Kali Linux is a Debian-based GNU / Linux distribution that specializes in computer security. It has a large number of tools oriented towards intrusion testing and auditing of computer systems.
We will see the details of the main tools of this distribution later, we will focus here on its installation via virtualization software VirtualBox.
Use of virtualization software instead of plain installation ?
A plain installation of Kali linux is seducing to understand how the operating system works but it has many disadvantages.
- You can’t build and rebuild systems easily with different options (w/o nuke password etc.)
- If you breaks your system, you have to set-up your whole configuration every time.
- Kali linux purpose is not always compatible with personal use (video playing, gaming etc.)
Virtualization software : VMWare or Virtualbox
2 main virtualization softwares are available to create Virtual machine:
- VMWare (the industry leader)
- or Virtualbox (its open-source alternative)
Choice of the software depends on your operating system.
- If you are on Windows, VMWare player is the recommended alternative knowing it’s free and the standard de facto.
- If you are on Linux distribution, Virtualbox is the best option knowing that I tried to install VMWare on 2 different distributions.
- Ubuntu (19.04) allows to install VMware player but I encountered an issue on loading additional modules
- Fedora (29) fails to install VMWare player due to kernel incompatibility.
To sum up, I didn’t manage to make work VMWare player on Linux and regarding the number of threads dedicated to those issues, I’m not the only one.
Kali setup based on Ubuntu 19.04 + Virtualbo
First of all you must have VirtualBox installed on your computer, I do not lie on it, there is no particular difficulty during its installation with Ubuntu:
$ sudo apt-get install virtualbox
Once VirtualBox installed, you have to download the OVA file containing Kali Linux. To do this you just have to go to https://www.offensive-security.com in the download section, choose the Virtualbox tab and choose according to your configuration (64 bits recommended).
After downloading, import the virtual machine by clicking on :
File > Import a virtual machine.
The default settings are put in place, it will be possible and interesting to change them later at its convenience. Once this step done, you can launch the virtual machine Kali.
After a few seconds an authentication page will appear and you will be asked for the login which is “root” and the password which is “toor” (you can modify them thereafter).
Finally as on any newly installed OS, an update is required with :
$ sudo -i
$ apt-get update && apt-get upgrade
Metasploitable VM setup based on Ubuntu 19.04 + Virtualbox
Once Kali linux installed, we are going to install Metasploitable to have a target during pen-testing.
Metasploitable is a linux distribution that is voluntarily vulnerable in many ways, allowing it to use and apply its new knowledge in an environment that is dedicated to it.
It is important to remember that it is strictly forbidden to perform this kind of test on any site or machine under penalty of fine or jail time depending on the severity of the attack. Intrusion under real conditions is possible only through a contract signed between an entity and a service provider.
Let’s look at installing framework metasploitable. To do this, go to https://sourceforge.net/projects/metasploitable/ where you will download the latest version.
To create this virtual machine, click on the blue “new” icon give it a name, choose the operating system (Linux > Ubuntu (64 bits) and choose as existing VM the VMDK file containing metasploitable.
Once the VM created and run, the user name and the password are msfadmin but at this moment the machine is in qwerty and if you are french, you are probably in azerty. So you will have to write , sfqd,in while waiting to be able to modify it via the command “sudo loadkeys fr”.
Network communication between the 2 Virtual machines
First, click on the “settings” tab, then “network” and select the network access mode, change the nat mode to bridge mode and change the promiscuity mode in the “advanced” tab to ” authorize everything “. This manipulation allows our virtual machine to connect to the internet and other virtual machines while the nat mode only allows the connection to the internet.