We received several emails from people asking for more information on how to implement these scenarios, so we thought we’d make a few blog posts with more detailed examples. Today, we will look into preforming customized, unattended PXE network installations of Kali Linux and creating remote “Penetration Testing Kali Agents”.
Getting Started with a PXE Network Install
One of the little-known features of Kali Linux is that it supports unattended installations over a network. This feature allows for easy deployment of custom Kali Linux instances that do not require any manual intervention during the installation process.
Before dealing with unattended installs, you will first want to follow the instructions for a Kali Linux Network PXE Install to get all of the major components ready. Once your PXE server is all configured, you’re ready to move on and get ready to automate your installations.
Preseed and Postseed Script File Setup
Before you start the installation, place a preseed.cfg file on a web server that will be available to the machine you are trying to install. You can use the preseed file shown below as a starting point. In our example, the web server serving the preseed file is located on the same network as the machine being installed, with the IP address: 192.168.101.54.
d-i debian-installer/locale string en_US
d-i console-keymaps-at/keymap select us
d-i mirror/country string enter information manually
d-i mirror/suite string kali
d-i mirror/codename string kali
d-i mirror/http/hostname string archive.kali.org
d-i mirror/http/directory string /kali
d-i mirror/http/proxy string
d-i clock-setup/utc boolean true
d-i time/zone string US/Eastern
# Disable volatile and security
d-i apt-setup/services-select multiselect
# Upgrade installed packages
tasksel tasksel/first multiselect standard
d-i pkgsel/upgrade select full-upgrade # Install a limited subset of tools from the Kali Linux repositories
d-i pkgsel/include string openssh-server openvas metasploit-framework metasploit nano
The sample preseed file above will install a limited subset of tools, specifically openssh-server, openvas, metasploit, and nano. You can feel free to change this as needed, adding or removing whatever tools you like. Take particular note of the last section of the preseed file, which allows you to run post installation scripts. In our case, we run an additional post install script, postseed.sh, which is located on the same web root directory as the preseed.cfg file. The postseed.sh script enters an SSH key into the image and makes sure that all our desired services will start at boot time.
#!/bin/bash mkdir-p/root/.ssh # Replace "YOUR SSH KEY" with a your ssh public key. echo"YOUR SSH KEY">/root/.ssh/authorized_keys # Disable SSH password authentication sed's/#PasswordAuthentication\ yes/PasswordAuthentication\ no/g'/etc/ssh/sshd_config
# Set the admin password of OpenVas to admin123 sed'/add_user/ s|$| -w admin123|'/usr/bin/openvas-setup /usr/bin/openvas-setup rm-rf/etc/rc.local
cat<< EOF >/etc/rc.local #!/bin/bash /etc/init.d/greenbone-security-assistant start /etc/init.d/openvas-scanner start /etc/init.d/openvas-administrator start /etc/init.d/openvas-manager start # Set msfrpcd to username "metadmin" and password "metpass123" on port 1337 /usr/bin/msfrpcd -S-U metadmin -P metpass123 -p1337&
To avoid having to enter the boot parameters for the preseed install on every boot, you can simply edit the /tftpboot/debian-installer/amd64/boot-screens/txt.cfg file to look like the following. Do not forget to update the URL of the preseed file:
Boot up the target computer and initiate a PXE boot; the Kali Linux boot prompt should appear before you. Choosing the “Unattended Install” option should start and finish the entire Kali installation without any intervention required.