User Tools

Site Tools


ctf:howtos:kali_installation

Kali Installation

To participate in a CTF you need some tools.
The most common Linux distribution for pentesting is Kali. It offers a lot out of the box. If you are new to the topic we will guide you through the installation and the basic setup.

Installation

A VM is good enough for most cases

  • Download and install VirtualBox
    • Install the VirtualBox Extension Pack if you want to use USB devices in the VM
  • Download Kali Linux
  • Install Kali linux in a virtual machine
  • login with the default password (root/toor)

Screen Resolution

To adjust the screen resolution automatically to the size of the window you need some tools

apt-get update
apt-get -y upgrade
apt-get -y dist-upgrade
reboot
apt-get -y install virtualbox-guest-x11
reboot

Tools

Repository

You want to be prepared for some of the challenges and have some applications ready Some tools are in the repository, but not installed by default in some Kali versions (ARM)

apt-get -y install screen vim zsh autossh tor \
unrar p7zip-full \
htop nethogs iftop ifstat lshw \
tcpdump dnsutils telnet \ 
nfs-common cifs-utils wmic \
masscan dnsenum dnsrecon dnswalk cdpsnarf dirb wordlists \ 
metasploit-framework \
mitmproxy dsniff sslstrip sslsplit bettercap ettercap-text-only dnsspoof

Webserver

In some challenges it is handy to have a webserver with php support ready

apt-get -y install nginx-light php5-fpm
cat <<EOF > /etc/nginx/sites-available/default
server {
   listen 80 default_server;
   #listen [::]:80 default_server;
   server_name it-department.internal;
   root /var/www/html;

   index index.html index.htm;

   # PHP
   location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      include fastcgi_params;
   }
}
EOF
systemctl disable nginx
systemctl disable php5-fpm

Configure

Metasploit

msfdb init
msfupdate
msfconsole -x db_rebuild_cache

Openvas

openvas-setup

Cleanup

apt-get clean
apt-get autoclean
ctf/howtos/kali_installation.txt · Last modified: 2018/01/06 12:53 by trinitor