the GPG key + +1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll + build won't have direct internet connectivity unless you enable it from the + firewall: + + # in the dispVM + gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 + gpg --list-keys --with-fingerprint 7D8D0BF6 + gpg --export --armor 7D8D0BF6 > kali.asc + +2. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, + verify the fingerprint through other channels. + +Once you have the key, keep the dispVM on as you'll need to copy the key over +to the Kali template. + +### Customize the template + +1. Install [the debian-8 template] (if not already installed) + +2. Clone the debian template and start a terminal in it: + + # from dom0: + qvm-clone debian-8 kali + +3. Add this line to the `/etc/apt/sources.list` file in the template: + + # in the 'kali' template + sudo -s + echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list + +4. Copy the Kali key from the dispVM into the template: + + # in the dispVM + qvm-copy-to-vm kali kali.asc + + # in the kali template: + sudo -s + cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add - + + The last command should return `OK` on a line by itself. + +5. **Pin the X server** into the preferences file: this prevents Kali to installing + a new X.org server, for which there would be no qubes-tools available: + + # add the following lines to /etc/apt/preferences (you might have to + create it) + + Package: xserver-xorg* + Pin: release a=jessie + Pin-Priority: 900 + + Package: xorg* + Pin: release a=jessie + Pin-Priority: 900 + +5. Update the system: + + sudo apt-get update + +6. Now is a good time to stop the template, clone it and see if restarting it + allows you to run a terminal: + + # from dom0 + qvm-clone kali kali-tools + +### Install the Kali tools + +At this point you should have a working template and you can install the tools you need. + +Don't forget to [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. + +1. Install your tools of choice, for example: + + # in the kali-tools template + sudo apt-get install kali-linux-full + +2. If the update process went well, give it a try: shut down the `kali-tools` + template and create an appVM from it. + +3. When you are happy you can probably remove the `kali` template and its + backup copies; then use only `kali-tools` as a template. + + +Don't forget to back up your appVMs as [audio CDs]. + + +Troubleshooting +--------------- + +If the template doesn't start, give it a peek with the console: + + # from dom0 + sudo xl console kali + + +Installing via third-party scripts: Katoolin +-------------------------------------------- + +If you do not want to modify the `sources.list` file and add the signing keys +yourself, alternatively you can use [KATOOLIN] after cloning the Debian +Template. + +You should probably inspect the script and make sure it does what you want +before trusting it blindly. Alternative Options to Kali ---- +=========================== -PenTester Framework (PTF) + * PenTester Framework: [PTF] + +[kali]: https://www.kali.org/ +[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images. +[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ +[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/ +[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ +[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ +[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ From bf55feeddc374369fcd4c20864bf11951781620f Mon Sep 17 00:00:00 2001 From: Cyril LEVIS Date: Wed, 15 Jun 2016 21:01:14 +0200 Subject: [PATCH 2/9] add apt-get upgrade && apt-get dist-upgrade if not this does not work --- managing-os/kali.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/managing-os/kali.md b/managing-os/kali.md index cc302a1b..565ec3a6 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -88,6 +88,8 @@ to the Kali template. 5. Update the system: sudo apt-get update + sudo apt-get upgrade + sudo apt-get dist-upgrade 6. Now is a good time to stop the template, clone it and see if restarting it allows you to run a terminal: From c366477e8e1a5eb602f4daa61ec61574d41cb393 Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Sat, 18 Jun 2016 00:55:19 +0100 Subject: [PATCH 3/9] Added a few notes. --- managing-os/kali.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/managing-os/kali.md b/managing-os/kali.md index cc302a1b..cd692811 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -141,6 +141,15 @@ Alternative Options to Kali * PenTester Framework: [PTF] +Notes +----- + +Various things tried: + + * Forget about pinning: just dist-upgrade, then download qubes-core-agent, then BACKEND_VMM=xen dpkg-buildpackage -b -uc -us + * Also download requirements for debian bootstrapping from https://wiki.debian.org/BuildingTutorial + * And qubes-kernel-vm-support for vchan (I think) + [kali]: https://www.kali.org/ From 811b0916873261cfda701a2b7acea93b6c259d9f Mon Sep 17 00:00:00 2001 From: Lorenzo G Date: Mon, 9 Jan 2017 22:08:31 +0000 Subject: [PATCH 4/9] updated instructions for Qubes 3.2 --- managing-os/kali.md | 111 ++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 65 deletions(-) diff --git a/managing-os/kali.md b/managing-os/kali.md index f9642428..9b7cbc8f 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -9,37 +9,36 @@ How to Create a Kali Linux VM This guide will explain how to create your own [Kali] Linux VM as a VM template. The basic idea is to personalize the template with the tools you need -and then spin up isolated appVMs based on the template. +and then spin up isolated AppVMs based on the template. + +This has been tested on Qubes OS 3.2. The steps can be summarised as: -1. Customize a Debian template with the Kali sources -3. Install the Kali tools +1. Install Qubes' Debian 8.0 (Jessie) template +2. Upgrade the template to Debian 9.0 (Stretch) +3. Install kali through the ``kali-linux-full`` package 4. Use the template to build appVM so that you can maintain isolation between e.g. pentesting jobs -**IMPORTANT NOTE** Following the instructions below and in particular installing kali-linux-full will **BREAK YOUR VM**. Don't do it. It needs further investigation. The problem is: - - * Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-* - - Steps to build a Kali template ------------------------------ - ### Get the GPG key 1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll build won't have direct internet connectivity unless you enable it from the firewall: - # in the dispVM + # in a dispVM gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 gpg --list-keys --with-fingerprint 7D8D0BF6 gpg --export --armor 7D8D0BF6 > kali.asc -2. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, +2. **DO NOT TURN OFF** the dispVM + +3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, verify the fingerprint through other channels. Once you have the key, keep the dispVM on as you'll need to copy the key over @@ -51,80 +50,65 @@ to the Kali template. 2. Clone the debian template and start a terminal in it: - # from dom0: - qvm-clone debian-8 kali + # in dom0: + qvm-clone debian-8 debian-9 + qvm-run -a debian-9 gnome-terminal -3. Add this line to the `/etc/apt/sources.list` file in the template: + # in the debian-9 template terminal: + # substitute jessie for stretch in + sensible-editor /etc/apt/sources.list + sensible-editor /etc/apt/sources.list.d/qubes-r3.list + apt-get update && apt-get dist-upgrade + # (hat tip: [the Debian wiki]) - # in the 'kali' template + Restart the template when done and make sure you can open a terminal. + +3. Prepare the kali template: + + # in dom0: + qvm-shutdown debian-9 + qvm-clone debian-9 kali-tpl + qvm-run -a kali-tpl gnome-terminal + +3. Add the sources to install Kali linux to the `kali-tpl` template: + + # in kali-tpl: sudo -s echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list 4. Copy the Kali key from the dispVM into the template: - # in the dispVM - qvm-copy-to-vm kali kali.asc + # in the dispVM: + qvm-copy-to-vm kali-tpl kali.asc - # in the kali template: - sudo -s - cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add - + # in kali-tpl: + cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - The last command should return `OK` on a line by itself. -5. **Pin the X server** into the preferences file: this prevents Kali to installing - a new X.org server, for which there would be no qubes-tools available: - - # add the following lines to /etc/apt/preferences (you might have to - create it) - - Package: xserver-xorg* - Pin: release a=jessie - Pin-Priority: 900 - - Package: xorg* - Pin: release a=jessie - Pin-Priority: 900 - 5. Update the system: + # in kali-tpl: sudo apt-get update - sudo apt-get upgrade sudo apt-get dist-upgrade -6. Now is a good time to stop the template, clone it and see if restarting it - allows you to run a terminal: +6. Shut down the `kali-tpl` template: - # from dom0 - qvm-clone kali kali-tools + # in dom0: + qvm-shutdown kali-tpl ### Install the Kali tools At this point you should have a working template and you can install the tools you need. -Don't forget to [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. +1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. -1. Install your tools of choice, for example: +1. Install Kali linux: - # in the kali-tools template + # in kali-tpl: sudo apt-get install kali-linux-full -2. If the update process went well, give it a try: shut down the `kali-tools` - template and create an appVM from it. - -3. When you are happy you can probably remove the `kali` template and its - backup copies; then use only `kali-tools` as a template. - - -Don't forget to back up your appVMs as [audio CDs]. - - -Troubleshooting ---------------- - -If the template doesn't start, give it a peek with the console: - - # from dom0 - sudo xl console kali +2. Enjoy and don't forget to back up your appVMs as [audio CDs]. Installing via third-party scripts: Katoolin @@ -146,12 +130,7 @@ Alternative Options to Kali Notes ----- -Various things tried: - - * Forget about pinning: just dist-upgrade, then download qubes-core-agent, then BACKEND_VMM=xen dpkg-buildpackage -b -uc -us - * Also download requirements for debian bootstrapping from https://wiki.debian.org/BuildingTutorial - * And qubes-kernel-vm-support for vchan (I think) - +Thanks to the people in [the discussion thread]. [kali]: https://www.kali.org/ @@ -161,3 +140,5 @@ Various things tried: [PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ [audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ [resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ +[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates +[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981 From eaa8e21c32c0aa0fe4e4f8311b47ebf6f0c11f33 Mon Sep 17 00:00:00 2001 From: Lorenzo G Date: Mon, 9 Jan 2017 22:48:38 +0000 Subject: [PATCH 5/9] fixed some 'sudo' commands --- managing-os/kali.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/managing-os/kali.md b/managing-os/kali.md index 9b7cbc8f..e0c91ee5 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -56,6 +56,7 @@ to the Kali template. # in the debian-9 template terminal: # substitute jessie for stretch in + sudo -s sensible-editor /etc/apt/sources.list sensible-editor /etc/apt/sources.list.d/qubes-r3.list apt-get update && apt-get dist-upgrade @@ -89,8 +90,8 @@ to the Kali template. 5. Update the system: # in kali-tpl: - sudo apt-get update - sudo apt-get dist-upgrade + sudo -s + apt-get update && apt-get dist-upgrade 6. Shut down the `kali-tpl` template: From 739ccc9cf02cf367b76454949b1a0ece804a06d3 Mon Sep 17 00:00:00 2001 From: Lorenzo G Date: Wed, 11 Jan 2017 10:07:42 +0000 Subject: [PATCH 6/9] incorporated feedback from discussion thread --- managing-os/kali.md | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/managing-os/kali.md b/managing-os/kali.md index e0c91ee5..a3bad26e 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -39,7 +39,7 @@ Steps to build a Kali template 2. **DO NOT TURN OFF** the dispVM 3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, - verify the fingerprint through other channels. + verify the fingerprint through other channels as recommended on that link. Once you have the key, keep the dispVM on as you'll need to copy the key over to the Kali template. @@ -108,25 +108,21 @@ At this point you should have a working template and you can install the tools y # in kali-tpl: sudo apt-get install kali-linux-full + +2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional) + +### Use the template -2. Enjoy and don't forget to back up your appVMs as [audio CDs]. +The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template. -Installing via third-party scripts: Katoolin --------------------------------------------- - -If you do not want to modify the `sources.list` file and add the signing keys -yourself, alternatively you can use [KATOOLIN] after cloning the Debian -Template. - -You should probably inspect the script and make sure it does what you want -before trusting it blindly. - Alternative Options to Kali =========================== - * PenTester Framework: [PTF] + * PenTester Framework: [PTF] ([PTF Qubes OS guide]) + * Black Arch with [BA Qubes OS guide]) + * [KATOOLIN] Notes ----- @@ -137,9 +133,11 @@ Thanks to the people in [the discussion thread]. [kali]: https://www.kali.org/ [kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images. [KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ -[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/ +[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install [PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ [audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ [resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ [the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates [the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981 +[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/ +[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/ From 9403c1fc0c06a9448f958b0c5378fa515f69de06 Mon Sep 17 00:00:00 2001 From: Lorenzo G Date: Wed, 11 Jan 2017 10:16:33 +0000 Subject: [PATCH 7/9] fixed broken link --- managing-os/kali.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/managing-os/kali.md b/managing-os/kali.md index a3bad26e..62c6a310 100644 --- a/managing-os/kali.md +++ b/managing-os/kali.md @@ -46,7 +46,7 @@ to the Kali template. ### Customize the template -1. Install [the debian-8 template] (if not already installed) +1. Install [the debian-8 template] if not already installed 2. Clone the debian template and start a terminal in it: From ba59eef2c959d904f30627fff9055136485eea50 Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Sat, 14 Jan 2017 12:39:59 +0000 Subject: [PATCH 8/9] Merged instructions for kali-template with old page This commit merges the previous instructions for making a Kali VM (which involved the katoolin scripts) with a new set of instructions that involve solely a Debian 9.0 template. --- managing-os/pentesting/kali.md | 214 ++++++++++++++++++++++++--------- 1 file changed, 160 insertions(+), 54 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index 69a6fb0f..f150456e 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -17,14 +17,25 @@ Please keep in mind that using such a VM or VM's based on the template for secur How to Create a Kali Linux VM ============================= -This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS. +This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (Qube) in Qubes OS. Kali Linux is the most widely used penetration testing Linux distribution. -There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution. +There are multiple ways to create a Kali Linux VM: -Kali Linux HVM --------------- + 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm). + 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin). + 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch' + (Debian 9.0) and turn it into a Kali linux template. Explained + [here](#debian-upgrade). + +## Alternative Options to Kali + +- [BlackArch][qubes-blackarch] +- [PenTester Framework (PTF)][qubes-ptf] +- [Pentesting][qubes-pentesting] + +## Kali Linux HVM 1. Download the Kali installation DVD @@ -34,8 +45,9 @@ Kali Linux HVM qvm-start --cdrom :/home/user/Downloads/.iso -Create Debian Based Kali Template ---------------------------------- +## Create Debian Based Kali Template + +Katoolin is a script (written in Python) which helps you to install Kali tools. 1. *(Optional)* Install `debian-8` template (if not already installed) @@ -62,27 +74,7 @@ Create Debian Based Kali Template sudo apt-get dist-upgrade sudo apt-get autoremove - **Note:** From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin). - - Katoolin is a script (written in Python) which helps you to install Kali tools. - -5. *manually* - Add Kali Linux repositories - - 1. Add Kali Linux repositories to `/etc/apt/sources.list` - - deb http://http.kali.org/kali kali-rolling main contrib non-free - deb http://repo.kali.org/kali kali-bleeding-edge main - - 2. Add kali signing key - - - The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/) - - sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6 - sudo apt-get update - - - -6. *katoolin* - Install Katoolin and add Kali Linux repositories +6. Install Katoolin and add Kali Linux repositories 1. Install Katoolin @@ -152,28 +144,7 @@ Create Debian Based Kali Template 9. Start image -10. *manually* - Install tools - - **Warning:** `kali-linux` and `kali-linux-full` does currently not work properly. Please use `Katoolin` or `PTF`. - - 1. List available packages - - sudo apt-cache search kali-linux - - 2. Select and install tools - - - install base system - - sudo apt-get install kali-linux - - - or install all tools - - sudo apt-get install kali-linux-full - - - or select specific (example): - - sudo apt-get install kali-linux-top10 kali-linux-web -11. *katoolin* - Install tools +11. Install tools 1. View Categories @@ -185,7 +156,7 @@ Create Debian Based Kali Template 2. Select the categories/tools you want to install - - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/) + - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu][katoolin-howto]. - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. @@ -193,10 +164,145 @@ Create Debian Based Kali Template - (Optional) Attach necessary devices +## Installing Kali from a Debian template + +This section will explain how to create your own [Kali] Linux VM as a VM +template. The basic idea is to personalize the template with the tools you need +and then spin up isolated AppVMs based on the template. + +This has been tested on Qubes OS 3.2. + +The steps can be summarised as: + +1. Install Qubes' Debian 8.0 (Jessie) template +2. Upgrade the template to Debian 9.0 (Stretch) +3. Install kali through the ``kali-linux-full`` package +4. Use the template to build appVM so that you can maintain isolation between + e.g. pentesting jobs + + +Steps to build a Kali template +------------------------------ + +### Get the GPG key + +1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll + build won't have direct internet connectivity unless you enable it from the + firewall: + + # in a dispVM + gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 + gpg --list-keys --with-fingerprint 7D8D0BF6 + gpg --export --armor 7D8D0BF6 > kali.asc + +2. **DO NOT TURN OFF** the dispVM + +3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, + verify the fingerprint through other channels as recommended on that link. + +Once you have the key, keep the dispVM on as you'll need to copy the key over +to the Kali template. + +### Customize the template + +1. Install [the debian-8 template] if not already installed + +2. Clone the debian template and start a terminal in it: + + # in dom0: + qvm-clone debian-8 debian-9 + qvm-run -a debian-9 gnome-terminal + + # in the debian-9 template terminal: + # substitute jessie for stretch in + sudo -s + sensible-editor /etc/apt/sources.list + sensible-editor /etc/apt/sources.list.d/qubes-r3.list + apt-get update && apt-get dist-upgrade + # (hat tip: [the Debian wiki]) + + Restart the template when done and make sure you can open a terminal. + +3. Prepare the kali template: + + # in dom0: + qvm-shutdown debian-9 + qvm-clone debian-9 kali-tpl + qvm-run -a kali-tpl gnome-terminal + +3. Add the sources to install Kali linux to the `kali-tpl` template: + + # in kali-tpl: + sudo -s + echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list + +4. Copy the Kali key from the dispVM into the template: + + # in the dispVM: + qvm-copy-to-vm kali-tpl kali.asc + + # in kali-tpl: + cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - + + The last command should return `OK` on a line by itself. + +5. Update the system: + + # in kali-tpl: + sudo -s + apt-get update && apt-get dist-upgrade + +6. Shut down the `kali-tpl` template: + + # in dom0: + qvm-shutdown kali-tpl + +### Install the Kali tools + +At this point you should have a working template and you can install the tools you need. + +1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. + +1. Install Kali linux: + + # in kali-tpl: + sudo apt-get install kali-linux-full + +2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional) + +### Use the template + +The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template. + + Alternative Options to Kali ---------------------------- +=========================== -- [BlackArch](/doc/pentesting/blackarch/) -- [PenTester Framework (PTF)](/doc/pentesting/ptf/) -- [Pentesting](/doc/pentesting/) + * PenTester Framework: [PTF] ([PTF Qubes OS guide]) + * Black Arch with [BA Qubes OS guide]) + * [KATOOLIN] + +Notes +----- + +Thanks to the people in [the discussion thread]. + +[qubes-blackarch]: /doc/pentesting/blackarch/ +[qubes-ptf]: /doc/pentesting/ptf/ +[qubes-pentesting]: /doc/pentesting/ + +[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ +[kali]: https://www.kali.org/ +[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images. +[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ +[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install +[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ +[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ +[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ +[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates +[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981 +[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/ +[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/ +[katoolin]: https://github.com/LionSec/katoolin +[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ From dc2a854f8e710dedaa9cf3e7a85a9dfc07fecd5c Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Sat, 14 Jan 2017 12:46:50 +0000 Subject: [PATCH 9/9] Fixed titles, added separators, minor cosmetic changes. --- managing-os/kali.md | 143 -------------------------------------------- 1 file changed, 143 deletions(-) delete mode 100644 managing-os/kali.md diff --git a/managing-os/kali.md b/managing-os/kali.md deleted file mode 100644 index 62c6a310..00000000 --- a/managing-os/kali.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -layout: doc -title: How to create a Kali Linux VM -permalink: /doc/kali/ ---- - -How to Create a Kali Linux VM -============================= - -This guide will explain how to create your own [Kali] Linux VM as a VM -template. The basic idea is to personalize the template with the tools you need -and then spin up isolated AppVMs based on the template. - -This has been tested on Qubes OS 3.2. - -The steps can be summarised as: - -1. Install Qubes' Debian 8.0 (Jessie) template -2. Upgrade the template to Debian 9.0 (Stretch) -3. Install kali through the ``kali-linux-full`` package -4. Use the template to build appVM so that you can maintain isolation between - e.g. pentesting jobs - - -Steps to build a Kali template ------------------------------- - -### Get the GPG key - -1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll - build won't have direct internet connectivity unless you enable it from the - firewall: - - # in a dispVM - gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 - gpg --list-keys --with-fingerprint 7D8D0BF6 - gpg --export --armor 7D8D0BF6 > kali.asc - -2. **DO NOT TURN OFF** the dispVM - -3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, - verify the fingerprint through other channels as recommended on that link. - -Once you have the key, keep the dispVM on as you'll need to copy the key over -to the Kali template. - -### Customize the template - -1. Install [the debian-8 template] if not already installed - -2. Clone the debian template and start a terminal in it: - - # in dom0: - qvm-clone debian-8 debian-9 - qvm-run -a debian-9 gnome-terminal - - # in the debian-9 template terminal: - # substitute jessie for stretch in - sudo -s - sensible-editor /etc/apt/sources.list - sensible-editor /etc/apt/sources.list.d/qubes-r3.list - apt-get update && apt-get dist-upgrade - # (hat tip: [the Debian wiki]) - - Restart the template when done and make sure you can open a terminal. - -3. Prepare the kali template: - - # in dom0: - qvm-shutdown debian-9 - qvm-clone debian-9 kali-tpl - qvm-run -a kali-tpl gnome-terminal - -3. Add the sources to install Kali linux to the `kali-tpl` template: - - # in kali-tpl: - sudo -s - echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list - -4. Copy the Kali key from the dispVM into the template: - - # in the dispVM: - qvm-copy-to-vm kali-tpl kali.asc - - # in kali-tpl: - cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - - - The last command should return `OK` on a line by itself. - -5. Update the system: - - # in kali-tpl: - sudo -s - apt-get update && apt-get dist-upgrade - -6. Shut down the `kali-tpl` template: - - # in dom0: - qvm-shutdown kali-tpl - -### Install the Kali tools - -At this point you should have a working template and you can install the tools you need. - -1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. - -1. Install Kali linux: - - # in kali-tpl: - sudo apt-get install kali-linux-full - -2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional) - -### Use the template - -The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template. - - - -Alternative Options to Kali -=========================== - - * PenTester Framework: [PTF] ([PTF Qubes OS guide]) - * Black Arch with [BA Qubes OS guide]) - * [KATOOLIN] - -Notes ------ - -Thanks to the people in [the discussion thread]. - - -[kali]: https://www.kali.org/ -[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images. -[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ -[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install -[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ -[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ -[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ -[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates -[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981 -[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/ -[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/