From ba59eef2c959d904f30627fff9055136485eea50 Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Sat, 14 Jan 2017 12:39:59 +0000 Subject: [PATCH] Merged instructions for kali-template with old page This commit merges the previous instructions for making a Kali VM (which involved the katoolin scripts) with a new set of instructions that involve solely a Debian 9.0 template. --- managing-os/pentesting/kali.md | 214 ++++++++++++++++++++++++--------- 1 file changed, 160 insertions(+), 54 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index 69a6fb0f..f150456e 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -17,14 +17,25 @@ Please keep in mind that using such a VM or VM's based on the template for secur How to Create a Kali Linux VM ============================= -This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS. +This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (Qube) in Qubes OS. Kali Linux is the most widely used penetration testing Linux distribution. -There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution. +There are multiple ways to create a Kali Linux VM: -Kali Linux HVM --------------- + 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm). + 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin). + 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch' + (Debian 9.0) and turn it into a Kali linux template. Explained + [here](#debian-upgrade). + +## Alternative Options to Kali + +- [BlackArch][qubes-blackarch] +- [PenTester Framework (PTF)][qubes-ptf] +- [Pentesting][qubes-pentesting] + +## Kali Linux HVM 1. Download the Kali installation DVD @@ -34,8 +45,9 @@ Kali Linux HVM qvm-start --cdrom :/home/user/Downloads/.iso -Create Debian Based Kali Template ---------------------------------- +## Create Debian Based Kali Template + +Katoolin is a script (written in Python) which helps you to install Kali tools. 1. *(Optional)* Install `debian-8` template (if not already installed) @@ -62,27 +74,7 @@ Create Debian Based Kali Template sudo apt-get dist-upgrade sudo apt-get autoremove - **Note:** From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin). - - Katoolin is a script (written in Python) which helps you to install Kali tools. - -5. *manually* - Add Kali Linux repositories - - 1. Add Kali Linux repositories to `/etc/apt/sources.list` - - deb http://http.kali.org/kali kali-rolling main contrib non-free - deb http://repo.kali.org/kali kali-bleeding-edge main - - 2. Add kali signing key - - - The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/) - - sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6 - sudo apt-get update - - - -6. *katoolin* - Install Katoolin and add Kali Linux repositories +6. Install Katoolin and add Kali Linux repositories 1. Install Katoolin @@ -152,28 +144,7 @@ Create Debian Based Kali Template 9. Start image -10. *manually* - Install tools - - **Warning:** `kali-linux` and `kali-linux-full` does currently not work properly. Please use `Katoolin` or `PTF`. - - 1. List available packages - - sudo apt-cache search kali-linux - - 2. Select and install tools - - - install base system - - sudo apt-get install kali-linux - - - or install all tools - - sudo apt-get install kali-linux-full - - - or select specific (example): - - sudo apt-get install kali-linux-top10 kali-linux-web -11. *katoolin* - Install tools +11. Install tools 1. View Categories @@ -185,7 +156,7 @@ Create Debian Based Kali Template 2. Select the categories/tools you want to install - - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/) + - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu][katoolin-howto]. - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. @@ -193,10 +164,145 @@ Create Debian Based Kali Template - (Optional) Attach necessary devices +## Installing Kali from a Debian template + +This section will explain how to create your own [Kali] Linux VM as a VM +template. The basic idea is to personalize the template with the tools you need +and then spin up isolated AppVMs based on the template. + +This has been tested on Qubes OS 3.2. + +The steps can be summarised as: + +1. Install Qubes' Debian 8.0 (Jessie) template +2. Upgrade the template to Debian 9.0 (Stretch) +3. Install kali through the ``kali-linux-full`` package +4. Use the template to build appVM so that you can maintain isolation between + e.g. pentesting jobs + + +Steps to build a Kali template +------------------------------ + +### Get the GPG key + +1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll + build won't have direct internet connectivity unless you enable it from the + firewall: + + # in a dispVM + gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 + gpg --list-keys --with-fingerprint 7D8D0BF6 + gpg --export --armor 7D8D0BF6 > kali.asc + +2. **DO NOT TURN OFF** the dispVM + +3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, + verify the fingerprint through other channels as recommended on that link. + +Once you have the key, keep the dispVM on as you'll need to copy the key over +to the Kali template. + +### Customize the template + +1. Install [the debian-8 template] if not already installed + +2. Clone the debian template and start a terminal in it: + + # in dom0: + qvm-clone debian-8 debian-9 + qvm-run -a debian-9 gnome-terminal + + # in the debian-9 template terminal: + # substitute jessie for stretch in + sudo -s + sensible-editor /etc/apt/sources.list + sensible-editor /etc/apt/sources.list.d/qubes-r3.list + apt-get update && apt-get dist-upgrade + # (hat tip: [the Debian wiki]) + + Restart the template when done and make sure you can open a terminal. + +3. Prepare the kali template: + + # in dom0: + qvm-shutdown debian-9 + qvm-clone debian-9 kali-tpl + qvm-run -a kali-tpl gnome-terminal + +3. Add the sources to install Kali linux to the `kali-tpl` template: + + # in kali-tpl: + sudo -s + echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list + +4. Copy the Kali key from the dispVM into the template: + + # in the dispVM: + qvm-copy-to-vm kali-tpl kali.asc + + # in kali-tpl: + cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - + + The last command should return `OK` on a line by itself. + +5. Update the system: + + # in kali-tpl: + sudo -s + apt-get update && apt-get dist-upgrade + +6. Shut down the `kali-tpl` template: + + # in dom0: + qvm-shutdown kali-tpl + +### Install the Kali tools + +At this point you should have a working template and you can install the tools you need. + +1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. + +1. Install Kali linux: + + # in kali-tpl: + sudo apt-get install kali-linux-full + +2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional) + +### Use the template + +The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template. + + Alternative Options to Kali ---------------------------- +=========================== -- [BlackArch](/doc/pentesting/blackarch/) -- [PenTester Framework (PTF)](/doc/pentesting/ptf/) -- [Pentesting](/doc/pentesting/) + * PenTester Framework: [PTF] ([PTF Qubes OS guide]) + * Black Arch with [BA Qubes OS guide]) + * [KATOOLIN] + +Notes +----- + +Thanks to the people in [the discussion thread]. + +[qubes-blackarch]: /doc/pentesting/blackarch/ +[qubes-ptf]: /doc/pentesting/ptf/ +[qubes-pentesting]: /doc/pentesting/ + +[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ +[kali]: https://www.kali.org/ +[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images. +[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ +[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install +[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ +[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ +[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ +[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates +[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981 +[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/ +[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/ +[katoolin]: https://github.com/LionSec/katoolin +[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/