From 295b62921a938c1d768972f9592cf8b4e6244181 Mon Sep 17 00:00:00 2001
From: brofoobar <41891598+brofoobar@users.noreply.github.com>
Date: Sun, 5 Aug 2018 15:39:01 +0000
Subject: [PATCH] Update doc to more QubesOS version agnostic one
---
managing-os/pentesting/kali.md | 162 +++++++++++++++++++++------------
1 file changed, 106 insertions(+), 56 deletions(-)
diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md
index 590203e7..c6bb90c4 100644
--- a/managing-os/pentesting/kali.md
+++ b/managing-os/pentesting/kali.md
@@ -12,7 +12,10 @@ redirect_from:
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
-Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
+- Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
+
+- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template.
+Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial.
How to Create a Kali Linux VM
=============================
@@ -24,10 +27,9 @@ Kali Linux is the most widely used penetration testing Linux distribution.
There are multiple ways to create a Kali Linux VM:
1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
- 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin).
- 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch'
- (Debian 9.0) and turn it into a Kali linux template. Explained
- [here](#templatevm-from-debian).
+ 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution:
+ - using [katoolin]. Explained [here](#katoolin).
+ - manually. Explained [here](#templatevm-from-debian).
Kali Linux HVM
--------------
@@ -38,21 +40,27 @@ Kali Linux HVM
3. Start the HVM with attached CD/DVD
- qvm-start --cdrom :/home/user/Downloads/.iso
+ [user@dom0 ~]$ qvm-start --cdrom :/home/user/Downloads/.iso
Debian based Kali Template with Katoolin
----------------------------------------
-Katoolin is a script (written in Python) which helps you to install Kali tools.
+**Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-` or `@kali`).
-1. (Optional) Install `debian-8` template (if not already installed)
+1. (Optional) Check for latest Debian stable template and install it (if not already done)
-2. Update your `debian-8` template
+ [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
+ [user@dom0 ~]$ sudo qubes-dom0-update
- sudo apt-get update
- sudo apt-get dist-upgrade
+2. Start and update your latest Debian template
-3. Clone `debian-8` template (two options)
+ [user@dom0 ~]$ qvm-start debian-
+ [user@dom0 ~]$ qvm-run -a debian- gnome-terminal
+ [user@debian- ~]$ sudo apt-get update
+ [user@debian- ~]$ sudo apt-get upgrade
+ [user@dom0 ~]$ qvm-shutdown debian-
+
+3. Clone `debian-X` template (two options)
1. Via Qubes VM Manager
@@ -60,31 +68,42 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
2. Via command line
- qvm-clone debian-8 kali
+ [user@dom0 ~]$ qvm-clone debian- kali
-4. Start and upgrade the `kali` Template from Debian 8 to Debian 9
+4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
- sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list
- sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list
- sudo apt-get update
- sudo apt-get dist-upgrade
- sudo apt-get autoremove
+ [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list
+ [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list
+
+ e.g. in this example we update `stretch` stable repository to `buster` testing respository
+
+ [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
+ [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list
-5. Install Katoolin and add Kali Linux repositories
+5. Upgrade `kali` template to latest Debian testing release
+
+ [user@kali ~]$ sudo apt-get update
+ [user@kali ~]$ sudo apt-get dist-upgrade
+ [user@kali ~]$ sudo apt-get autoremove
+
+ **Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed.
+ If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
+
+6. Install Katoolin and add Kali Linux repositories
1. Install Katoolin
- sudo apt-get install git
- git clone https://github.com/LionSec/katoolin.git
- sudo cp katoolin/katoolin.py /usr/bin/katoolin
- sudo chmod +x /usr/bin/katoolin
- rm -rf katoolin
+ [user@kali ~]$ sudo apt-get install git
+ [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git
+ [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin
+ [user@kali ~]$ sudo chmod +x /usr/bin/katoolin
+ [user@kali ~]$ rm -rf katoolin
2. Add Kali Linux repositories
- start katoolin
- sudo katoolin
+ [user@kali ~]$ sudo katoolin
- select 'Add Kali repositories & Update'
@@ -123,30 +142,34 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
What do you want to do ?> ^CShutdown requested...Goodbye...
-6. Clean up and update `kali` template
+7. Clean up and update `kali` template
- sudo apt-get dist-upgrade
- sudo apt-get autoremove
+ [user@kali ~]$ sudo apt-get dist-upgrade
+ [user@kali ~]$ sudo apt-get autoremove
-7. Shutdown and trim `kali` template
+8. Shutdown and trim `kali` template
- Shutdown `kali` template
- sudo shutdown -h now
+ [user@kali ~]$ sudo shutdown -h now
- In `dom0` console:
- qvm-trim-template kali
+ [user@dom0 ~]$ qvm-trim-template kali
-8. Start image
+9. Start image
-9. Install tools
+ [user@dom0 ~]$ qvm-start kali
+
+10. Install tools
+
+ **Note** [Resize the template disk image][qubes-resize-disk-image] to at least 20GB if you plan on installing all packages from Kali distribution.
1. View Categories
- start katoolin
- sudo katoolin
+ [user@kali ~]$ sudo katoolin
- select `2) View Categories`
@@ -156,7 +179,7 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
-10. Create a AppVMs based on the `kali` template
+11. Create a AppVMs based on the `kali` template
- (Optional) Attach necessary devices
@@ -164,16 +187,14 @@ Kali Linux TemplateVM from a Debian template `).
+
1. Retrive the Kali Linux GPG key using a DispVM.
[user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
@@ -202,33 +226,56 @@ access can change this configuration in firewall settings for the TemplateVM.
### Create a Kali Linux (rolling) template ###
-These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Linux.
+These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux.
-**Note:** The prompt on each line indicates where each command should be entered
-(`@dom0`, `@kali-rolling` or `@xxxx-dvm`).
+1. (Optional) Check for latest Debian stable template and install it (if not already done)
-1. Ensure the base template is not running.
+ [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
+ [user@dom0 ~]$ sudo qubes-dom0-update
- [user@dom0 ~]$ qvm-shutdown debian-9
+2. Start and update and close your latest Debian template
-2. Clone the base template and start a terminal in the new template.
+ [user@dom0 ~]$ qvm-start debian-
+ [user@dom0 ~]$ qvm-run -a debian- gnome-terminal
+ [user@debian- ~]$ sudo apt-get update
+ [user@debian- ~]$ sudo apt-get upgrade
+ [user@dom0 ~]$ qvm-shutdown debian-
- [user@dom0 ~]$ qvm-clone debian-9 kali-rolling
- [user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
+3. Clone `debian-X` template
-3. Copy the Kali GPG key from the DispVM to the new template:
+ [user@dom0 ~]$ qvm-clone debian- kali-rolling
+
+4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
+
+ [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list
+ [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list
+
+ e.g. in this example we update `stretch` stable repository to `buster` testing respository
+
+ [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
+ [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list
+
+5. Upgrade `kali-rolling` template to latest Debian testing release
+
+ [user@kali-rolling ~]$ sudo apt-get update
+ [user@kali-rolling ~]$ sudo apt-get dist-upgrade
+ [user@kali-rolling ~]$ sudo apt-get autoremove
+
+**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
+
+6. Copy the Kali GPG key from the DispVM to the new template:
[user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc
The DispVM can now be turned off.
-4. Add the Kali GPG key to the list of keys trusted to authenticate packages:
+7. Add the Kali GPG key to the list of keys trusted to authenticate packages:
[user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
- This command should return `OK` on a line by itself.
+ This command should return `OK` on a line by itself.
-5. Attempt the upgrade process in the new template.
+8. Attempt the upgrade process in the new template.
[user@kali-rolling ~]$ sudo cat < /etc/apt/sources.list.d/kali.list
# Kali Linux repository
@@ -238,12 +285,12 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
[user@kali-rolling ~]$ sudo apt-get autoremove
- 6. Shut down and trim the new template.
+9. Shut down and trim the new template.
[user@dom0 ~]$ qvm-shutdown kali-rolling
[user@dom0 ~]$ qvm-trim-template kali-rolling
- 7. Ensure a terminal can be opened in the new template.
+10. Ensure a terminal can be opened in the new template.
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
@@ -251,7 +298,8 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
At this point you should have a working template and you can install the tools you need.
-1. [resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
+1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution.
+For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
2. Install Kali Linux tools:
@@ -293,3 +341,5 @@ Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes
[katoolin]: https://github.com/LionSec/katoolin
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
+
+[Debian-releases]: https://www.debian.org/releases/