For a while now I have been wanting to set up some kind of Kali HackBox. Sure, it's a piece of cake to simply spin up a VM or cloud instance, but lacking hardware powerful enough to run VMs, and budget for Clouds, what is one to do? I have an old laptop here... what would it take to make this a fully remotely accessible HackBox?
I know that Kali "works" on the laptop in question, no question about that. The REAL questuon here is what would it take to make that laptop fully accessible via SSH and VNC/RDP. It's Linux, so it is certainly POSSIBLE, but how much additional tweaking will be needed? How effective or useful is it?
Let's explore this.
If you have an old laptop, and you're looking to make use of it, follow along. This *SHOULD* work for just about any laptop that Kali can install on. I am going to try to document the COMPLETE process, assuming you've never installed Kali or Linux; feel free to Contact Me if something is missing or unclear. The more experienced of us can skim over the basics, and move on to the post-installation section.
Now, some of the things I do below aren't necessarily "best practice" for security, like allowing root to login via SSH. But I am also NOT making the laptop directly available from the internet, only behind a VPN, so many of those "security considerations" aren't all that applicable here.
- a functional computer
- "old" laptop that will be transformed to your HackBox
- USB drive, 4GB or more
First, we'll start with installing Kali on the laptop.
If you already have a Bootable Kali USB, you can skip this part and jump on down to the "Installation" section. Then again, if you managed to get that done, you probably don't need a walkthrough on installing Kali, so maybe even skip on down to the "Post Install" work.
Head on over to Kali Downloads and download the latest Kali ISO.
While that is downloading, Windows Users can go to https://rufus.ie/ and download Rufus there. Thus will allow us to make the USB bootable to install Kali. There are many tools out there that can accomplish this, but this is my personal favorite. Once the Kali ISO finishes, plug in your USB and start Rufus. The nice thing about Rufus is that it won't allow you to select a non-USB drive, so you can't accidentally wipe your drive, unlike some other similar apps. If you prefer another, feel free to use that.
For Rufus, open it up, and make sure your USB drive is selected under "Device". Leave the "Boot selection" on "Disk or ISO image (Please select)", and click the SELECT button. Find and select the Kali ISO you just downloaded, select the checkbox for "Quick format" under the "Advanced format options", then click START. In the "ISOHybrid image detected" prompt that comes up, just keep the recommended option and click OK. Same with the warning (just to remind you all data on the USB *WILL* be wiped), click OK. If you have previously used this USB as a bootably USB for anything else, you might get a prompt about "Multiple partitions detected", just click OK here too. Now we wait for the USB to complete.
Linux users have a bit of an easier time. This can all be accomplished with the following command:
dd if=kali.iso of=/dev/sdb bs=64M
or, if you would like to see a progress bar:
pv -tpreb kali.iso | dd of=/dev/sdb bs=64M
NOTE: Be sure to verify the /dev/sd* device prior to running these commands. I have another article, Bootable Kali with Encrypted Persistence, where I go into more detail on how to do so. Once you complete Step 4, that is all you need to make a simple bootable Kali USB.
Now we get to install Kali on the old laptop. Plug in your USB and turn on the laptop. Chances are you might need to make some BIOS changes to boot from the USB. If so, please refer to your manufacturer on how to do so. Boot from the USB, and you'll get the Kali Boot menu. From here you can select either "Install" for ye olde CLI install, or "Graphical install" to do so with a GUI. I like GUIs, so I'll pick that.
Go through the install process until you get to "Partition disks". Here, you will want to select "Guided - use entire disk and set up encrypted LVM"; I'm not trying to Dual-Boot this, but DEDICATE it to Kali. For the "Partitioning scheme", I'm lazy and just pick "All files in one partition", but if you feel confident enough to select something else, have at it. If you're not overly paranoid about things, you can also just Cancel the disk formatting. Be sure to select a really strong Encryption passphrase, keyword: PHRASE. Use multiple words. From there complete the install process until you get to "Install the GRUB boot loader on a hard disk", be sure to select /dev/sda (your actual hard drive) as opposed to the USB key. Finally, when it is all done, you'll be asked to remove the USB to reboot and boot in to your new Kali install.
Once booted, log in as 'root' with the password you set up during the install. Select the default config if you are unsure on the prompt.
So far, we've just done a basic Kali install. While this is enough to get the game started, we still need to do a few things to make the laptop remotely accessible.
To start, we'll make sure the laptop never turns off nor goes to sleep. Go to Applications -> Settings -> Power Manager. Change "When laptop lid is closed" to "Switch off display". Next, open a CLI terminal and run the following command:
In there, find "HandleLidSwitch", delete the '#' at the start of the line, and change "suspend" to "ignore". The run the following command to make it take effect:
systemctl restart systemd-logind.service
Next, we'll configure SSH to allow root login and start on boot. Just remember to NOT make this publicly available so you don't have to worry about your HackBox being hacked itself.
mv ssh_host_* default_keys/
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
Change settings from:
Subsystem sftp /usr/lib/openssh/sftp-server
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
(Ctrl+x to exit nano, 'y' to save modified buffer, enter to keep the same filename)
Then, set the SSH service to start on boot:
systemctl enable ssh.service
Run ye olde updates:
apt update (again, make sure you see "All packages are up to date")
Next, set up TighVNC Server and set it to run on boot:
Answer the prompts, then add an entry to the crontab to start tighvncserver on boot:
@reboot tightvncserver :1
Install a few more needful apps:
apt install keepassx software-properties-common file-roller hexchat network-manager-openvpn-gnome atop gobuster seclists
Create a directory for github repos:
Clone a few repos for typical common use:
git clone https://github.com/smicallef/spiderfoot
git clone https://github.com/andrew-d/static-binaries
git clone https://github.com/nilotpalbiswas/Auto-Root-Exploit
git clone https://github.com/DominicBreuker/stego-toolkit
git clone https://github.com/tennc/webshell
Now the laptop is just about ready to rock. Just a few last details to sort out.
Accessing your HackBox
This is the whole reason we are setting this up... to be able to access the HackBox from (just about) anywhere. Allow me to once again clarify that we are NOT making the HackBox directly accessible FROM the internet; that's a bad idea all around. Instead, I will make accessible from the internal network only, and then set up a VPN, and allow access from the "internet" through the VPN. Depending on what you have available to accomplish this, you may want (need) to set it up with a Static IP (or a DHCP Lease on the DHCP server). Whichever option you decide, be sure to note the IP Address your HackBox has. Then, all you have to do is use you SSH or VNC client of your choice (I would suggest mRemoteNG for both if you don't have either) and connect to your HackBox IP!
And you're DONE!
As usual, let me know if you have any feedback by Contacting Me and letting me know what you think!