Warnaud's Wiki

User Tools

Site Tools

You are here: start » os » kali » css
os:kali:css

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
os:kali:css [2023/06/21 06:41] – [Virtualbox Additions tools] warnaudos:kali:css [2024/11/09 15:20] (current) – [Additional packages] warnaud
Line 1: Line 1:
 +====== Introduction ======
 +Kali VM for course/exercises\\
 +Based on Kali 2022.1 &.2 .3\\
  
 +====== Notes ======
 +  - Default Keymap is in **English us** use the menu and type keyboard to change in a GUI
 +  - :!: **__not for use in production__** :!:
 +  - sudo without password, 99% of the following commands were run in a root user shell -> [[https://www.garyshood.com/root/| be a (wo)man ! run as root]]
 +====== VM ======
 +From: [[https://www.kali.org/get-kali/#kali-virtual-machines|Kali VMs Images]]\\
 +Docs: [[https://www.kali.org/docs/virtualization/import-premade-virtualbox/| Virtualbox Doc]]\\
 +Unzip the file downloaded then import the .vbox file, using "Add" in Virtualbox.
 +
 +====== TO DO FIRST ======
 +Things to do to make this VM work on our environment:
 +  - Download and import into [[https://www.virtualbox.org/|VirtualBox]] (I didn't test it in on VMWare's hypervisors' family, but it should work, same for UTM/KVM/Proxmox)
 +  - Verify or change settings (copy/paste, numbers of CPUs/RAM, Network interfaces - I prefer to bridge them but NAT is OK too, ...) by clicking on the settings buttons
 +  - snapshot, so the next modifications can be reversed to the original state.
 +  - resize display once logged in (see underneath login/pass) type "display" in the "start menu", a "Display" application will help you resize the screen to your need - also check underneath on Display size to make it correct
 +  - Add what you miss (bookmarks/docs/scripts/software/...)
 +
 +
 +==== Display size ====
 +using Display in Settings and set it up doesn't work as Virtualbox tries to resize it ( for your security ...). You need to set it up by hand:
 +{{ :os:kali:screenshot_2022-03-07_at_11.10.08.png?nolink |}}
 +
 +==== Lock screen ====
 +Menu > Settings > Power Manager then in the Tab "Security":
 +  * Automatically lock the session: Never
 +  * Uncheck "Lock screen when system is going to sleep"
 +==== Missing packages ====
 +<code bash>sudo su</code>
 +Then as root
 +<code bash>
 +apt update && apt install -y htop ccze dfc iftop libreoffice libreoffice-l10n-de libreoffice-l10n-fr clipit zaproxy
 +</code>
 +===== Autologin =====
 +Here for the **kali** user, replace by yours if you made another
 +<code bash> vi /etc/lightdm/lightdm.conf</code>
 +<code perl>
 +[Seat:*]
 +autologin-user=kali
 +autologin-user-timeout=0</code>
 +
 +
 +===== New user (OPTIONAL) =====
 +<code bash> useradd -m warnaud
 +usermod -aG ad,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,wireshark,bluetooth,kali-trusted,scanner,vboxsf,kaboxer warnaud
 +chsh -s /usr/bin/zsh warnaud
 +passwd warnaud</code>
 +Log-out and log in to update all **ENV** variables ($SHELL etc ...)
 +
 +===== SUDO =====
 +The group **kali-trusted** can launch sudo commands without password
 +<code bash> usermod -aG kali-trusted kali</code>
 +__Note__: replace kali by your user if you prefer to have a dedicated user
 +
 +==== Additional packages ====
 +
 +=== Docker ===
 +:!: doesn't work on ARM64 arch :!: __**ONLY for x86_64**__
 +<code bash>
 +apt install -y curl gnupg2 apt-transport-https ca-certificates
 +echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 +cd
 +apt update
 +apt install -y docker-ce docker-ce-cli containerd.io
 +systemctl enable docker --now
 +usermod -aG docker kali
 +curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url  | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi -
 +mv docker-compose-linux-x86_64 /usr/bin/docker-compose
 +chmod +x /usr/bin/docker-compose
 +</code>
 +== Python2 ==
 +<code bash>
 +sudo apt install -y python2 python2.7-dev libpython2-dev
 +curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
 +sudo python2 get-pip.py
 +sudo python2 -m pip install -U setuptools wheel
 +</code>
 +=== Volatility ===
 +<code bash>
 +cd /opt
 +git clone https://github.com/volatilityfoundation/volatility.git
 +echo "#! /usr/bin/bash
 +/usr/bin/python2  /opt/volatility/vol.py \$@" > /usr/local/bin/volatility
 +chmod +x /usr/local/bin/volatility
 +git clone https://github.com/volatilityfoundation/volatility3.git
 +ln -s /opt/volatility3/vol.py /usr/local/bin/volatility3
 +
 +python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl pytz ipython capstone
 +python2 -m pip install -U --no-use-pep517 ujson
 +sudo python2 -m pip install yara
 +sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
 +</code>
 +=== Yara rules ===
 +<code bash>
 +mkdir /opt/yara
 +cd /opt/yara
 +git clone https://github.com/Yara-Rules/rules.git
 +</code>
 +=== Volatility-check script ===
 +<code bash>
 +cd /opt
 +git clone https://gitlab.com/arnaud.fortier/volatility-check.git
 +chmod o+x /opt/volatility-check/volatility-check.sh
 +ln -s /opt/volatility-check/volatility-check.sh /usr/local/volatility-check
 +</code>
 +===== Snort =====
 +==== First try ====
 +
 +From : [[ https://github.com/nu11secur1ty/debian-snort-dev| Github nullsecurity]]
 +<code bash>apt install dh-autoreconf pkg-config cmake
 +cd /opt
 +git clone https://github.com/snort3/libdaq.git
 +cd libdaq
 +./bootstrap
 +./configure
 +make install
 +ldconfig
 +
 +cd /opt
 +git clone https://github.com/snort3/snort3.git
 +cd snort3
 +./configure\_cmake.sh --prefix=$HOME/install/snort3 --enable-unit-tests
 +
 +</code>
 +DOESN'T work...
 +==== Second try ====
 +
 +From: [[https://upcloud.com/resources/tutorials/installing-snort-on-debian]]
 +<code bash>
 +apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev bison flex libdnet autoconf libtool
 +cd /opt
 +mkdir snort_src
 +cd snort_src
 +wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz
 +tar xvzf daq-2.0.7.tar.gz
 +cd daq-2.0.7
 +autoreconf -f -i
 +./configure && make && make install
 +cd /opt/snort_src
 +wget https://www.snort.org/downloads/snort/snort-2.9.20.tar.gz
 +tar xvzf snort-2.9.20.tar.gz
 +cd snort-2.9.20
 +./configure --enable-sourcefire CPPFLAGS="-I /usr/include/tirpc" && make && make install
 +ldconfig
 +groupadd snort
 +useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
 +mkdir -p /etc/snort/rules
 +mkdir -p /var/log/snort
 +mkdir -p /usr/local/lib/snort_dynamicrules
 +chmod -R 5775 /etc/snort
 +chmod -R 5775 /var/log/snort
 +chmod -R 5775 /usr/local/lib/snort_dynamicrules
 +chown -R snort:snort /etc/snort
 +chown -R snort:snort /var/log/snort
 +chown -R snort:snort /usr/local/lib/snort_dynamicrules
 +touch /etc/snort/rules/white_list.rules
 +touch /etc/snort/rules/black_list.rules
 +touch /etc/snort/rules/local.rules
 +cp /opt/snort_src/snort-2.9.20/etc/*.conf* /etc/snort
 +cp /opt/snort_src/snort-2.9.20/etc/*.map /etc/snort
 +cd /opt/snort_src
 +wget https://www.snort.org/rules/community -O ./community.tar.gz
 +tar xvzf community.tar.gz
 +cp /opt/snort_src/community-rules/* /etc/snort/rules
 +sudo sed -i 's/include $RULE_PATH/#include $RULE_PATH/' /etc/snort/snort.conf
 +vi /etc/snort/snort.conf
 +</code>
 +DOESN'T WORK EITHER !!!!\\
 +==== Third try ====
 +From : [[https://unix.stackexchange.com/questions/584144/unable-to-locate-package-snort]] - modified to reflect last Debian 11 version
 +<code bash> 
 +vi /etc/apt/sources.list
 +</code>
 +<code perl>
 +deb http://httpredir.debian.org/debian bullseye main
 +</code>
 +:!: bullseye as kali is now rolling release so put a current version **might** -> **testing** doesn't work ! (as of 20/07/2022)
 +<code bash>apt update
 +apt install snort</code>
 +:!: comment the line **deb http://httpredir.debian.org/debian bullseye main**
 +==== Configure ====
 +<code bash>dpkg-reconfigure snort</code>
 +You can change the default IP range of $HOME_NET (**default is 10.0.2.0/24** aka VirtualBox's VLAN)
 +==== Test ====
 +<code bash> vi /etc/snort/rules/local.rules</code>
 +<code perl>
 +alert tcp any any -> any any (msg:"Basic test please comment in local.rules"; sid:10000001; rev:001;)
 +</code>
 +<code bash>
 +snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf</code>
 +Now launch a web browser or anything that goes on the internet using tcp stack
 +==== Update ====
 +Uncomment the line in **/etc/apt/sources.list** with debian repos then **apt update && apt upgrade snort**
 +===== Brave =====
 +<code bash>
 +apt install apt-transport-https curl
 +
 +sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
 +
 +echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
 +
 +apt update
 +
 +apt install brave-browser
 +</code>
 +
 +===== Nala =====
 +You can add [[https://gitlab.com/volian/nala|Nala]] following the instructions from their [[https://gitlab.com/volian/nala/-/wikis/Installation| Wiki]] on any Debian/Ubuntu VMs
 +<code bash>
 +echo "deb https://deb.volian.org/volian/ scar main" | sudo tee /etc/apt/sources.list.d/volian-archive-scar-unstable.list
 +wget -qO - https://deb.volian.org/volian/scar.key | sudo tee /etc/apt/trusted.gpg.d/volian-archive-scar-unstable.gpg > /dev/null
 +apt update
 +apt install nala
 +</code>
 +
 +====== Exam preparation ======
 +You can quickly script the files where you'll answer the challenge for the exam:
 +<code bash>
 +FIRSTNAME="Arnaud"; LASTNAME="Fortier";for challenge in {1..10}; do mkdir -p ~/Desktop/Challenges/${challenge};\
 + touch ~/Desktop/Challenges/${challenge}/CSS2024\ $FIRSTNAME\ $LASTNAME\ -\ Challenge${challenge}.docx; done
 +</code>
 +:!: Change FIRSTNAME/LASTNAME values ;-)
 +
 +====== Detailed installation ======
 +__**(if you install from scratch with the ISO - not needed if you already imported the OVA/premade images)**__
 +===== visudo =====
 +css user is member of the sudo group
 +<code bash>sudo visudo</code>
 +<code perl>%sudo  ALL=(ALL:ALL) NOPASSWD:ALL</code>
 +
 +===== Virtualbox Additions tools =====
 +:!: not mandatory, only for barebone install, images from Kali have necessary tools already installed
 +Insert the virtual CD :!: DOESN'T work on Silicon ... (20241028)
 +<code bash>cd /media/cdrom0
 +sudo  bash ./VBoxLinuxAdditions.run
 +sudo usermod -aG vboxsf kali
 +</code>
 +
 +
 +===== HyperV =====
 +Under hyperV you should set this option to get the most of the VM
 +<code bash>
 +C:\Windows\system32> Set-VM "Kali Linux" -EnhancedSessionTransportType HVSocket </code>
 +
 +
 +===== Slow Web browser =====
 +if your web browser seems laggy or make your whole VM laggy, just activate the 3D acceleration: **Settings > Display** and check "Enable 3D acceleration"
 +
 +
 +===== References =====
 +  * https://computingforgeeks.com/install-docker-and-docker-compose-on-kali-linux/
 +  * https://seanthegeek.net/1172/how-to-install-volatility-2-and-volatility-3-on-debian-ubuntu-or-kali-linux/
 +  * https://isc.sans.edu/forums/diary/Using+Yara+rules+with+Volatility/22950/
 +  * https://bin3xish477.medium.com/installing-snort-on-kali-linux-9c96f3ab2910