We start by creating a droplet, I used the Debian 8.7 x64 distribution and if you are gonna run Kali Linux you should probably go with at least size number 2 which has 1gb of RAM at 10$/month.
Add an SSH key to the droplet, spin it up and login to the box.
Let's find the sources for the Kali Linux packages from here:
http://docs.kali.org/general-use/kali-linux-sources-list-repositories
I wanna use the latest Rolling distribution that gets updates continuously so I'll use:
deb http://http.kali.org/kali kali-rolling main contrib non-freeWe add this to the /etc/apt/sources.list file on the system.
root@mybox:~# echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list
cat /etc/apt/sources.list
...
# jessie-updates, previously known as 'volatile'
deb http://mirrors.digitalocean.com/debian jessie-updates main
deb-src http://mirrors.digitalocean.com/debian jessie-updates main
deb http://http.kali.org/kali kali-rolling main contrib non-free
Next we need to import the GPG key for the sources so that we can verify the packages. I looked up the key from an existing Kali Linux installation:
root@aKaliBoxIhad:~# apt-key list --with-fingerprint
...
/etc/apt/trusted.gpg.d/kali-archive-keyring.gpg
-----------------------------------------------
pub rsa4096 2012-03-05 [SC] [expires: 2018-02-02]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid [ unknown] Kali Linux Repository <devel@kali.org>
sub rsa4096 2012-03-05 [E] [expires: 2018-02-02]
Next we add the key to the keychain by looking it up from keys.gnupg.net. Note: Do not use the short fingerprint!
root@mybox:~# apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ED444FF07D8D0BF6
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.T551SpCEIH --no-auto-check-trustdb --trust-model always --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
gpg: requesting key 7D8D0BF6 from hkp server keys.gnupg.net
gpg: key 7D8D0BF6: public key "Kali Linux Repository " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Now update the packages and let's look at which Kali Linux packages we can install:
root@mybox:~# apt-get update && apt-get upgrade
All the Kali Linux meta packages are listed here:
So for instance to install the top 10 tools of Kali Linux, we do:
root@mybox:~# apt-get install kali-linux-top10
Now we will have for among other tools, Metasploit, installed on the server. Let's start it up
root@mybox:~# /etc/init.d/postgresql start
root@mybox:~# msfdb init
root@mybox:~# msfconsole
_---------.
.' ####### ;."
.---,. ;@ @@`; .---,..
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ `. ;'
|@@@@ @@@ @ .
' @@@ @@ @@ ,
`.@@@@ @@ .
',@@ @ ; _____________
( 3 C ) /|___ / Metasploit! \
;@'. __*__,." \|--- \_____________/
'(.,...."/
Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit
=[ metasploit v4.13.14-dev ]
+ -- --=[ 1613 exploits - 915 auxiliary - 279 post ]
+ -- --=[ 471 payloads - 39 encoders - 9 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf >
Now we can get hacking :D
No comments :
Post a Comment