1. Installing Kali Linux for security tests

Installing Kali Linux for security tests

Home Forums FABRIC General Questions and Discussion Installing Kali Linux for security tests

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #7132
    Nirmala Shenoy
    Participant

      Hello,

      We would like to conduct some security tests on networks running BGP and our custom DCN protocol. For this purpose, we wanted to install Kali Linux that has several attack tools. Fabric does not support Kali Linux (not yet) so we tried to install Kali on Debian using The Best Solution for Converting Debian to Kali Linux (eldernode.com). However, we faced repeated download and installation errors for several files and had to abort our attempts.

      Is there a way to resolve this?

      thanks

      Nirmala

      #7138
      Mert Cevik
      Moderator

        We will check, try how this works and get back on this.

        In the mean time, it can be helpful to know on which sites you tried (and/or some details about the errors if you still have available).

        Also, due to ongoing work for the general maintenance that we are preparing for as well as summer schedules, turn around may be slower than usual.

        #7141
        Mert Cevik
        Moderator

          I’m not sure specifically what errors you were getting, I will outline some info from my test slice.

          On my trial (on an IPv6-based FABRIC node (PSC)), one mirror (mirrors.jevincanders.net) was causing download problems (their IPv6 address seemed not working). There may be some workarounds with pointing the IPv4 address of the mirror site to a NAT64 address in /etc/hosts. In order to overcome this problem, using an IPv4-based FABRIC node (eg. FIU) can be convenient. I could not find out if Debian 10 or Debian 11 should have been used for this conversion, I tried with Debian 11 on FABRIC-FIU and it worked fine with some issues. (I used kali-linux-default instead of kali-linux-everything, there was a conflict about a package that I did not have time to check further)

          ┏━(Message from Kali developers)
          ┃
          ┃ This is a cloud installation of Kali Linux. Learn more about
          ┃ the specificities of the various cloud images:
          ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-cloud-setup/
          ┃
          ┗━(Run: “touch ~/.hushlogin” to hide this message)
          debian@Node2:~$ cat /etc/os-release
          PRETTY_NAME="Kali GNU/Linux Rolling"
          NAME="Kali GNU/Linux"
          VERSION_ID="2024.2"
          VERSION="2024.2"
          VERSION_CODENAME=kali-rolling
          ID=kali
          ID_LIKE=debian
          HOME_URL="https://www.kali.org/"
          SUPPORT_URL="https://forums.kali.org/"
          BUG_REPORT_URL="https://bugs.kali.org/"
          ANSI_COLOR="1;31"
          
          
          
          

           

          1 user thanked author for this post.
          #7142
          Nirmala Shenoy
          Participant

            Thanks Mert, I will check it out. I don’t remember using specifically IPv6 Fabric node. we used debian 11 and I tried to install kali-linux-everything. will check out with Kali-linux default. My friend from our security dept provided the link that we used. I am reaching out to him for more clarifications. They use Kali Linux for all the security labs.

            #7143
            Nirmala Shenoy
            Participant

              Hello

              how do I find out which sites support IPv4 and which one support IPv6 or both?

               

              thanks

               

              #7147
              Mert Cevik
              Moderator

                VM management networks of the FABRIC nodes (used for ssh’ing into the VMs and for external connectivity to the public internet) are either IPv4 or IPv6.  I’m not sure how/if this information can be found out, so I’m just adding below a list.

                • Sites with IPv4 management network: TACC (will be changed to IPv6 in July), UCSD, FIU, SRI, BRIST, TOKY
                • Sites with IPv6 management network: STAR, MAX, MICH, MASS, UTAH, NCSA, WASH, DALL, SALT, GPN, CLEM, GATECH, LOSA, NEWY, KANS, ATLA, SEAT, PRIN, INDI, PSC, RUTG, CERN, AMST, HAWI, EDUKY
                #7148
                Nirmala Shenoy
                Participant

                  Hello I tried adding the mirrors.jevincanders.net ipv4 and ipv6 address in /etc/hosts on an ipv6 Fabric node. I am still getting not able to connect even when using Kali-default. attaching a doc with errors.

                  When I tried with an IPV4 node and Kali-default it worked.

                  As most of the sites seem to operate on IPv6, so this will be a problem for us. Also the data center topology that we set up has many nodes, so I need sites that has that many resources.

                   

                  #7157
                  Mert Cevik
                  Moderator

                    IPv6 address of the specific mirror site is causing errors, they don’t have an operational web service on that IPv6 address, therefore IPv4 address of the service should be used. On an IPv6-based FABRIC node, this can be possible by putting an entry for the NAT64 converted address. Specifically as follows (this is against FABRIC’s NAT64 service, similar address should be possible against nat64.net’s space):

                    echo "2600:2701:5000:5001::ac5d:9e3c mirrors.jevincanders.net" >> /etc/hosts 
                    
                    

                    Another problem came out a “non-free” package within kali-linux-everything, sources.list had to be modified. I’m adding below the complete set of steps. Also I added your ssh public slice/sliver key to the VM, so that you should be able to login with the following if needed for review.

                    ssh -F <path to SSH config file> -i <path to private sliver key> debian@2001:5e8:ff00:ffff:f816:3eff:fe43:4688

                     

                    <hr />

                    root@Node2:~# uname -a
                    Linux Node2 5.10.0-27-cloud-amd64 #1 SMP Debian 5.10.205-2 (2023-12-31) x86_64 GNU/Linux
                    root@Node2:~# cat /etc/os-release 
                    PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
                    NAME="Debian GNU/Linux"
                    VERSION_ID="11"
                    VERSION="11 (bullseye)"
                    VERSION_CODENAME=bullseye
                    ID=debian
                    HOME_URL="https://www.debian.org/"
                    SUPPORT_URL="https://www.debian.org/support"
                    BUG_REPORT_URL="https://bugs.debian.org/"
                    
                    root@Node2:~# echo "2600:2701:5000:5001::ac5d:9e3c mirrors.jevincanders.net" >> /etc/hosts
                    
                    root@Node2:~# apt update
                    root@Node2:~# apt dist-upgrade -y
                    
                    root@Node2:~# apt install gnupg dirmngr
                    root@Node2:~# wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
                    
                    root@Node2:~# echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" > /etc/apt/sources.list.d/kali.list
                    root@Node2:~# gpg --export ED444FF07D8D0BF6 > /etc/apt/trusted.gpg.d/kali-rolling.gpg
                    
                    root@Node2:~# apt update
                    root@Node2:~# apt -y upgrade
                    root@Node2:~# apt -y dist-upgrade
                    
                    root@Node2:~# apt -y autoremove --purge
                    
                    #
                    # Customize - START
                    #
                    
                    root@Node2:~# apt -y install kali-linux-everything
                    Some packages could not be installed. This may mean that you have
                    requested an impossible situation or if you are using the unstable
                    distribution that some required packages have not yet been created
                    or been moved out of Incoming.
                    The following information may help to resolve the situation:
                    
                    Unsatisfied dependencies:
                    hak5-wifi-coconut : Depends: firmware-misc-nonfree but it is not installable
                    Error: Unable to correct problems, you have held broken packages.
                    
                    root@Node2:~# cat /etc/apt/sources.list
                    deb http://deb.debian.org/debian bullseye main
                    deb-src http://deb.debian.org/debian bullseye main
                    deb http://security.debian.org/debian-security bullseye-security main
                    deb-src http://security.debian.org/debian-security bullseye-security main
                    deb http://deb.debian.org/debian bullseye-updates main
                    deb-src http://deb.debian.org/debian bullseye-updates main
                    deb http://deb.debian.org/debian bullseye-backports main
                    deb-src http://deb.debian.org/debian bullseye-backports main
                    
                    root@Node2:~# cp /etc/apt/sources.list ~/sources.list.backup
                    root@Node2:~# vim /etc/apt/sources.list
                    root@Node2:~# cat /etc/apt/sources.list
                    deb http://deb.debian.org/debian bullseye main non-free
                    deb-src http://deb.debian.org/debian bullseye main
                    deb http://security.debian.org/debian-security bullseye-security main non-free
                    deb-src http://security.debian.org/debian-security bullseye-security main
                    deb http://deb.debian.org/debian bullseye-updates main non-free
                    deb-src http://deb.debian.org/debian bullseye-updates main
                    deb http://deb.debian.org/debian bullseye-backports main non-free
                    deb-src http://deb.debian.org/debian bullseye-backports main
                    
                    #
                    # Customize - END
                    #
                    
                    root@Node2:~# apt update
                    root@Node2:~# apt -y install kali-linux-everything
                    
                    # There are several prompts during installation. It took >15 minutes to complete
                    
                    root@Node2:~# cat /etc/os-release 
                    PRETTY_NAME="Kali GNU/Linux Rolling"
                    NAME="Kali GNU/Linux"
                    VERSION_ID="2024.2"
                    VERSION="2024.2"
                    VERSION_CODENAME=kali-rolling
                    ID=kali
                    ID_LIKE=debian
                    HOME_URL="https://www.kali.org/"
                    SUPPORT_URL="https://forums.kali.org/"
                    BUG_REPORT_URL="https://bugs.kali.org/"
                    ANSI_COLOR="1;31"

                    # Reboot

                    Warning: Permanently added 'bastion.fabric-testbed.net' (ED25519) to the list of known hosts.
                    Warning: Permanently added '2001:5e8:ff00:ffff:f816:3eff:fe43:4688' (ED25519) to the list of known hosts.
                    Linux kali 6.8.11-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.8.11-1kali2 (2024-05-30) x86_64
                    
                    The programs included with the Debian GNU/Linux system are free software;
                    the exact distribution terms for each program are described in the
                    individual files in /usr/share/doc/*/copyright.
                    
                    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
                    permitted by applicable law.
                    Last login: Fri Jun 21 14:51:17 2024 from 2600:2701:5000:a902::c
                    /usr/bin/xauth:  file /home/debian/.Xauthority does not exist
                    ┏━(Message from Kali developers)
                    ┃
                    ┃ This is a cloud installation of Kali Linux. Learn more about
                    ┃ the specificities of the various cloud images:
                    ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-cloud-setup/
                    ┃
                    ┗━(Run: “touch ~/.hushlogin” to hide this message)
                    debian@kali:~$ 
                    
                    
                    
                    • This reply was modified 6 months ago by Mert Cevik.
                    1 user thanked author for this post.
                    #7159
                    Nirmala Shenoy
                    Participant

                      thanks Mert.

                      will check it out

                       

                      #7191
                      Nirmala Shenoy
                      Participant

                        Thanks Mert. The proposed approach works. Was able to install Kali-linux-everything on an Ipv6 machine and was able to conduct some tests

                      Viewing 10 posts - 1 through 10 (of 10 total)
                      • You must be logged in to reply to this topic.