Kali Linux - VM
π Resources π
Create a new Virtual Machine in VMWare with preferred specs:
Processors:
1 CPU - 2 CoresRAM Memory:
8 GBHard Disk:
60 GBCD: use the Kali Installer .iso image file - Download here - and check Connect at power on
Network: set it as NAT
Boot the virtual machine and proceed with the Kali Installation
First Boot & Update
Boot Kali Linux
Open the Terminal and run the command
sudo apt update && sudo apt full-upgrade -y && sudo apt -y autoremove
full-upgradeperforms the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.This command will upgrade the system to the latest Kali version.
Tips from the Updating Kali post:
β You should be checking for updates every few weeks
π A good practice is that you ensure all tools work before an engagement and during that engagement you should not update
Reboot the system
rebootCustomize Kali and finish off the setup using
kali-tweaksif necessary
kali-tweaks
Configurations
Basic config
# Timezone for "Europe/Rome"
sudo unlink /etc/localtime
sudo ln -s /usr/share/zoneinfo/Europe/Rome /etc/localtime
sudo timedatectl set-timezone "Europe/Rome"
# Change "root" user password
sudo passwd root
# Disable Password prompt for sudo group
sudo sed -i.bak 's/%sudo\s\+ALL=(ALL:ALL) ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/' /etc/sudoers
# Set GRUB Timeout
sudo sed -E '/^GRUB_TIMEOUT=/s/=(.*)/=1/' -i /etc/default/grub
sudo update-grubSSH keys
Host SSH keys - resets the host's SSH identity and enables SSH (disable if not necessary)
User SSH key pair - creates a new personal SSH login key
Add to ssh-agent - loads the key for automatic use
# Host ssh keys
sudo /bin/rm -v /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server
sudo systemctl enable --now ssh
# User ssh key pair
cd
mkdir -p $HOME/.ssh
cd $HOME/.ssh
ssh-keygen -t ed25519
# Type a secure passphrase when asked
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/*
# Add the SSH private key to the ssh-agent
eval "$(ssh-agent -s)" && ssh-add $HOME/.ssh/id_ed25519Install JetBrainsMono Nerd Font
# Install etBrainsMono Nerd Font
cd
mkdir -p $HOME/.local/share/fonts
cd $HOME/.local/share/fonts
curl -fLO https://github.com/ryanoasis/nerd-fonts/releases/latest/download/JetBrainsMono.zip
unzip JetBrainsMono.zip
rm JetBrainsMono.zip
fc-cache -fvsudo apt install -y terminatorConfig file ->
$HOME/.config/terminator/configMake sure to have already installed the necessary font
rm -f "$HOME/.config/terminator/config"
mkdir -p "$HOME/.config/terminator" && touch "$HOME/.config/terminator/config"
# Basic layout with maximized windows, custom font, infinite scrollback, no transparency
cat > "$HOME/.config/terminator/config" << 'EOF'
[global_config]
window_state = maximise
[keybindings]
[profiles]
[[default]]
font = JetBrainsMono Nerd Font Mono 16
foreground_color = "#f6f5f4"
show_titlebar = False
scrollback_infinite = True
disable_mousewheel_zoom = True
use_system_font = False
[layouts]
[[default]]
[[[window0]]]
type = Window
parent = ""
[[[child1]]]
type = Terminal
parent = window0
[plugins]
EOFFrom the
Default Applications / Utilitiesmenu, setterminatoras the default terminal to use
sudo update-alternatives --config x-terminal-emulator
β¨οΈ
CTRL+ALT+Tis a keyboard shortcut already configured in Kali. It should open theterminatorwith your configured layout.
Zsh & Oh-My-Zsh
Follow the guide here to setup
ZSHwithOh-My-Zsh- Zsh & Oh-My-Zsh - syselement and some useful aliases
Personal Kali Config
# KALI Linux XFCE Theme mod
echo -ne "\n--------Kali Theme Mod--------\n"
## Login: Kali-Dark + Wallpaper + User
sudo apt install kali-wallpapers-2020.4
sudo ln -sf /usr/share/backgrounds/kali/kali-neon-16x9.png /usr/share/desktop-base/kali-theme/login/background
sudo sed s:"Kali-Light":"Kali-Dark":g -i /etc/lightdm/lightdm-gtk-greeter.conf
sudo sed '/#greeter-hide-users=false/s/^#//g' -i /etc/lightdm/lightdm.conf
## Desktop Wallpaper
xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitorVirtual1/workspace0/last-image --create -t string -s /usr/share/backgrounds/kali/kali-neon-16x9.png
## Show Panel on primary display
xfconf-query -c xfce4-panel -p /panels/panel-1/output-name --create -t string -s "Primary"
## Turn Numlock ON
xfconf-query -c keyboards -p /Default/Numlock --create -t bool -s true
## Disable Display sleep and Disable Screensaver
xfconf-query -c xfce4-screensaver -p /lock/enabled -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /lock/saver-activation/enabled -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /saver/enabled -n -t bool -s false
xfconf-query -c xfce4-screensaver -p /saver/fullscreen-inhibit -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /saver/idle-activation/enabled -n -t bool -s false
xfconf-query -c xfce4-screensaver -p /saver/mode -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-enabled -n -t bool -s false
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/general-notification -n -t bool -s true
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/lock-screen-suspend-hibernate -n -t bool -s true
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/power-button-action -n -t int -s 3
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-panel-label -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-tray-icon -n -t bool -s false## Set Keybindings - Print, Alt+Shift+S, Win+E, Alt+T ##
cp "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.bak"
# Insert the following lines under the first <property name="custom" type="empty">
awk '
found == 0 && /<property name="custom" type="empty">/ {
print;
print " <property name=\"<Alt>t\" type=\"string\" value=\"terminator\"/>";
print " <property name=\"<Shift><Alt>s\" type=\"string\" value=\"/usr/bin/flameshot gui --clipboard\"/>";
print " <property name=\"Print\" type=\"string\" value=\"/usr/bin/flameshot gui --clipboard\"/>";
found = 1;
next;
}
{ print }
' "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" > /tmp/xfce4-keyboard-shortcuts.xml && \
mv /tmp/xfce4-keyboard-shortcuts.xml "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml"## Panel configuration
# to git pull from Github repo and import into $HOME/.config/xfce4/panel/## Set autologin for <username> ##
# sudo nano /etc/lightdm/lightdm.conf
# # In the [Seat:*] section of the file, set the following values:
# autologin-user=<username>
# autologin-user-timeout=0
# Set Adwaita-dark Theme
# xfconf-query -c xsettings -p /Net/ThemeName -s "Adwaita-dark"CTF Configs
Download and add hacking platforms
.ovpnfilesTo setup OpenVpn aliases check the Zsh & Oh-My-Zsh section
mkdir -p "$HOME"/htb "$HOME"/tcm "$HOME"/pwnx "$HOME"/tools
# Copy every .ovpn file in the respective dir
# e.g. File names
# htb.ovpn
# htbvip.ovpn
# thm.ovpn
# pwnx.ovpnsudo sh -c 'gunzip -c /usr/share/wordlists/rockyou.txt.gz > /usr/share/wordlists/rockyou.txt'Tools
Basic Tools
Install basic tools
sudo apt install -y apt-transport-https btop curl duf eza fastfetch flameshot gdu git-all htop locate nano net-tools npm pipx software-properties-common speedtest-cli sshpass terminator tmux tor tree ugrep vlc wget xclipsudo sh -c '
wget -qO- https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor -o /usr/share/keyrings/sublimehq-archive.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/sublimehq-archive.gpg] https://download.sublimetext.com/ apt/stable/" | tee /etc/apt/sources.list.d/sublime-text.list &&
apt update &&
apt install -y sublime-text
'# APT DEB822 source format
sudo sh -c '
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | tee /usr/share/keyrings/sublimehq-pub.asc > /dev/null &&
cat <<EOF > /etc/apt/sources.list.d/sublime-text.sources
Types: deb
URIs: https://download.sublimetext.com/
Suites: apt/stable/
Signed-By: /usr/share/keyrings/sublimehq-pub.asc
EOF &&
apt update &&
apt install sublime-text
'Run it with
sublcommand.
sudo sh -c '
apt install -y curl &&
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list &&
wget http://archive.ubuntu.com/ubuntu/pool/main/libu/libu2f-host/libu2f-udev_1.1.10-3.2_all.deb &&
dpkg -i libu2f-udev_1.1.10-3.2_all.deb &&
apt update &&
apt install -y brave-browser &&
rm -rf libu2f-udev_1.1.10-3.2_all.deb
'sudo sh -c '
wget -qO - https://apt.packages.shiftkey.dev/gpg.key | gpg --dearmor | tee /usr/share/keyrings/shiftkey-packages.gpg > /dev/null &&
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/shiftkey-packages.gpg] https://apt.packages.shiftkey.dev/ubuntu/ any main" > /etc/apt/sources.list.d/shiftkey-packages.list &&
apt update &&
apt install -y github-desktop
'sudo sh -c '
curl -fsSLo /usr/share/keyrings/vscodium-archive-keyring.asc https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg &&
echo "deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main" > /etc/apt/sources.list.d/vscodium.list &&
apt update &&
apt install -y codium
'# Install Docker Engine via APT repository
sudo apt update && sudo apt install -y curl apt-transport-https software-properties-common ca-certificates gnupg
packages=("docker.io" "docker-doc" "docker-compose" "podman-docker" "containerd" "runc")
for pkg in "${packages[@]}"; do
sudo apt remove "$pkg" -y
done &&
sudo sh -c '
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg &&
chmod a+r /usr/share/keyrings/docker.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list &&
apt update &&
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
'
# Add the current user to the "docker" group to let it run Docker
sudo groupadd docker
sudo gpasswd -a "${USER}" docker
# Enable the services at boot
# sudo systemctl enable --now docker.service containerd.service
# OR Disable the services at boot
sudo systemctl disable docker.service containerd.service
# still has docker.socket active to start the Docker service only when necessary
# Reboot and Test
reboot
docker run hello-worldsudo apt install flameshotConfig file ->
$HOME/.config/flameshot/flameshot.iniMake sure to have already installed the necessary font
mkdir -p "$HOME/.config/flameshot/" && touch "$HOME/.config/flameshot/flameshot.ini"
cat > "$HOME/.config/flameshot/flameshot.ini" << 'EOF'
[General]
contrastOpacity=188
copyPathAfterSave=false
saveAfterCopy=true
saveAsFileExtension=png
saveLastRegion=true
savePath=/home/syselement/Pictures/flameshot
savePathFixed=true
showHelp=false
showMagnifier=false
showStartupLaunchMessage=false
squareMagnifier=true
startupLaunch=true
EOFSet this as a custom Keyboard/Application shortcut for
flameshotI use
Shift+Alt+S(configured in the Personal Kali Config above)
Security Tools
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements.
π Installs dependencies:
dirsearch
enum4linux-ng
feroxbuster
oscanner
python3-ntlm-auth
python3-requests-ntlm
python3-toml
seclists
sipvicious
tnscmd10g
sudo apt update -y && sudo apt install -y autorecon
mkdir -p $HOME/scans/autoreconcd $HOME/scans/autorecon
sudo autorecon <TARGET-IP># ./results/target Directory Structure
.
βββ exploit/
βββ loot/
βββ report/
βΒ Β βββ local.txt
βΒ Β βββ notes.txt
βΒ Β βββ proof.txt
βΒ Β βββ screenshots/
βββ scans/
βββ _commands.log
βββ _manual_commands.txt
βββ tcp80/
βββ udp53/
βββ xml/BloodHound - uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment
# Requirement: Install Docker (see above)
sudo sh -c '
apt update -y
mkdir -p /opt/bloodhound
cd /opt/bloodhound
wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz
tar -xvzf bloodhound-cli-linux-amd64.tar.gz
ln -s /opt/bloodhound/bloodhound-cli /usr/local/bin/bloodhound-cli
/opt/bloodhound/bloodhound-cli install
'# Some commands
# (First) Install, e.g. after cleaning docker containers
sudo bloodhound-cli install
# Start
sudo bloodhound-cli containers start
# Update
sudo bloodhound-cli update
# Stop
sudo bloodhound-cli containers stopGo to http://localhost:8080/ui/login, and log in with
adminand the randomly generated password from the last installation step. Reset the password as prompted.To get data into BloodHound, ingest sample data or run a data collector.
# Other commands
sudo bloodhound-cli resetpwd
sudo bloodhound-cli config get default_passworde.g.ohmyzshaliases
nano $ZSH_CUSTOM/aliases.zshalias bloodhound-up='sudo bloodhound-cli containers start'
alias bloodhound-update='sudo bloodhound-cli update'
alias bloodhound-down='sudo bloodhound-cli containers stop'Install by cloning this repository
git clone https://github.com/dirkjanm/BloodHound.py, checking out the CE branchgit checkout bloodhound-ceand runningpip install .from the project directory.The BloodHound.py CE ingestor will add a command line tool
bloodhound-ce-pythonto your PATH.
mkdir -p $HOME/tools
cd $HOME/tools
git clone https://github.com/dirkjanm/BloodHound.py
cd BloodHound.py
git checkout bloodhound-ce
pipx install . --forcebloodhound-ce-pythonpipx install bloodyADbloodyAD --host <IP> -d bloody.local -k set password john.doe 'Password123!'These applications are meant to be insecure & vulnerable to help users experiment in a controlled manner. This metapackage depends on all the packages containing vulnerable environments for safe testing.
dvwajuice-shop
sudo apt install -y kali-linux-labsA next-generation crawling and spidering framework
sudo apt install -y golang
go install github.com/projectdiscovery/katana/cmd/katana@latest
sudo cp $HOME/go/bin/katana /usr/bin/katana -u <URL>Collect a dossier on a person by username from thousands of sites
pipx install git+https://github.com/soxoj/maigret
pipx ensurepathmaigret <USER>Kali Linux Fixes for Newly Imported VM's
β Read docs before running it! It may contains mods that you do not want.
cd /opt
sudo rm -rf pimpmykali/
sudo git clone https://github.com/Dewalt-arch/pimpmykali
sudo /opt/pimpmykali/pimpmykali.sh
# For a new kali vm, run menu option NPwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
sudo apt update && sudo apt install -y python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pipx install pwntools# ~3GB of space necessary
sudo apt update && sudo apt -y install exploitdb
# Update via apt
searchsploit -useclists() {
if [[ -d /usr/share/seclists ]];
then
echo -e "\n /usr/share/seclists already exists -- skipping"
else
echo -e "\n Download Seclists to /tmp/SecLists.zip"
sudo wget https://github.com/danielmiessler/SecLists/archive/master.zip -O /tmp/SecList.zip
echo -e "\n Extracing /tmp/Seclists.zip to /usr/share/seclists"
sudo unzip -o /tmp/SecList.zip -d /usr/share/seclists
# rm -f /tmp/SecList.zip
echo -e "\n Seclists complete"
fi
}
seclistsHunt down social media accounts by username across social networks
# On Kali
sudo apt install sherlocksherlock <USER>Last updated
Was this helpful?