Welcome back to Semester 1 2019 to all new and returning RISC members. Our first tutorial will cater to the newer members of the club, and serve as an introduction to the platform that more seasoned hackers know and love. It will cover the setup of VirtualBox and installation of a Kali Linux virtual machine (VM). We all started somewhere – that was probably here.
What is Kali Linux?
Kali Linux is a distribution of Linux that is designed for penetration testing and digital forensics. It is a Debian-based operating system which is bundled with many, many tools designed to facilitate these tasks. It is maintained and funded by Offensive Security, known also for Exploit DB and their certifications such as the increasingly sought-after OSCP (Offensive Security Certified Professional).
Before you start
The first thing you’ll need to do is download the resources you’ll be using to run the VM.
The first of these is a hypervisor to facilitate virtualisation – we’ll be using VirtualBox as it is cross-platform (Windows, Mac & many varieties of GNU/Linux), open source and freely available to download. Download it here.
Secondly you need to download the disc image for Kali – available to download from the Kali website. For first time users we recommend the VirtualBox images as they’re ready to go to be setup in VirtualBox. However, these images will create an 80GB (dynamically allocated) disk for use with the VM. If you have this space to spare – these images are for you. However, many people don’t have this space or want the customization that comes with setting up the VM manually. The VirtualBox images are available here. For other all other Kali downloads, see here.
Once you’ve got everything downloaded, ensure that hardware virtualisation is enabled in your BIOS. Restart your computer and, while it’s booting up again, depending on the manufacturer of your motherboard, press ESC, Delete, F2, or F12 (or maybe even F8 or F10). This should bring you to the BIOS, or at least a screen which allows you to access the BIOS settings. Navigate through the menus until you find an option which mentions “virtualisation technology” (it might be Intel VT or AMD-V depending on your CPU), and enable it. Save your settings and exit the BIOS. Your computer should restart again.
Now you must install VirtualBox. This is easy – simply run the installer you downloaded and follow the prompts to install the application. Ensure that both the USB Support and Networking components are installed, as well as installing the VirtualBox Guest Additions (when prompted) to maximise the capabilities of your Virtual Machines.
If you have chosen to use the prebuilt VirtualBox machine image (.ova file) provided, then simply import it using the ‘Import Appliance’ menu (File>Import Appliance) and follow the prompts. There you can change the CPUs and RAM allocated to the VM too. That’s it. You’re done! See the final section for suggestions on what to do next. If not, keep following for how to provision your Virtual Machine and install Kali Linux yourself.
Setting up your VM
Finally, you get to create your Virtual Machine. This process starts with provisioning what resources from your host computer (your physical device) you will allocate to your guest machine (the Kali VM). Here’s the minimum recommended specs:
- 1GB RAM minimum, 2GB or more (if available) recommended
- 20GB disk space (absolute) MINIMUM – using more will ensure that you never run out of space when working with large files or installing extra tools or resources. I recommend at least 30GB (VDI format)
- As many vCPUs as you can spare – I usually start with half the logical cores in my machine and increase/decrease as required (bruteforcing benefits from more CPUs)
Next, configure your VM with an Optical Disk drive and load the Kali ISO downloaded. This is done through the VM settings menu as shown here:
Installing Kali Linux
Finally, it is time to boot up your VM and start setting up Kali Linux for use. Select your Kali VM within VirtualBox and then press the ‘Start’ button located near the top of the window. You will be greeted with the Kali Boot screen. As we will be installing Kali, select the ‘Graphical Install’ option from this screen to begin that process.
Next you must configure your desired language and locale for the machine. Choose what is appropriate here. Continuing through the menus you will be prompted for a hostname for the Kali VM. This is entirely up to you: name it any way you like – or keep it the default ‘kali’.
The next two screens are for creating a non-root (regular privilege) user to day-to-day use of the VM. As with the hostname, name this user what you like. The first prompt asks for the full name of the use (ie. Bob Smith) and the second asks for the username (ie. bob.smith). Next up you set your time zone, we’ll be using Australia/Melbourne.
Following this is disk partitioning. For simplicity’s sake, we’re using the entire disk on our computer and not configuring LVM (logical volume manager). Experienced users can use the “Manual” partitioning method for more granular configuration options. The next screen asks for which device to use. As we only set up one device earlier, only one should be listed here, choose that. Finally you’re prompted for which disk partitioning layout to use. As is recommended by the installer for new users, choose ‘All files in one partition’. Accept the final summary screen to progress to the final stage of installation.
In order to keep packages up to date, Kali requires the use of network package mirrors as shown on the next screen. Choose ‘Yes’ here to ensure you have up to date packages installed. Finally, install the Grub bootloader by selecting ‘Yes’ and your installation will begin.
Finally, after the installation is complete, you are prompted to reboot into your freshly installed operating system. Do exactly this and you should be greeted with the soon-to-be-familiar Kali boot screen. Selecting option 1 will boot into your installed OS. Once loaded, you can now log into the system with the user you created earlier.
Now you have installed Kali Linux, what should you do? Here are some suggestions from our RISC leadership team:
- Ensure packages are up to date by opening a terminal window and running the command:
- sudo apt update && sudo apt upgrade
- Ensure the root password on your VM has been changed to something non-standard and hard to guess
- Check out Vulnhub for a variety of vulnerable VMs to practice with
- Have a look at HackTheBox – see if you can get past their signup challenge (hint: can you find a link to /register?)
- Look into practice web apps such as DVWA or Hack This Site
Future RISC workshops will cover how to use many of the tools and resources provided with Kali Linux over the coming weeks. Feel free to post any questions about setting up Kali in the Facebook Group – there will always be plenty of people willing to help.