mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-29 15:53:29 -05:00
WORK IN PROGRESS - Updates and cleanups
Updated instructions for installing Kali. General cleanups.
This commit is contained in:
Lorenzo
parent
5189bb0039
commit
ee4c6a1587
@ -7,54 +7,146 @@ permalink: /doc/kali/
|
||||
How to Create a Kali Linux VM
|
||||
=============================
|
||||
|
||||
This guide is being created to give guidance on ways in which you could implement Kali Pen-Testing distrubution within Qubes-OS.
|
||||
This guide will explain how to create your own [Kali] Linux VM as a VM
|
||||
template. The basic idea is to personalize the template with the tools you need
|
||||
and then spin up isolated appVMs based on the template.
|
||||
|
||||
There are multiple ways in which this can be achieved, for example you could create a HVM and use the ISO to install the system straight to that virtual machine.
|
||||
The steps can be summarised as:
|
||||
|
||||
1. Customize a Debian template with the Kali sources
|
||||
3. Install the Kali tools
|
||||
4. Use the template to build appVM so that you can maintain isolation between
|
||||
e.g. pentesting jobs
|
||||
|
||||
|
||||
Build Based on Debian Template
|
||||
---
|
||||
**IMPORTANT NOTE** Following the instructions below and in particular installing kali-linux-full will **BREAK YOUR VM**. Don't do it. It needs further investigation. The problem is:
|
||||
|
||||
1 - Install debian-8 template (if not already installed)
|
||||
|
||||
2 - Clone debian-8 template
|
||||
|
||||
3 - Add kali repo to /etc/apt/sources.list:
|
||||
|
||||
* deb http://http.kali.org/kali kali-rolling main non-free contrib
|
||||
|
||||
4 - Find and add kali signing keys:
|
||||
|
||||
* gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 (this is the key ID I found on Kali web site)
|
||||
|
||||
* gpg --list-keys --with-fingerprint 7D8D0BF6
|
||||
|
||||
* gpg --export --armor 7D8D0BF6 > kali.asc
|
||||
|
||||
* sudo apt-key add kali.asc
|
||||
|
||||
* sudo apt-key list
|
||||
|
||||
5 - sudo apt-get update
|
||||
|
||||
6 - sudo halt
|
||||
|
||||
7 - backup template (cloned...)
|
||||
|
||||
8 - sudo apt-get apt-get install kali-*** (or similar) --> installs fine but break the template X settings. As mentioned, X packaged need to be masked prior to this, I did not take the time to look-up how to do that...
|
||||
|
||||
9 - Create a appvm from the kali template and attach necessary devices.
|
||||
* Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-*
|
||||
|
||||
|
||||
Note:
|
||||
Steps to build a Kali template
|
||||
------------------------------
|
||||
|
||||
If you do not want to modify the sources.list file and add the signing keys yourself, alternatively you can use KATOOLIN after cloning the Debian Template. Guide on how to use KATOOLIN - http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
|
||||
|
||||
### Get the GPG key
|
||||
|
||||
1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
|
||||
build won't have direct internet connectivity unless you enable it from the
|
||||
firewall:
|
||||
|
||||
# in the dispVM
|
||||
gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
|
||||
gpg --list-keys --with-fingerprint 7D8D0BF6
|
||||
gpg --export --armor 7D8D0BF6 > kali.asc
|
||||
|
||||
2. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
|
||||
verify the fingerprint through other channels.
|
||||
|
||||
Once you have the key, keep the dispVM on as you'll need to copy the key over
|
||||
to the Kali template.
|
||||
|
||||
### Customize the template
|
||||
|
||||
1. Install [the debian-8 template] (if not already installed)
|
||||
|
||||
2. Clone the debian template and start a terminal in it:
|
||||
|
||||
# from dom0:
|
||||
qvm-clone debian-8 kali
|
||||
|
||||
3. Add this line to the `/etc/apt/sources.list` file in the template:
|
||||
|
||||
# in the 'kali' template
|
||||
sudo -s
|
||||
echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
|
||||
|
||||
4. Copy the Kali key from the dispVM into the template:
|
||||
|
||||
# in the dispVM
|
||||
qvm-copy-to-vm kali kali.asc
|
||||
|
||||
# in the kali template:
|
||||
sudo -s
|
||||
cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add -
|
||||
|
||||
The last command should return `OK` on a line by itself.
|
||||
|
||||
5. **Pin the X server** into the preferences file: this prevents Kali to installing
|
||||
a new X.org server, for which there would be no qubes-tools available:
|
||||
|
||||
# add the following lines to /etc/apt/preferences (you might have to
|
||||
create it)
|
||||
|
||||
Package: xserver-xorg*
|
||||
Pin: release a=jessie
|
||||
Pin-Priority: 900
|
||||
|
||||
Package: xorg*
|
||||
Pin: release a=jessie
|
||||
Pin-Priority: 900
|
||||
|
||||
5. Update the system:
|
||||
|
||||
sudo apt-get update
|
||||
|
||||
6. Now is a good time to stop the template, clone it and see if restarting it
|
||||
allows you to run a terminal:
|
||||
|
||||
# from dom0
|
||||
qvm-clone kali kali-tools
|
||||
|
||||
### Install the Kali tools
|
||||
|
||||
At this point you should have a working template and you can install the tools you need.
|
||||
|
||||
Don't forget to [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
|
||||
|
||||
1. Install your tools of choice, for example:
|
||||
|
||||
# in the kali-tools template
|
||||
sudo apt-get install kali-linux-full
|
||||
|
||||
2. If the update process went well, give it a try: shut down the `kali-tools`
|
||||
template and create an appVM from it.
|
||||
|
||||
3. When you are happy you can probably remove the `kali` template and its
|
||||
backup copies; then use only `kali-tools` as a template.
|
||||
|
||||
|
||||
Don't forget to back up your appVMs as [audio CDs].
|
||||
|
||||
|
||||
Troubleshooting
|
||||
---------------
|
||||
|
||||
If the template doesn't start, give it a peek with the console:
|
||||
|
||||
# from dom0
|
||||
sudo xl console kali
|
||||
|
||||
|
||||
Installing via third-party scripts: Katoolin
|
||||
--------------------------------------------
|
||||
|
||||
If you do not want to modify the `sources.list` file and add the signing keys
|
||||
yourself, alternatively you can use [KATOOLIN] after cloning the Debian
|
||||
Template.
|
||||
|
||||
You should probably inspect the script and make sure it does what you want
|
||||
before trusting it blindly.
|
||||
|
||||
|
||||
Alternative Options to Kali
|
||||
---
|
||||
===========================
|
||||
|
||||
PenTester Framework (PTF)
|
||||
* PenTester Framework: [PTF]
|
||||
|
||||
|
||||
|
||||
[kali]: https://www.kali.org/
|
||||
[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images.
|
||||
[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
|
||||
[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/
|
||||
[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
|
||||
[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
|
||||
[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user