A Kali VM for Swiss Cyber Forum students
- v1.0 (without TimeSketch) : https://drive.switch.ch/index.php/s/34ZXW2k04NC1qGB - 10.8GB
Things to do to make this VM work on our environment:
Here's how I installed the VM
From Kali linux Website
https://cdimage.kali.org/kali-2021.2/kali-linux-2021.2-installer-amd64.iso
Standard Install (+ large software selection) on VirtualBox (6.1) with:
All in one partition ( / and /home)
One user:
User is member of sudoers without password:
visudo
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
Python, SQLite, sslyze, wireshark are already installed
sudo su apt update && apt upgrade apt install htop ccze snort -y
For snort:
Address range for the local network : 192.168.0.0/16 (Default)
To change it:
dpkg-reconfigure snort
Since it's no longer available directly in the repositories… Let's install Volatility2 & 3 alongside
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py python2 get-pip.py apt install python3-pip apt install pcregrep libpcre++-dev python-dev -y pip2 install --upgrade setuptools pip2 install pycrypto pip2 install distorm3
cd wget https://bootstrap.pypa.io/pip/2.7/get-pip.py python2 get-pip.py apt install python3-pip pcregrep libpcre++-dev python-dev -y pip2 install --upgrade setuptools pip2 install pycrypto pip2 install distorm3 cd /opt git clone https://github.com/volatilityfoundation/volatility.git chmod +x /opt/volatility/vol.py git clone https://github.com/volatilityfoundation/volatility3.git ln -s /opt/volatility/vol.py /usr/local/bin/volatility ln -s /opt/volatility3/vol.py /usr/local/bin/volatility3
apt -y install curl gnupg2 apt-transport-https software-properties-common ca-certificates echo "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" | sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - cd apt update apt install -y docker-ce docker-ce-cli containerd.io systemctl enable docker --now usermod -aG docker scf curl -s https://api.github.com/repos/docker/compose/releases/latest \ | grep browser_download_url \ | grep docker-compose-Linux-x86_64 \ | cut -d '"' -f 4 \ | wget -qi - mv docker-compose-Linux-x86_64 /usr/bin/docker-compose chmod +x /usr/bin/docker-compose
apt install libreoffice
apt update && apt dist-upgrade apt install -y openjdk-17-jre-headless apt-transport-https wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - sudo echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list apt update apt install -y elasticsearch systemctl daemon-reload systemctl enable elasticsearch --now apt install -y postgresql python3-psycopg2 ## already installed echo "local all timesketch md5" >> /etc/postgresql/13/main/pg_hba.conf systemctl start postgresql apt install -y python3-pip python-dev libffi-dev ##already installed pip3 install timesketch cp /usr/local/share/timesketch/timesketch.conf /etc/ chmod 600 /etc/timesketch.conf tsctl add_user -u <username> ## error
cd /opt git clone https://github.com/google/timesketch.git
As normal user (scf)
cd /opt/timesketch cd docker/dev sudo docker-compose up # 3h