Thursday, January 19, 2017

Installing Kali Linux on Debian in DigitalOcean

DigitalOcean is a nice and relatively cheap way to run virtual machines in the cloud. As a pentester I like to use Kali Linux which comes with a great number of useful tools. The problem is that DigitalOcean does not have a Kali Linux droplet or a way of installing custom images, at least not to my knowledge. But since Kali Linux is based on Debian let's go ahead and try installing Kali Linux packages on top of the latest Debian image available from DigitalOcean.

We start by creating a droplet, I used the Debian 8.7 x64 distribution and if you are gonna run Kali Linux you should probably go with at least size number 2 which has 1gb of RAM at 10$/month.

Add an SSH key to the droplet, spin it up and login to the box.

Let's find the sources for the Kali Linux packages from here:
http://docs.kali.org/general-use/kali-linux-sources-list-repositories

I wanna use the latest Rolling distribution that gets updates continuously so I'll use:
deb http://http.kali.org/kali kali-rolling main contrib non-free

We add this to the /etc/apt/sources.list file on the system.
root@mybox:~# echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list

cat /etc/apt/sources.list
...

# jessie-updates, previously known as 'volatile'
deb http://mirrors.digitalocean.com/debian jessie-updates main
deb-src http://mirrors.digitalocean.com/debian jessie-updates main
deb http://http.kali.org/kali kali-rolling main contrib non-free

Next we need to import the GPG key for the sources so that we can verify the packages. I looked up the key from an existing Kali Linux installation:

root@aKaliBoxIhad:~# apt-key list --with-fingerprint
...
/etc/apt/trusted.gpg.d/kali-archive-keyring.gpg

-----------------------------------------------

pub   rsa4096 2012-03-05 [SC] [expires: 2018-02-02]

      44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6

uid           [ unknown] Kali Linux Repository <devel@kali.org>

sub   rsa4096 2012-03-05 [E] [expires: 2018-02-02]



Next we add the key to the keychain by looking it up from keys.gnupg.net. Note: Do not use the short fingerprint!

root@mybox:~# apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ED444FF07D8D0BF6
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.T551SpCEIH --no-auto-check-trustdb --trust-model always --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
gpg: requesting key 7D8D0BF6 from hkp server keys.gnupg.net
gpg: key 7D8D0BF6: public key "Kali Linux Repository " imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Now update the packages and let's look at which Kali Linux packages we can install:
root@mybox:~# apt-get update && apt-get upgrade

All the Kali Linux meta packages are listed here:


So for instance to install the top 10 tools of Kali Linux, we do:
root@mybox:~# apt-get install kali-linux-top10

Now we will have for among other tools,  Metasploit, installed on the server. Let's start it up

root@mybox:~# /etc/init.d/postgresql start

root@mybox:~# msfdb init

root@mybox:~# msfconsole


                 _---------.
             .' #######   ;."
  .---,.    ;@             @@`;   .---,..
." @@@@@'.,'@@            @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;
   `.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'
     "--'.@@@  -.@        @ ,'-   .'--"
          ".@' ; @       @ `.  ;'
            |@@@@ @@@     @    .
             ' @@@ @@   @@    ,
              `.@@@@    @@   .
                ',@@     @   ;           _____________
                 (   3 C    )     /|___ / Metasploit! \
                 ;@'. __*__,."    \|--- \_____________/
                  '(.,...."/


Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit

       =[ metasploit v4.13.14-dev                         ]
+ -- --=[ 1613 exploits - 915 auxiliary - 279 post        ]
+ -- --=[ 471 payloads - 39 encoders - 9 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >


Now we can get hacking :D

No comments :

Post a Comment