Differences

This shows you the differences between two versions of the page.

--- os:kali:css-arm [2024/11/15 05:40] – [Volatility 2 & python2] warnaud
+++ os:kali:css-arm [2024/11/16 15:16] (current) – [Yara] warnaud
@@ Line 1: / Line 1: @@
+====== Kali Linux for CSP/CSS ======
+Kali Linux install for Virtualbox on **__Apple Silicon__** M1/M2/M3/M4?\\
+For x86_64 -> [[os:kali:css|go here]]\\
+:!: :!: NOT FOR PRODUCTION :!: :!:
+===== Prerequisite =====
+  * Apple Silicon MX CPU
+  * [[https://www.virtualbox.org/wiki/Downloads|Vitrualbox Apple Silicon Hosts]]
+  * [[https://www.virtualbox.org/wiki/Downloads|VirtualBox Extension Pack]]
+  * Kali ARM iso install [[https://www.kali.org/get-kali/#kali-installer-images| Apple Silicon (ARM64)]]
+===== Install =====
+Create a VM using the iso as bootable CD
+{{ :os:kali:screenshot_2024-11-10_at_09.19.42.png?nolink |}}
+==== Launch the machine ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_54_30.png?nolink |}}
+==== select language ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_54_55.png?nolink |}}
+==== select country ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_55_11.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_55_22.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_55_31.png?nolink |}}
+==== locales ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_55_38.png?nolink |}}
+==== Keyboard mapping ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_55_50.png?nolink |}}
+or
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_56_08.png?nolink |}}
+==== machine name ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_57_51.png?nolink |}}
+==== user (sudoer) + password ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_58_25.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_58_42.png?nolink |}}
+==== Partitioning ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_59_00.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_59_08.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_59_14.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_59_21.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_09_59_28.png?nolink |}}
+==== Default packages ====
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_10_01_46.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_10_15_32.png?nolink |}}
+==== First reboot ====
+check your login/pass then shutdown the VM
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_10_15_49.png?nolink |}}
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_10_54_51.png?nolink |}}
+==== Snapshot ====
+{{ :os:kali:screenshot_2024-11-10_at_11.06.44.png?nolink |}}
+==== First full upgrade ====
+<code bash>
+sudo su
+</code>
+<code bash>apt update
+apt dist-upgrade -y && reboot</code>
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_11_08_31.png?nolink |}}
+we can safely apply any update/restart any services set default values as nobody but us is on this VM
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_11_27_01.png?nolink |}}
+...
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_11_31_16.png?nolink |}}
+Takes a while but should finish then immediately reboot. If it doesn't reboot, note the error and google/Ai for it
+==== snapshot II ====
+shutdown the machine and make a new snapshot
+{{ :os:kali:screenshot_2024-11-10_at_11.36.18.png?nolink |}}
+==== Guest Tools installation ====
+boot the VM, log in your session\\
+click on the menu Devices> Insert Guest Addition CD\\
+Right-click on the CD on the Desktop and choose "Mount Volume"
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_11_40_20.png?nolink |}}
+Launch a terminal
+<code bash> sudo su</code>
+<code bash> cd /media/cdrom0</code>
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_11_43_45.png?nolink |}}
+<code bash> apt install -y dkms linux-headers-`uname -r` build-essential
+sh ./VBoxLinuxAdditions-arm64.run
+usermod -sG vboxsf warnaud
+</code>
+:!: chane **warnaud** by the name of your user
+{{ :os:kali:virtualbox_kali_linux_10_11_2024_12_01_11.png?nolink |}}
+==== Fine tuning ====
+stop the machine and click on the settings button to fine tune it:
+  * add more RAM and CPU if possible (runs fine with defaults)
+  * add clipboard
+  * 3D acceleration
+  * disable audio
+  * share folder
+{{ :os:kali:screenshot_2024-11-10_at_12.05.50.png?nolink |}}
+{{ :os:kali:screenshot_2024-11-10_at_12.06.14.png?nolink |}}
+{{ :os:kali:screenshot_2024-11-10_at_12.06.29.png?nolink |}}
+{{ :os:kali:screenshot_2024-11-10_at_12.06.45.png?nolink |}}
+{{ :os:kali:screenshot_2024-11-10_at_12.07.10.png?nolink |}}
+{{ :os:kali:screenshot_2024-11-10_at_12.07.53.png?nolink |}}
+==== Extra packages ====
+Start the machine, now you "should be able to copy/paste commands !
+<code bash> apt update && apt install -y htop ccze dfc iftop libreoffice libreoffice-l10n-de libreoffice-l10n-fr clipit zaproxy</code>
+===== Hacks =====
+==== sudoers ====
+<code bash>sudo su</code>
+<code bash>usermod -aG kali-trusted kali</code>
+==== Autologin ====
+<code bash>sudo su</code>
+=== Manual ===
+<code bash> vi /etc/lightdm/lightdm.conf</code>
+<code perl>
+...
+[Seat:*]
+...
+autologin-user=kali
+autologin-user-timeout=0
+...
+</code>
+=== One-liner ===
+-)
+<code bash> sudo sed -i 's/#autologin-user=/autologin-user=kali/g; s/#autologin-user-timeout=0/autologin-user-timeout=0/g' /etc/lightdm/lightdm.conf</code>
+===== Extra packages =====
+==== Docker ====
+<code bash>sudo su</code>
+<code bash>
+apt update
+apt install -y apt-transport-https ca-certificates curl gnupg lsb-release
+# Add Docker's official GPG key
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+# Add Docker repository (using Debian as base since Kali is Debian-based)
+echo "deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+# Update package list again
+apt update
+apt install -y docker-ce docker-ce-cli containerd.io
+systemctl enable docker --now
+usermod -aG docker kali
+</code>
+==== Docker-compose ====
+check: https://github.com/docker/compose/releases/ for url
+<code bash>sudo su</code>
+<code bash>
+sudo wget https://github.com/docker/compose/releases/download/v2.30.3/docker-compose-linux-aarch64 -O /usr/bin/docker-compose
+chmod +x /usr/bin/docker-compose
+</code>
+==== Test ====
+Does it work?\\
+:!: log out or reboot so the user kali is part of the docker group :!:
+<code bash>docker info
+docker-compose info</code>
+==== Volatility 2 & python2 ====
+<code bash>sudo su</code>
+<code bash>
+# Install dependencies
+apt install -y python2 python2-dev build-essential git libdistorm3-dev yara libraw1394-11 libcapstone-dev capstone-tool tzdata libpython2-dev libjpeg-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python2.7-tk
+#Install pip
+cd
+curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
+python2 get-pip.py
+# Install Python deps with python2 pip
+python2 -m pip install -U setuptools wheel
+python2 -m pip install importlib
+python2 -m pip install distorm3
+python2 -m pip install pycrypto
+python2 -m pip install yara-python==3.11.0
+python2 -m pip install pillow
+python2 -m pip install openpyxl
+python2 -m pip install pytz
+python2 -m pip install ipython
+python2 -m pip install capstone
+# link yara
+ln -s /usr/lib/aarch64-linux-gnu/libyara.so.10 /usr/lib/libyara.so
+# Check python & yara are working
+python2 -c "import yara; print('YARA Python working')"
+yara --version
+# Clone Volatility 2
+cd /opt
+git clone https://github.com/volatilityfoundation/volatility.git
+echo "#! /usr/bin/bash
+/usr/bin/python2  /opt/volatility/vol.py \$@" > /usr/local/bin/volatility
+chmod +x /usr/local/bin/volatility
+</code>
+==== Volatility 3 ====
+<code bash> sudo su</code>
+<code bash>
+cd /opt
+git clone https://github.com/volatilityfoundation/volatility3.git
+ln -s /opt/volatility3/vol.py /usr/local/bin/volatility3</code>
+==== Yara ====
+<code bash>sudo su</code>
+<code bash>
+mkdir /opt/yara
+cd /opt/yara
+git clone https://github.com/Yara-Rules/rules.git</code>