From 295b62921a938c1d768972f9592cf8b4e6244181 Mon Sep 17 00:00:00 2001 From: brofoobar <41891598+brofoobar@users.noreply.github.com> Date: Sun, 5 Aug 2018 15:39:01 +0000 Subject: [PATCH 1/4] Update doc to more QubesOS version agnostic one --- managing-os/pentesting/kali.md | 162 +++++++++++++++++++++------------ 1 file changed, 106 insertions(+), 56 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index 590203e7..c6bb90c4 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -12,7 +12,10 @@ redirect_from: - Adding additional repositories or tools for installing software extends your trust to those tool providers. -Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. +- Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. + +- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. +Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. How to Create a Kali Linux VM ============================= @@ -24,10 +27,9 @@ Kali Linux is the most widely used penetration testing Linux distribution. There are multiple ways to create a Kali Linux VM: 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm). - 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin). - 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch' - (Debian 9.0) and turn it into a Kali linux template. Explained - [here](#templatevm-from-debian). + 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: + - using [katoolin]. Explained [here](#katoolin). + - manually. Explained [here](#templatevm-from-debian). Kali Linux HVM -------------- @@ -38,21 +40,27 @@ Kali Linux HVM 3. Start the HVM with attached CD/DVD - qvm-start --cdrom :/home/user/Downloads/.iso + [user@dom0 ~]$ qvm-start --cdrom :/home/user/Downloads/.iso Debian based Kali Template with Katoolin ---------------------------------------- -Katoolin is a script (written in Python) which helps you to install Kali tools. +**Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-` or `@kali`). -1. (Optional) Install `debian-8` template (if not already installed) +1. (Optional) Check for latest Debian stable template and install it (if not already done) -2. Update your `debian-8` template + [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian + [user@dom0 ~]$ sudo qubes-dom0-update - sudo apt-get update - sudo apt-get dist-upgrade +2. Start and update your latest Debian template -3. Clone `debian-8` template (two options) + [user@dom0 ~]$ qvm-start debian- + [user@dom0 ~]$ qvm-run -a debian- gnome-terminal + [user@debian- ~]$ sudo apt-get update + [user@debian- ~]$ sudo apt-get upgrade + [user@dom0 ~]$ qvm-shutdown debian- + +3. Clone `debian-X` template (two options) 1. Via Qubes VM Manager @@ -60,31 +68,42 @@ Katoolin is a script (written in Python) which helps you to install Kali tools. 2. Via command line - qvm-clone debian-8 kali + [user@dom0 ~]$ qvm-clone debian- kali -4. Start and upgrade the `kali` Template from Debian 8 to Debian 9 +4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state - sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list - sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list - sudo apt-get update - sudo apt-get dist-upgrade - sudo apt-get autoremove + [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list + [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list + + e.g. in this example we update `stretch` stable repository to `buster` testing respository + + [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list + [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list -5. Install Katoolin and add Kali Linux repositories +5. Upgrade `kali` template to latest Debian testing release + + [user@kali ~]$ sudo apt-get update + [user@kali ~]$ sudo apt-get dist-upgrade + [user@kali ~]$ sudo apt-get autoremove + + **Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. + If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first. + +6. Install Katoolin and add Kali Linux repositories 1. Install Katoolin - sudo apt-get install git - git clone https://github.com/LionSec/katoolin.git - sudo cp katoolin/katoolin.py /usr/bin/katoolin - sudo chmod +x /usr/bin/katoolin - rm -rf katoolin + [user@kali ~]$ sudo apt-get install git + [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git + [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin + [user@kali ~]$ sudo chmod +x /usr/bin/katoolin + [user@kali ~]$ rm -rf katoolin 2. Add Kali Linux repositories - start katoolin - sudo katoolin + [user@kali ~]$ sudo katoolin - select 'Add Kali repositories & Update' @@ -123,30 +142,34 @@ Katoolin is a script (written in Python) which helps you to install Kali tools. What do you want to do ?> ^CShutdown requested...Goodbye... -6. Clean up and update `kali` template +7. Clean up and update `kali` template - sudo apt-get dist-upgrade - sudo apt-get autoremove + [user@kali ~]$ sudo apt-get dist-upgrade + [user@kali ~]$ sudo apt-get autoremove -7. Shutdown and trim `kali` template +8. Shutdown and trim `kali` template - Shutdown `kali` template - sudo shutdown -h now + [user@kali ~]$ sudo shutdown -h now - In `dom0` console: - qvm-trim-template kali + [user@dom0 ~]$ qvm-trim-template kali -8. Start image +9. Start image -9. Install tools + [user@dom0 ~]$ qvm-start kali + +10. Install tools + + **Note** [Resize the template disk image][qubes-resize-disk-image] to at least 20GB if you plan on installing all packages from Kali distribution. 1. View Categories - start katoolin - sudo katoolin + [user@kali ~]$ sudo katoolin - select `2) View Categories` @@ -156,7 +179,7 @@ Katoolin is a script (written in Python) which helps you to install Kali tools. - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. -10. Create a AppVMs based on the `kali` template +11. Create a AppVMs based on the `kali` template - (Optional) Attach necessary devices @@ -164,16 +187,14 @@ Kali Linux TemplateVM from a Debian template `). + 1. Retrive the Kali Linux GPG key using a DispVM. [user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 @@ -202,33 +226,56 @@ access can change this configuration in firewall settings for the TemplateVM. ### Create a Kali Linux (rolling) template ### -These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Linux. +These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux. -**Note:** The prompt on each line indicates where each command should be entered -(`@dom0`, `@kali-rolling` or `@xxxx-dvm`). +1. (Optional) Check for latest Debian stable template and install it (if not already done) -1. Ensure the base template is not running. + [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian + [user@dom0 ~]$ sudo qubes-dom0-update - [user@dom0 ~]$ qvm-shutdown debian-9 +2. Start and update and close your latest Debian template -2. Clone the base template and start a terminal in the new template. + [user@dom0 ~]$ qvm-start debian- + [user@dom0 ~]$ qvm-run -a debian- gnome-terminal + [user@debian- ~]$ sudo apt-get update + [user@debian- ~]$ sudo apt-get upgrade + [user@dom0 ~]$ qvm-shutdown debian- - [user@dom0 ~]$ qvm-clone debian-9 kali-rolling - [user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal +3. Clone `debian-X` template -3. Copy the Kali GPG key from the DispVM to the new template: + [user@dom0 ~]$ qvm-clone debian- kali-rolling + +4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state + + [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list + [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list + + e.g. in this example we update `stretch` stable repository to `buster` testing respository + + [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list + [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list + +5. Upgrade `kali-rolling` template to latest Debian testing release + + [user@kali-rolling ~]$ sudo apt-get update + [user@kali-rolling ~]$ sudo apt-get dist-upgrade + [user@kali-rolling ~]$ sudo apt-get autoremove + +**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first. + +6. Copy the Kali GPG key from the DispVM to the new template: [user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc The DispVM can now be turned off. -4. Add the Kali GPG key to the list of keys trusted to authenticate packages: +7. Add the Kali GPG key to the list of keys trusted to authenticate packages: [user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - - This command should return `OK` on a line by itself. + This command should return `OK` on a line by itself. -5. Attempt the upgrade process in the new template. +8. Attempt the upgrade process in the new template. [user@kali-rolling ~]$ sudo cat < /etc/apt/sources.list.d/kali.list # Kali Linux repository @@ -238,12 +285,12 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li [user@kali-rolling ~]$ sudo apt-get dist-upgrade [user@kali-rolling ~]$ sudo apt-get autoremove - 6. Shut down and trim the new template. +9. Shut down and trim the new template. [user@dom0 ~]$ qvm-shutdown kali-rolling [user@dom0 ~]$ qvm-trim-template kali-rolling - 7. Ensure a terminal can be opened in the new template. +10. Ensure a terminal can be opened in the new template. [user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal @@ -251,7 +298,8 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li At this point you should have a working template and you can install the tools you need. -1. [resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. +1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. +For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. 2. Install Kali Linux tools: @@ -293,3 +341,5 @@ Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes [katoolin]: https://github.com/LionSec/katoolin [katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ + +[Debian-releases]: https://www.debian.org/releases/ From 28ce130b75ba42a3bd97aae3e392401cccde221a Mon Sep 17 00:00:00 2001 From: brofoobar <41891598+brofoobar@users.noreply.github.com> Date: Sun, 5 Aug 2018 16:50:32 +0000 Subject: [PATCH 2/4] Update kali.md --- managing-os/pentesting/kali.md | 40 ++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index c6bb90c4..376b1a73 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -14,8 +14,7 @@ redirect_from: - Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. -- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. -Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. +- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. How to Create a Kali Linux VM ============================= @@ -52,7 +51,7 @@ Debian based Kali Template with Katoolin [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian [user@dom0 ~]$ sudo qubes-dom0-update -2. Start and update your latest Debian template +2. Start, update and close your latest Debian template [user@dom0 ~]$ qvm-start debian- [user@dom0 ~]$ qvm-run -a debian- gnome-terminal @@ -60,7 +59,7 @@ Debian based Kali Template with Katoolin [user@debian- ~]$ sudo apt-get upgrade [user@dom0 ~]$ qvm-shutdown debian- -3. Clone `debian-X` template (two options) +3. Clone `debian-` template (two options) 1. Via Qubes VM Manager @@ -68,9 +67,9 @@ Debian based Kali Template with Katoolin 2. Via command line - [user@dom0 ~]$ qvm-clone debian- kali + [user@dom0 ~]$ qvm-clone debian- kali -4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state +4. Check name of testing [Debian release][Debian-releases] and update repository list to reflect current state [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list @@ -93,11 +92,11 @@ Debian based Kali Template with Katoolin 1. Install Katoolin - [user@kali ~]$ sudo apt-get install git - [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git - [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin - [user@kali ~]$ sudo chmod +x /usr/bin/katoolin - [user@kali ~]$ rm -rf katoolin + [user@kali ~]$ sudo apt-get install git + [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git + [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin + [user@kali ~]$ sudo chmod +x /usr/bin/katoolin + [user@kali ~]$ rm -rf katoolin 2. Add Kali Linux repositories @@ -153,6 +152,7 @@ Debian based Kali Template with Katoolin [user@kali ~]$ sudo shutdown -h now + **QubesOS 3.2 only** - In `dom0` console: [user@dom0 ~]$ qvm-trim-template kali @@ -233,7 +233,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian [user@dom0 ~]$ sudo qubes-dom0-update -2. Start and update and close your latest Debian template +2. Start, update and close your latest Debian template [user@dom0 ~]$ qvm-start debian- [user@dom0 ~]$ qvm-run -a debian- gnome-terminal @@ -245,7 +245,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu [user@dom0 ~]$ qvm-clone debian- kali-rolling -4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state +4. Check name of testing [Debian release][Debian-releases] and update repository list to reflect current state [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list @@ -265,8 +265,14 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu 6. Copy the Kali GPG key from the DispVM to the new template: + **QubesOS 3.2** + [user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc - + + **QubesOS 4.0** + + [user@xxxx-dvm ~]$ qvm-copy kali-key.asc + The DispVM can now be turned off. 7. Add the Kali GPG key to the list of keys trusted to authenticate packages: @@ -288,6 +294,9 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu 9. Shut down and trim the new template. [user@dom0 ~]$ qvm-shutdown kali-rolling + + **QubesOS 3.2 only** + [user@dom0 ~]$ qvm-trim-template kali-rolling 10. Ensure a terminal can be opened in the new template. @@ -298,8 +307,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu At this point you should have a working template and you can install the tools you need. -1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. -For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. +1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. 2. Install Kali Linux tools: From 29147119d6e893a4abc866acac780f6b99b8969c Mon Sep 17 00:00:00 2001 From: brofoobar <41891598+brofoobar@users.noreply.github.com> Date: Sun, 12 Aug 2018 19:28:51 +0000 Subject: [PATCH 3/4] Update kali.md Document divided into parts according to https://www.qubes-os.org/doc/doc-guidelines/#version-specific-documentation --- managing-os/pentesting/kali.md | 310 +++++++++++++++++++++++++++++++-- 1 file changed, 291 insertions(+), 19 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index 376b1a73..aeb725ae 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -16,8 +16,12 @@ redirect_from: - Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. + +Qubes 3.2 +========= + How to Create a Kali Linux VM -============================= +----------------------------- This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (qube) in Qubes OS. @@ -25,12 +29,12 @@ Kali Linux is the most widely used penetration testing Linux distribution. There are multiple ways to create a Kali Linux VM: - 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm). + 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm3_2). 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: - - using [katoolin]. Explained [here](#katoolin). - - manually. Explained [here](#templatevm-from-debian). + - using [katoolin]. Explained [here](#katoolin3_2). + - manually. Explained [here](#templatevm-from-debian3_2). -Kali Linux HVM +Kali Linux HVM -------------- 1. Download the Kali installation DVD @@ -41,7 +45,7 @@ Kali Linux HVM [user@dom0 ~]$ qvm-start --cdrom :/home/user/Downloads/.iso -Debian based Kali Template with Katoolin +Debian based Kali Template with Katoolin ---------------------------------------- **Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-` or `@kali`). @@ -69,7 +73,7 @@ Debian based Kali Template with Katoolin [user@dom0 ~]$ qvm-clone debian- kali -4. Check name of testing [Debian release][Debian-releases] and update repository list to reflect current state +4. Check the name of currently used repository in `/etc/apt/sources.list` and current testing [Debian release][Debian-releases]. Update repository list accordingly [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list @@ -152,7 +156,6 @@ Debian based Kali Template with Katoolin [user@kali ~]$ sudo shutdown -h now - **QubesOS 3.2 only** - In `dom0` console: [user@dom0 ~]$ qvm-trim-template kali @@ -183,7 +186,7 @@ Debian based Kali Template with Katoolin - (Optional) Attach necessary devices -Kali Linux TemplateVM from a Debian template +Kali Linux TemplateVM from a Debian template -------------------------------------------- This section will explain how to create your own [Kali] Linux TemplateVM based @@ -245,7 +248,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu [user@dom0 ~]$ qvm-clone debian- kali-rolling -4. Check name of testing [Debian release][Debian-releases] and update repository list to reflect current state +4. Check the name of currently used repository in `/etc/apt/sources.list` and current testing [Debian release][Debian-releases]. Update repository list accordingly [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list @@ -265,13 +268,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu 6. Copy the Kali GPG key from the DispVM to the new template: - **QubesOS 3.2** - [user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc - - **QubesOS 4.0** - - [user@xxxx-dvm ~]$ qvm-copy kali-key.asc The DispVM can now be turned off. @@ -294,9 +291,6 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu 9. Shut down and trim the new template. [user@dom0 ~]$ qvm-shutdown kali-rolling - - **QubesOS 3.2 only** - [user@dom0 ~]$ qvm-trim-template kali-rolling 10. Ensure a terminal can be opened in the new template. @@ -320,6 +314,283 @@ At this point you should have a working template and you can install the tools y The template is ready to be used. You can now spin up AppVMs based on the `kali-rolling` template. +Qubes 4.0 +========= + +How to Create a Kali Linux VM +----------------------------- + +This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (qube) in Qubes OS. + +Kali Linux is the most widely used penetration testing Linux distribution. + +There are multiple ways to create a Kali Linux VM: + + 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm4_0). + 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: + - using [katoolin]. Explained [here](#katoolin4_0). + - manually. Explained [here](#templatevm-from-debian4_0). + +Kali Linux HVM +-------------- + +1. Download the Kali installation DVD + +2. Create a new HVM + +3. Start the HVM with attached CD/DVD + + [user@dom0 ~]$ qvm-start --cdrom :/home/user/Downloads/.iso + +Debian based Kali Template with Katoolin +---------------------------------------- + +**Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-` or `@kali`). + +1. (Optional) Check for latest Debian stable template and install it (if not already done) + + [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian + [user@dom0 ~]$ sudo qubes-dom0-update + +2. Start, update and close your latest Debian template + + [user@dom0 ~]$ qvm-start debian- + [user@dom0 ~]$ qvm-run -a debian- gnome-terminal + [user@debian- ~]$ sudo apt-get update + [user@debian- ~]$ sudo apt-get upgrade + [user@dom0 ~]$ qvm-shutdown debian- + +3. Clone `debian-` template (two options) + + 1. Via Qubes VM Manager + + ![Clone Debian Template](/attachment/wiki/Kali/clone-kali.png) + + 2. Via command line + + [user@dom0 ~]$ qvm-clone debian- kali + +4. Check the name of currently used repository in `/etc/apt/sources.list` and current testing [Debian release][Debian-releases]. Update repository list accordingly. + + [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list + [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list + + e.g. in this example we update `stretch` stable repository to `buster` testing respository + + [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list + [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list + +5. Upgrade `kali` template to latest Debian testing release + + [user@kali ~]$ sudo apt-get update + [user@kali ~]$ sudo apt-get dist-upgrade + [user@kali ~]$ sudo apt-get autoremove + + **Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. + If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first. + +6. Install Katoolin and add Kali Linux repositories + + 1. Install Katoolin + + [user@kali ~]$ sudo apt-get install git + [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git + [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin + [user@kali ~]$ sudo chmod +x /usr/bin/katoolin + [user@kali ~]$ rm -rf katoolin + + 2. Add Kali Linux repositories + + - start katoolin + + [user@kali ~]$ sudo katoolin + + - select 'Add Kali repositories & Update' + + 1) Add Kali repositories & Update + 2) View Categories + 3) Install classicmenu indicator + 4) Install Kali menu + 5) Help + + kat > 1 + + ![Add Kali repositories and Update menu](/attachment/wiki/Kali/katoolin-add-update-repo-menu.png) + + - select 'Add kali linux repositories' + + 1) Add kali linux repositories + 2) Update + 3) Remove all kali linux repositories + 4) View the contents of sources.list file + + What do you want to do ?> 1 + + ![Add Kali repositories](/attachment/wiki/Kali/katoolin-add-repos-menu.png) + + - update Kali repositories + + + 1) Add kali linux repositories + 2) Update + 3) Remove all kali linux repositories + 4) View the contents of sources.list file + + What do you want to do ?> 2 + + - quit katoolin by pressing `CRTL` + `c` keys + + What do you want to do ?> ^CShutdown requested...Goodbye... + +7. Clean up and update `kali` template + + [user@kali ~]$ sudo apt-get dist-upgrade + [user@kali ~]$ sudo apt-get autoremove + +8. Install tools + + **Note** [Resize the template disk image][qubes-resize-disk-image] to at least 20GB if you plan on installing all packages from Kali distribution. + + 1. View Categories + + - start katoolin + + [user@kali ~]$ sudo katoolin + + - select `2) View Categories` + + 2. Select the categories/tools you want to install + + - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu][katoolin-howto]. + + - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. + +9. Create a AppVMs based on the `kali` template + + - (Optional) Attach necessary devices + +Kali Linux TemplateVM from a Debian template +-------------------------------------------- + +This section will explain how to create your own [Kali] Linux TemplateVM based +on a current stable Debian TemplateVM. The basic idea is to personalize the +template with all the tools needed, and then spin up isolated AppVMs based on +the template. + +The steps can be summarised as: + +1. Install Qubes stable Debian template +2. Upgrade the template to Debian testing release +3. Install Kali Linux through the ``kali-linux-full`` package +4. Use the template to build AppVM so that you can maintain isolation between + e.g. pentesting jobs + +### Get Kali Linux GPG key ### + +**CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures]. +This website cannot guarantee that any PGP key you download from the Internet is authentic. +Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. + +This step is required since by (security) default a TemplateVM do not have a +direct Internet connectivity. Users understanding the risks of enabling such +access can change this configuration in firewall settings for the TemplateVM. + +**Note:** The prompt on each line indicates where each command should be entered +(`@dom0`, `@kali-rolling`, `@xxxx-dvm` or `@debian-`). + +1. Retrive the Kali Linux GPG key using a DispVM. + + [user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 + [user@xxxx-dvm ~]$ gpg --list-keys --with-fingerprint 7D8D0BF6 + [user@xxxx-dvm ~]$ gpg --export --armor 7D8D0BF6 > kali-key.asc + +2. **DO NOT TURN OFF** the DispVM, the `kali-key.asc` file will be copied to + the Kali Linux template in a further step. + +3. Make sure the key is the authentic Kali key. + See the [Kali website] for further advice and instructions on verification. + +### Create a Kali Linux (rolling) template ### + +These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux. + +1. (Optional) Check for latest Debian stable template and install it (if not already done) + + [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian + [user@dom0 ~]$ sudo qubes-dom0-update + +2. Start, update and close your latest Debian template + + [user@dom0 ~]$ qvm-start debian- + [user@dom0 ~]$ qvm-run -a debian- gnome-terminal + [user@debian- ~]$ sudo apt-get update + [user@debian- ~]$ sudo apt-get upgrade + [user@dom0 ~]$ qvm-shutdown debian- + +3. Clone `debian-X` template + + [user@dom0 ~]$ qvm-clone debian- kali-rolling + +4. Check the name of currently used repository in `/etc/apt/sources.list` and current testing [Debian release][Debian-releases]. Update repository list accordingly + + [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list + [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list + + e.g. in this example we update `stretch` stable repository to `buster` testing respository + + [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list + [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list + +5. Upgrade `kali-rolling` template to latest Debian testing release + + [user@kali-rolling ~]$ sudo apt-get update + [user@kali-rolling ~]$ sudo apt-get dist-upgrade + [user@kali-rolling ~]$ sudo apt-get autoremove + +**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first. + +6. Copy the Kali GPG key from the DispVM to the new template: + + [user@xxxx-dvm ~]$ qvm-copy kali-key.asc + + The DispVM can now be turned off. + +7. Add the Kali GPG key to the list of keys trusted to authenticate packages: + + [user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - + + This command should return `OK` on a line by itself. + +8. Attempt the upgrade process in the new template. + + [user@kali-rolling ~]$ sudo cat < /etc/apt/sources.list.d/kali.list + # Kali Linux repository + deb http://http.kali.org/kali kali-rolling main non-free contrib + EOF + [user@kali-rolling ~]$ sudo apt-get update + [user@kali-rolling ~]$ sudo apt-get dist-upgrade + [user@kali-rolling ~]$ sudo apt-get autoremove + +9. Ensure a terminal can be opened in the new template. + + [user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal + +### Install the Kali tools ### + +At this point you should have a working template and you can install the tools you need. + +1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. + +2. Install Kali Linux tools: + + [user@kali-rolling ~]$ sudo apt-get install kali-linux-full + +3. (Optional) Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional) + +### Use the template ### + +The template is ready to be used. You can now spin up AppVMs based on the `kali-rolling` template. + Alternative Options to Kali Linux --------------------------------- @@ -328,6 +599,7 @@ Alternative Options to Kali Linux * BlackArch Linux, with [BA Qubes OS guide][qubes-blackarch] * [KATOOLIN][katoolin-howto] * more on the [Penetration Testing page][qubes-pentesting] + Notes ----- From b2ebd4b3b10046ccb73ff1a3469c017f11cb21eb Mon Sep 17 00:00:00 2001 From: brofoobar <41891598+brofoobar@users.noreply.github.com> Date: Sun, 12 Aug 2018 19:47:50 +0000 Subject: [PATCH 4/4] fixed typo --- managing-os/pentesting/kali.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md index aeb725ae..80331b22 100644 --- a/managing-os/pentesting/kali.md +++ b/managing-os/pentesting/kali.md @@ -14,7 +14,7 @@ redirect_from: - Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. -- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. +- Kali Linux distribution is a rolling distribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. Qubes 3.2 @@ -78,7 +78,7 @@ Debian based Kali Template with Katoolin [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list - e.g. in this example we update `stretch` stable repository to `buster` testing respository + e.g. in this example we update `stretch` stable repository to `buster` testing repository [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list @@ -253,7 +253,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list - e.g. in this example we update `stretch` stable repository to `buster` testing respository + e.g. in this example we update `stretch` stable repository to `buster` testing repository [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list @@ -375,7 +375,7 @@ Debian based Kali Template with Katoolin [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list - e.g. in this example we update `stretch` stable repository to `buster` testing respository + e.g. in this example we update `stretch` stable repository to `buster` testing repository [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list @@ -536,7 +536,7 @@ These instructions will show you how to upgrade a Debian TemplateVM to Kali Linu [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's///g' /etc/apt/sources.list.d/qubes-r.list - e.g. in this example we update `stretch` stable repository to `buster` testing respository + e.g. in this example we update `stretch` stable repository to `buster` testing repository [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list [user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r.list