导读
个人购买的服务器价格比较昂贵,同时配置也不怎么高,更多的人就更倾向于在寸土寸金的服务器上安装linux系统,还是黑窗口的那种,图形界面真的是很吃资源,不过本篇呢,小编逆向而行,满足有些小伙伴图形 kali 之路的通畅之行。
模拟环境的实战
小鸡配置信息
CPU: 2 核心
物理内存: 4GB
交换分区: 4GB
存储:80GB
操作系统: debian 11
正式开始
安装基础软件包
apt install -y lxc bridge-utils ipset ufw net-tools
配置 lxc 存储到固定目录
/etc/lxc/lxc.conf 内容如下:
lxc.lxcpath = /data/lxc
kali lxc 清华镜像站获取最新包
https://mirrors.tuna.tsinghua.edu.cn/lxc-images/
目前最新:https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/kali/current/amd64/default/20220401_17%3A14/rootfs.tar.xz
mkdir -p /data/lxc/05-006-kali/rootfs
cd /data/lxc/05-006-kali/rootfs
wget https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/kali/current/amd64/default/20220401_17%3A14/rootfs.tar.xz
xz -d rootfs.tar.xz
tar -xvf rootfs.tar
rm rootfs.tar
配置虚拟网卡以供 kali 接入
...
auto vmbr0
iface vmbr0 inet static
address 10.8.6.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
...
# 重启网络
/etc/init.d/networking restart
/data/lxc/05-006-kali/config 内容如下:
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: -d kali -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.rootfs.path = dir:/data/lxc/05-006-kali/rootfs
lxc.uts.name = 05-006-kali
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = vmbr0
lxc.start.auto = 1
#lxc.apparmor.profile = unconfined
lxc.cgroup.devices.allow = a
lxc.cap.drop =
注意:lxc.rootfs.path 和 lxc.uts.name 改为你自己的哈
配置kali自身的网络地址
/data/lxc/05-006-kali/rootfs/etc/network/interfaces 内容如下
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.8.6.2/24
gateway 10.8.6.1
dns-nameservers 192.168.15.1
source /etc/network/interfaces.d/*.cfg
启动kali系统
lxc-start -n 05-006-kali
lxc-attach -n 05-006-kali
修改主机名
/etc/hostname
05-006-kali
配置kali联网需求及管理端口的对外映射
/etc/rc.local 内容如下:
#!/bin/sh
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ipset -N extranet_access iphash
ipset add extranet_access 10.8.6.2 # kali host ip address
iptables -t nat -A POSTROUTING -m set --match-set extranet_access src -j MASQUERADE
iptables -t nat -A PREROUTING -i ens18 -p tcp --dport 2222 -j DNAT --to-destination 10.8.6.2:22
iptables -t nat -A PREROUTING -i ens18 -p tcp --dport 3389 -j DNAT --to-destination 10.8.6.2:3389
#iptables -t nat -A PREROUTING -i ens18 -p tcp --dport 4444 -j DNAT --to-destination 10.8.6.2:4444
#iptables -t nat -A PREROUTING -i ens18 -p tcp --dport 4433 -j DNAT --to-destination 10.8.6.2:4433
exit
注意:ens18 为绑定对外IP地址的接口,另外需要在终端即时之行一次
配置开机自启服务
chmod +x /etc/rc.local
systemctl enable rc-local
普通用户创建
adduser kali
# 假设这里密码为123456,演示密码弱,建议大家伙设置强密码
usermod -aG sudo kali #将 kali 加入特权组
sudo组免密特权操作
/etc/sudoers
...
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
...
kali 管理服务部署
apt update
apt install openssh-server kali-desktop-xfce xorg xrdp iputils-ping -y
systemctl start ssh
systemctl start xrdp
systemctl enable ssh
systemctl enable xrdp
kali 工具子集
kali-linux-headless
无图形化UI的工具集,包括官方镜像里包含的工具。
kali-linux-large
比较完整的套装,占用空间较大,建议30G以上存储
kali-tools-web
web应用专用工具集,大概磁盘占用 7.6G ,建议总容量在 20G以上的可以考虑
kali-tools-wireless
无线攻击工具集合
kali-tools-post-exploitation
后渗透集合
kali-tools-information-gathering
信息收集集合
kali-tools-database
数据库专集
kali-tools-exploitation
漏洞利用工具集合
套餐按需加强
如果你的vps配置比较高,如存储容量高达30G以上,可考虑弄个大号版的kali套装
# 大号套餐安装示例
apt-get -y update && apt-get -y upgrade && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
kali-linux-large \
pciutils \
bash-completion && \
apt-get autoremove -y && \
apt-get clean
如果你的配置支撑不了,选个你专长的工具集合吧,中途遇到需要额外增加的,再从kali软件源安装也挺方便的,这种套餐集合真的很灵活的。如下链接是涉及较全的官方文档,可移步查看。
https://www.kali.org/tools/kali-meta/