Kali VM for course/exercises
Based on Kali 2022.1 &.2 .3
From: Kali VMs Images
Docs: Virtualbox Doc
Unzip the file downloaded then import the .vbox file, using “Add” in Virtualbox.
Things to do to make this VM work on our environment:
using Display in Settings and set it up doesn't work as Virtualbox tries to resize it ( for your security …). You need to set it up by hand:
Menu > Settings > Power Manager then in the Tab “Security”:
sudo su
Then as root
apt update && apt install htop ccze dfc iftop libreoffice libreoffice-l10n-de libreoffice-l10n-fr parcellite zaproxy
Here for the kali user, replace by yours if you made another
vi /etc/lightdm/lightdm.conf
[Seat:*] autologin-user=kali autologin-user-timeout=0
useradd -m warnaud usermod -aG ad,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,wireshark,bluetooth,kali-trusted,scanner,vboxsf,kaboxer warnaud chsh -s /usr/bin/zsh warnaud passwd warnaud
Log-out and log in to update all ENV variables ($SHELL etc …)
The group kali-trusted can launch sudo commands without password
usermod -aG kali-trusted kali
Note: replace kali by your user if you prefer to have a dedicated user
apt -y install curl gnupg2 apt-transport-https software-properties-common ca-certificates echo "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" | sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - cd apt update apt install -y docker-ce docker-ce-cli containerd.io systemctl enable docker --now usermod -aG docker kali curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi - mv docker-compose-linux-x86_64 /usr/bin/docker-compose chmod +x /usr/bin/docker-compose
sudo apt install -y python2 python2.7-dev libpython2-dev curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py sudo python2 get-pip.py sudo python2 -m pip install -U setuptools wheel
cd /opt git clone https://github.com/volatilityfoundation/volatility.git echo "#! /usr/bin/bash /usr/bin/python2 /opt/volatility/vol.py \$@" > /usr/local/bin/volatility chmod +x /usr/local/bin/volatility git clone https://github.com/volatilityfoundation/volatility3.git ln -s /opt/volatility3/vol.py /usr/local/bin/volatility3 python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone sudo python2 -m pip install yara sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
From : Github nullsecurity
apt install dh-autoreconf pkg-config cmake cd /opt git clone https://github.com/snort3/libdaq.git cd libdaq ./bootstrap ./configure make install ldconfig cd /opt git clone https://github.com/snort3/snort3.git cd snort3 ./configure\_cmake.sh --prefix=$HOME/install/snort3 --enable-unit-tests
DOESN'T work…
From: https://upcloud.com/resources/tutorials/installing-snort-on-debian
apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev bison flex libdnet autoconf libtool cd /opt mkdir snort_src cd snort_src wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz tar xvzf daq-2.0.7.tar.gz cd daq-2.0.7 autoreconf -f -i ./configure && make && make install cd /opt/snort_src wget https://www.snort.org/downloads/snort/snort-2.9.20.tar.gz tar xvzf snort-2.9.20.tar.gz cd snort-2.9.20 ./configure --enable-sourcefire CPPFLAGS="-I /usr/include/tirpc" && make && make install ldconfig groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort mkdir -p /etc/snort/rules mkdir -p /var/log/snort mkdir -p /usr/local/lib/snort_dynamicrules chmod -R 5775 /etc/snort chmod -R 5775 /var/log/snort chmod -R 5775 /usr/local/lib/snort_dynamicrules chown -R snort:snort /etc/snort chown -R snort:snort /var/log/snort chown -R snort:snort /usr/local/lib/snort_dynamicrules touch /etc/snort/rules/white_list.rules touch /etc/snort/rules/black_list.rules touch /etc/snort/rules/local.rules cp /opt/snort_src/snort-2.9.20/etc/*.conf* /etc/snort cp /opt/snort_src/snort-2.9.20/etc/*.map /etc/snort cd /opt/snort_src wget https://www.snort.org/rules/community -O ./community.tar.gz tar xvzf community.tar.gz cp /opt/snort_src/community-rules/* /etc/snort/rules sudo sed -i 's/include $RULE_PATH/#include $RULE_PATH/' /etc/snort/snort.conf vi /etc/snort/snort.conf
DOESN'T WORK EITHER !!!!
From : https://unix.stackexchange.com/questions/584144/unable-to-locate-package-snort - modified to reflect last Debian 11 version
vi /etc/apt/sources.list
deb http://httpredir.debian.org/debian bullseye main
bullseye as kali is now rolling release so put a current version might → testing doesn't work ! (as of 20/07/2022)
apt update
apt install snort
comment the line deb http://httpredir.debian.org/debian bullseye main
dpkg-reconfigure snort
You can change the default IP range of $HOME_NET (default is 10.0.2.0/24 aka VirtualBox's VLAN)
vi /etc/snort/rules/local.rules
alert tcp any any -> any any (msg:"Basic test please comment in local.rules"; sid:10000001; rev:001;)
snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf
Now launch a web browser or anything that goes on the internet using tcp stack
Uncomment the line in /etc/apt/sources.list with debian repos then apt update && apt upgrade snort
apt install apt-transport-https curl sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list apt update apt install brave-browser
You can add Nala following the instructions from their Wiki on any Debian/Ubuntu VMs
echo "deb https://deb.volian.org/volian/ scar main" | sudo tee /etc/apt/sources.list.d/volian-archive-scar-unstable.list wget -qO - https://deb.volian.org/volian/scar.key | sudo tee /etc/apt/trusted.gpg.d/volian-archive-scar-unstable.gpg > /dev/null apt update apt install nala
(if you install from scratch with the ISO - not needed if you already imported the OVA/premade images)
css user is member of the sudo group
sudo visudo
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
not mandatory, only for barebone install, images from Kali have necessary tools already installed
Insert the virtual CD
cd /media/cdrom0 sudo bash ./VBoxLinuxAdditions.run sudo usermod -aG vboxsf kali
Under hyperV you should set this option to get the most of the VM
C:\Windows\system32> Set-VM "Kali Linux" -EnhancedSessionTransportType HVSocket
if your web browser seems laggy or make your whole VM laggy, just activate the 3D acceleration: Settings > Display and check “Enable 3D acceleration”