Pentest Environment Deployment

This tool provide an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.

Requirements

I assume you are familiar with virtualbox and vagrant.

• https://www.virtualbox.org/
• http://www.vagrantup.com/

Tested with:

• Virtualbox (4.3.20)
• Vagrant (1.7.1)

About boxes

Boxes URL

• Kali linux 1.0: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box
  • VirtualBox 4.2.10
  • Vagrant 1.0.7
• Kali linux 1.0.4: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0.4-amd64.box
  • VirtualBox 4.2.16
  • Vagrant 1.2.7
• Kali linux 1.1.0: http://ftp.sliim-projects.eu/boxes/kali-1.1.0-amd64-en-layout.box
  • VirtualBox 4.3.20
  • Vagrant 1.7.1

Changes details

Provided boxes are fresh install of Kali linux with some changes:

Kali linux 1.0

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Installation of chef package for provisioning.
• vagrant user was created for provisionning (Password: tnargav).
• admin group don’t require password for sudo.
• vagrant user is in admin group.
• Authorized keys for vagrant user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.

Kali linux 1.0.4

Fresh install from http://cdimage.kali.org/kali-latest/amd64/kali-linux-1.0.4-amd64-mini.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Installation of chef package for provisioning.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.
• Modified /etc/issue for vagrant os detection.
• MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.

Kali linux 1.1.0

Fresh install from http://cdimage.kali.org/kali-1.1.0a/kali-linux-1.1.0a-amd64.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.
• Modified /etc/issue for vagrant os detection.
• MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.

Please don’t forget to read security warning below !

Installation

You will need rake and berkshelf for vm provisionning, you can install it with rubygems:

gem install rake berkshelf

Clone pentest-env repository and its submodules:

git clone https://github.com/Sliim/pentest-env.git
git submodule init
git submodule update

Or in one line:

git clone https://github.com/Sliim/pentest-env.git --recursive

Install cookbooks dependencies:

rake

Usage

Running Kali linux

Pentest-env works with Vagrant, so all you need to know is to use basic vagrant features :) To run kali instance:

vagrant up kali

Pentest-env customizations

Since Pentest-env 0.5.0, customizations are stored in $HOME/.pentestrc file as YAML format. An example of configuration file is available at the root of this repository named pentestrc.example

You can copy and edit it for your needs:

cp pentestrc.example ~/.pentestrc

Here is a minimal configuration:

scripts_path: ~/.pentest.d/scripts
targets_path: ~/.pentest.d/targets
targets: []

This setup set your scripts and targets directories used by pentest-env. It also set an empty target list.. if you just want to run a Kali instance..

Kali linux customizations

You can perform many customizations on kali linux instance. Just add kali key in your $HOME/.pentestrc, below the availables customizations:

• packages - An array of apt packages to install
• commands - List of command to run as inline shell script
• scripts - List of scripts to execute. They must be located in scripts_path directory
• synced_folders - Hash for forlders to sync with the instance

Example:

kali:
  packages: [git-core]
  commands:
  - curl https://opscode-omnibus-packages.s3.amazonaws.com/debian/6/x86_64/chef_12.0.3-1_amd64.deb -o chef.deb && sudo dpkg -i chef.deb
  scripts: [openvas.sh]
  synced_folders: {data: /pentest}

Targets customization

You can easily deploy targets with your kali instance. Pentest-env comes with some targets ready to use:

• dvwa - DVWA (Damn Vulnerable Web Application) - http://www.dvwa.co.uk/
• vicnum - OWASP Vicnum - https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
• gruyere - Google Gruyere - http://google-gruyere.appspot.com/
• bricks - OWASP Bricks - https://www.owasp.org/index.php/OWASP_Bricks
• webgoat - OWASP WebGoat - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

To setup targets to deploy, edit your $HOME/.pentestrc and set the targets list:

targets: [dvwa vicnum]

You can add your own targets in your targets_path directory and use them in your targets list.

Targets instance can be customized same as the kali instance, use the target’s name as a key in your configuration file to customize the targets:

dvwa:
  packages: [git-core]
vicnum:
  packages: [git-core]

Pentest Chef repo

chef-solo is used as the provisioner. You need to init git submodules to provision your Kali with provided roles in pentest-chef-repo. If this submodule is missing, kali provisioning will be ignored.

You can add/remove some roles to you Kali linux by editing the provisioning section in Vagrantfile For example:

kali.vm.provision :chef_solo do |chef|
  ...
  chef.add_recipe('apt')
  chef.add_role('kali-full')
  chef.add_role('faraday')
end

See pentest-chef-repo for a detailed list of available roles.

Known issues

Hostonly on kali linux 1.0 fail

Hostonly connection will be reset at first vm creation. To resolve this, disconnect connection in gui mode and run in your vagrant directory:

vagrant reload kali

GPG Error: KEYEXPIRED

If you have the following message when you run apt-get update:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.kali.org kali/updates Release: The foll
owing signatures were invalid: KEYEXPIRED 1425567400 KEYEXPIRED 1425567400 KEYEXPIRED 1425567400

You need to update your kali-archive-keyring:

rm -rf /var/lib/apt/lists
apt-get update
apt-get install kali-archive-keyring

Source: https://forums.kali.org/showthread.php?24687-Problem-with-apt-get-update

Security warning

Kali linux 1.0

Virtual machine boot with sshd service running and may cause some security issues:

• Bridged network is enabled by default.
• Default root password of this box is insecure (toor).
• Vagrant user is insecure
  • Private key stored in ssh-keys/.
  • Password known (tnargav).
  • User in sudoers with no password required.

Kali linux 1.0.4

Virtual machine boot with sshd service running and may cause some security issues:

• Bridged network is enabled by default.
• Default root password of this box is insecure (toor).

Kali linux 1.1.0

Same as Kali linux 1.0.4

License

See COPYING file