User Tools

Site Tools



Kali VM for course/exercises
Based on Kali 2022.1 &.2 .3


  1. Default Keymap is in English us use the menu and type keyboard to change in a GUI
  2. :!: not for use in production :!:
  3. sudo without password, 99% of the following commands were run in a root user shell → be a (wo)man ! run as root


From: Kali VMs Images
Docs: Virtualbox Doc
Unzip the file downloaded then import the .vbox file, using “Add” in Virtualbox.


Things to do to make this VM work on our environment:

  1. Download and import into VirtualBox (I didn't test it in on VMWare's hypervisors' family, but it should work, same for UTM/KVM/Proxmox)
  2. Verify or change settings (copy/paste, numbers of CPUs/RAM, Network interfaces - I prefer to bridge them but NAT is OK too, …) by clicking on the settings buttons
  3. snapshot, so the next modifications can be reversed to the original state.
  4. resize display once logged in (see underneath login/pass) type “display” in the “start menu”, a “Display” application will help you resize the screen to your need - also check underneath on Display size to make it correct
  5. Add what you miss (bookmarks/docs/scripts/software/…)

Display size

using Display in Settings and set it up doesn't work as Virtualbox tries to resize it ( for your security …). You need to set it up by hand:

Lock screen

Menu > Settings > Power Manager then in the Tab “Security”:

  • Automatically lock the session: Never
  • Uncheck “Lock screen when system is going to sleep”

Missing packages

sudo su

Then as root

apt update && apt install htop ccze dfc iftop libreoffice libreoffice-l10n-de libreoffice-l10n-fr parcellite zaproxy
cd /tmp && wget
dpkg -i /tmp/zui_1.7.0_amd64.deb


Here for the kali user, replace by yours if you made another

 vi /etc/lightdm/lightdm.conf

New user (OPTIONAL)

 useradd -m warnaud
usermod -aG ad,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,wireshark,bluetooth,kali-trusted,scanner,vboxsf,kaboxer warnaud
chsh -s /usr/bin/zsh warnaud
passwd warnaud

Log-out and log in to update all ENV variables ($SHELL etc …)


The group kali-trusted can launch sudo commands without password

 usermod -aG kali-trusted kali

Note: replace kali by your user if you prefer to have a dedicated user

Additional packages


apt -y install curl gnupg2 apt-transport-https software-properties-common ca-certificates
echo "deb [arch=amd64] buster stable" | sudo tee  /etc/apt/sources.list.d/docker.list
curl -fsSL | sudo apt-key add -
apt update
apt install -y docker-ce docker-ce-cli
systemctl enable docker --now
usermod -aG docker kali
curl -s | grep browser_download_url  | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi -
mv docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
sudo apt install -y python2 python2.7-dev libpython2-dev
curl --output
sudo python2
sudo python2 -m pip install -U setuptools wheel


cd /opt
git clone
echo "#! /usr/bin/bash
/usr/bin/python2  /opt/volatility/ \$@" > /usr/local/bin/volatility
chmod +x /usr/local/bin/volatility
git clone
ln -s /opt/volatility3/ /usr/local/bin/volatility3
python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone
sudo python2 -m pip install yara
sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/ /usr/lib/

Yara rules

mkdir /opt/yara
cd /opt/yara
git clone

Volatility-check script

cd /opt
git clone
chmod o+x /opt/volatility-check/
ln -s /opt/volatility-check/ /usr/local/volatility-check


First try

From : Github nullsecurity

apt install dh-autoreconf pkg-config cmake
cd /opt
git clone
cd libdaq
make install
cd /opt
git clone
cd snort3
./configure\ --prefix=$HOME/install/snort3 --enable-unit-tests

DOESN'T work…

Second try


apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev bison flex libdnet autoconf libtool
cd /opt
mkdir snort_src
cd snort_src
tar xvzf daq-2.0.7.tar.gz
cd daq-2.0.7
autoreconf -f -i
./configure && make && make install
cd /opt/snort_src
tar xvzf snort-2.9.20.tar.gz
cd snort-2.9.20
./configure --enable-sourcefire CPPFLAGS="-I /usr/include/tirpc" && make && make install
groupadd snort
useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
mkdir -p /etc/snort/rules
mkdir -p /var/log/snort
mkdir -p /usr/local/lib/snort_dynamicrules
chmod -R 5775 /etc/snort
chmod -R 5775 /var/log/snort
chmod -R 5775 /usr/local/lib/snort_dynamicrules
chown -R snort:snort /etc/snort
chown -R snort:snort /var/log/snort
chown -R snort:snort /usr/local/lib/snort_dynamicrules
touch /etc/snort/rules/white_list.rules
touch /etc/snort/rules/black_list.rules
touch /etc/snort/rules/local.rules
cp /opt/snort_src/snort-2.9.20/etc/*.conf* /etc/snort
cp /opt/snort_src/snort-2.9.20/etc/*.map /etc/snort
cd /opt/snort_src
wget -O ./community.tar.gz
tar xvzf community.tar.gz
cp /opt/snort_src/community-rules/* /etc/snort/rules
sudo sed -i 's/include $RULE_PATH/#include $RULE_PATH/' /etc/snort/snort.conf
vi /etc/snort/snort.conf


Third try

From : - modified to reflect last Debian 11 version

vi /etc/apt/sources.list
deb bullseye main

:!: bullseye as kali is now rolling release so put a current version mighttesting doesn't work ! (as of 20/07/2022)

apt update
apt install snort

:!: comment the line deb bullseye main


dpkg-reconfigure snort

You can change the default IP range of $HOME_NET (default is aka VirtualBox's VLAN)


 vi /etc/snort/rules/local.rules
alert tcp any any -> any any (msg:"Basic test please comment in local.rules"; sid:10000001; rev:001;)
snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf

Now launch a web browser or anything that goes on the internet using tcp stack


Uncomment the line in /etc/apt/sources.list with debian repos then apt update && apt upgrade snort


apt install apt-transport-https curl
sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
apt update
apt install brave-browser


You can add Nala following the instructions from their Wiki on any Debian/Ubuntu VMs

echo "deb scar main" | sudo tee /etc/apt/sources.list.d/volian-archive-scar-unstable.list
wget -qO - | sudo tee /etc/apt/trusted.gpg.d/volian-archive-scar-unstable.gpg > /dev/null
apt update
apt install nala

Detailed installation

(if you install from scratch with the ISO - not needed if you already imported the OVA/premade images)


css user is member of the sudo group

sudo visudo

Virtualbox Additions tools

:!: not mandatory, only for barebone install, images from Kali have necessary tools already installed Insert the virtual CD

cd /media/cdrom0
sudo  bash ./
sudo usermod -aG vboxsf kali


Under hyperV you should set this option to get the most of the VM

C:\Windows\system32> Set-VM "Kali Linux" -EnhancedSessionTransportType HVSocket 

Slow Web browser

if your web browser seems laggy or make your whole VM laggy, just activate the 3D acceleration: Settings > Display and check “Enable 3D acceleration”


os/kali/css.txt · Last modified: 2024/05/04 19:00 by warnaud