Merge branch 'ppiotr3k-patch-1'

This commit is contained in:
Andrew David Wong 2017-10-27 21:27:09 -05:00
commit 5fdb919ccd
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -6,7 +6,7 @@ redirect_from:
- /doc/kali/
---
**General Remainder:**
**General reminder:**
- The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities.
@ -27,15 +27,10 @@ There are multiple ways to create a Kali Linux VM:
2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin).
3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch'
(Debian 9.0) and turn it into a Kali linux template. Explained
[here](#debian-upgrade).
[here](#templatevm-from-debian).
## Alternative Options to Kali
- [BlackArch][qubes-blackarch]
- [PenTester Framework (PTF)][qubes-ptf]
- [Pentesting][qubes-pentesting]
## Kali Linux HVM <a name="hvm"/>
Kali Linux HVM <a name="hvm"/>
--------------
1. Download the Kali installation DVD
@ -45,11 +40,12 @@ There are multiple ways to create a Kali Linux VM:
qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
## Create Debian Based Kali Template <a name="katoolin"/>
Debian based Kali Template with Katoolin <a name="katoolin"/>
----------------------------------------
Katoolin is a script (written in Python) which helps you to install Kali tools.
1. *(Optional)* Install `debian-8` template (if not already installed)
1. (Optional) Install `debian-8` template (if not already installed)
2. Update your `debian-8` template
@ -74,7 +70,7 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
sudo apt-get dist-upgrade
sudo apt-get autoremove
6. Install Katoolin and add Kali Linux repositories
5. Install Katoolin and add Kali Linux repositories
1. Install Katoolin
@ -127,12 +123,12 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
What do you want to do ?> ^CShutdown requested...Goodbye...
7. Clean up and update `kali` template
6. Clean up and update `kali` template
sudo apt-get dist-upgrade
sudo apt-get autoremove
8. Shutdown and trim `kali` template
7. Shutdown and trim `kali` template
- Shutdown `kali` template
@ -142,9 +138,9 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
qvm-trim-template kali
9. Start image
8. Start image
11. Install tools
9. Install tools
1. View Categories
@ -160,15 +156,17 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
12. Create a AppVMs based on the `kali` template
10. Create a AppVMs based on the `kali` template
- (Optional) Attach necessary devices
## Installing Kali from a Debian template <a name="debian-upgrade"/>
Kali Linux TemplateVM from a Debian template <a name="debian-upgrade"/><a name="templatevm-from-debian"/>
--------------------------------------------
This section will explain how to create your own [Kali] Linux VM as a VM
template. The basic idea is to personalize the template with the tools you need
and then spin up isolated AppVMs based on the template.
This section will explain how to create your own [Kali] Linux TemplateVM based
on a Debian 9.0 (Stretch) TemplateVM. The basic idea is to personalize the
template with all the tools needed, and then spin up isolated AppVMs based on
the template.
This has been tested on Qubes OS 3.2.
@ -176,133 +174,122 @@ The steps can be summarised as:
1. Install Qubes' Debian 8.0 (Jessie) template
2. Upgrade the template to Debian 9.0 (Stretch)
3. Install kali through the ``kali-linux-full`` package
4. Use the template to build appVM so that you can maintain isolation between
3. Install Kali Linux through the ``kali-linux-full`` package
4. Use the template to build AppVM so that you can maintain isolation between
e.g. pentesting jobs
### Get Kali Linux GPG key ###
Steps to build a Kali template
------------------------------
**CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures].
This website cannot guarantee that any PGP key you download from the Internet is authentic.
Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint.
### Get the GPG key
This step is required since by (security) default a TemplateVM do not have a
direct Internet connectivity. Users understanding the risks of enabling such
access can change this configuration in firewall settings for the TemplateVM.
1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
build won't have direct internet connectivity unless you enable it from the
firewall:
1. Retrive the Kali Linux GPG key using a DispVM.
# in a dispVM
gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
gpg --list-keys --with-fingerprint 7D8D0BF6
gpg --export --armor 7D8D0BF6 > kali.asc
[user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
[user@xxxx-dvm ~]$ gpg --list-keys --with-fingerprint 7D8D0BF6
[user@xxxx-dvm ~]$ gpg --export --armor 7D8D0BF6 > kali-key.asc
2. **DO NOT TURN OFF** the dispVM
2. **DO NOT TURN OFF** the DispVM, the `kali-key.asc` file will be copied to
the Kali Linux template in a further step.
3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
verify the fingerprint through other channels as recommended on that link.
3. Make sure the key is the authentic Kali key.
See the [Kali website] for further advice and instructions on verification.
Once you have the key, keep the dispVM on as you'll need to copy the key over
to the Kali template.
### Create a Kali Linux (rolling) template ###
### Customize the template
These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Linux.
1. Install [the debian-8 template] if not already installed
**Note:** The prompt on each line indicates where each command should be entered
(`@dom0`, `@kali-rolling` or `@xxxx-dvm`).
2. Clone the debian template and start a terminal in it:
1. Ensure the base template is not running.
# in dom0:
qvm-clone debian-8 debian-9
qvm-run -a debian-9 gnome-terminal
[user@dom0 ~]$ qvm-shutdown debian-9
# in the debian-9 template terminal:
# substitute jessie for stretch in
sudo -s
sensible-editor /etc/apt/sources.list
sensible-editor /etc/apt/sources.list.d/qubes-r3.list
apt-get update && apt-get dist-upgrade
# (hat tip: [the Debian wiki])
2. Clone the base template and start a terminal in the new template.
Restart the template when done and make sure you can open a terminal.
[user@dom0 ~]$ qvm-clone debian-9 kali-rolling
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
3. Prepare the kali template:
3. Copy the Kali GPG key from the DispVM to the new template:
# in dom0:
qvm-shutdown debian-9
qvm-clone debian-9 kali-tpl
qvm-run -a kali-tpl gnome-terminal
[user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc
3. Add the sources to install Kali linux to the `kali-tpl` template:
The DispVM can now be turned off.
# in kali-tpl:
sudo -s
echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
4. Add the Kali GPG key to the list of keys trusted to authenticate packages:
4. Copy the Kali key from the dispVM into the template:
[user@kali-rolling ~]$ /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
# in the dispVM:
qvm-copy-to-vm kali-tpl kali.asc
This command should return `OK` on a line by itself.
# in kali-tpl:
cat /home/user/QubesIncoming/dispXXX/kali.asc | sudo apt-key add -
5. Attempt the upgrade process in the new template.
The last command should return `OK` on a line by itself.
[user@kali-rolling ~]$ sudo cat <<EOF > /etc/apt/sources.list.d/kali.list
# Kali Linux repository
deb http://http.kali.org/kali kali-rolling main non-free contrib
EOF
[user@kali-rolling ~]$ sudo apt-get update
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
[user@kali-rolling ~]$ sudo apt-get autoremove
5. Update the system:
6. Shut down and trim the new template.
# in kali-tpl:
sudo -s
apt-get update && apt-get dist-upgrade
[user@dom0 ~]$ qvm-shutdown kali-rolling
[user@dom0 ~]$ qvm-trim-template kali-rolling
6. Shut down the `kali-tpl` template:
7. Ensure a terminal can be opened in the new template.
# in dom0:
qvm-shutdown kali-tpl
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
### Install the Kali tools
### Install the Kali tools ###
At this point you should have a working template and you can install the tools you need.
1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
1. [resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
1. Install Kali linux:
2. Install Kali Linux tools:
# in kali-tpl:
sudo apt-get install kali-linux-full
[user@kali-rolling ~]$ sudo apt-get install kali-linux-full
2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional)
3. (Optional) Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional)
### Use the template
### Use the template ###
The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template.
The template is ready to be used. You can now spin up AppVMs based on the `kali-rolling` template.
Alternative Options to Kali
===========================
Alternative Options to Kali Linux
---------------------------------
* PenTester Framework: [PTF] ([PTF Qubes OS guide])
* Black Arch with [BA Qubes OS guide])
* [KATOOLIN]
* [PenTester Framework][PTF], with [PTF Qubes OS guide][qubes-ptf]
* BlackArch Linux, with [BA Qubes OS guide][qubes-blackarch]
* [KATOOLIN][katoolin-howto]
* more on the [Penetration Testing page][qubes-pentesting]
Notes
-----
Thanks to the people in [the discussion thread].
Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes-issues/issues/1981).
[qubes-verifying-signatures]: /security/verifying-signatures/
[qubes-pentesting]: /doc/pentesting/
[qubes-blackarch]: /doc/pentesting/blackarch/
[qubes-ptf]: /doc/pentesting/ptf/
[qubes-pentesting]: /doc/pentesting/
[qubes-template-debian-install]: /doc/templates/debian/#install
[qubes-resize-disk-image]: /doc/resize-disk-image/
[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
[kali]: https://www.kali.org/
[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images.
[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install
[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images
[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates
[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981
[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/
[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/
[katoolin]: https://github.com/LionSec/katoolin
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/