Having an operating system distribution that answers all prerequisites of an offensive actor
are crucial. Especially when it comes to configuration review, source code review or
intrusion tests at all levels, web, infrastructure or external. Automating this process, would
help greatly the team members to focus on other tasks.
We aim at facilitating the engagement process by minimizing the configuration time of the
various tools, the period of deletion of sensitive data as well as the various updates to be
performed.
The paper details the most used approaches for system installation. It also discusses the
Debian Kali-based distribution of "Offensive security". In order to orient the choice of the
automation method we structure the formulated recommendations and give tutorials’
references.
2. Custom | Kali | Iso
Page 2 of 14
Summary
Executive summary.............................................................................................................................4
Introduction........................................................................................................................................4
Scenario..............................................................................................................................................4
Kali custom script........................................................................................................................5
Git clone .....................................................................................................................................5
Base............................................................................................................................................5
Graphical environmental change as KDE or Gnome .....................................................................6
Changing the default Kali packages .............................................................................................6
Adding boot entry .......................................................................................................................7
Adding deb package....................................................................................................................7
Changing the startup screen........................................................................................................7
Metapackages Kali ......................................................................................................................8
The list of "metapackages" for Kali:.............................................................................................8
Apt clone ............................................................................................................................................9
Installation..................................................................................................................................9
Exporting .deb.............................................................................................................................9
Restoration .................................................................................................................................9
Virtual environment............................................................................................................................9
Installation................................................................................................................................10
Utilization .................................................................................................................................10
Example of dependency ............................................................................................................10
Docker..............................................................................................................................................11
Installation in Kali......................................................................................................................11
Research ...................................................................................................................................11
Start..........................................................................................................................................12
Modification of containers ........................................................................................................12
Different tools...........................................................................................................................13
References................................................................................................................................13
3. Custom | Kali | Iso
Page 3 of 14
Table des Figures
Figure 1: Changing the Boot image......................................................................................................8
Table des tables
Tableau 1: List of "Metapackages" kali ................................................................................................8
Tableau 2: Listes de package utiles....................................................................................................13
4. Custom | Kali | Iso
Page 4 of 14
Executive summary
Introduction
Having an operating system distribution that answers all prerequisites of an offensive actor
are crucial. Especially when it comes to configuration review, source code review or
intrusion tests at all levels, web, infrastructure or external. Automating this process, would
help greatly the team members to focus on other tasks.
We aim at facilitating the engagement process by minimizing the configuration time of the
various tools, the period of deletion of sensitive data as well as the various updates to be
performed.
The paper details the most used approaches for system installation. It also discusses the
Debian Kali-based distribution of "Offensive security". In order to orient the choice of the
automation method we structure the formulated recommendations and give tutorials’
references. Scenario
After several attempts to use virtualization (Vmware and Virtual-Box) for forensics
investigations with the distribution of SANS SIFT (the available VM dates from 2016) or the
new TSURUGI system, this was insufficient, the snapshots take up a lot of space, the
different versions that each member has and that can conflict with certain tools (the example
of some Framwork source code review with obsolete versions of JAVA or libraries that are
not supported on Kali GNU/Linux), for finding better alternatives; first of all by going to
containers as a first palliative solution and then in a second time to a custom distribution,
for the latter we are at the beginning phase which is the customization, which will ultimately
serve to have a system adapted to our needs in terms of: malware/ reverse engineering
analysis, source code review, architecture review, internal and external intrusion testing and
Red team exercise of all kinds.
Since the first versions of "Back Track" (before the transition to Kali and the Gnome
interface), the question of choosing the most optimal interface as well as the best
configuration was debated, the correlation was the time allowed for those tasks that can be
automated and that require a certain degree of technical skill, which is always true, but for
missions that follow each other the use of script that facilitates all this task has become
comfortable, the designers of the "offensive security" distribution have based themselves
on the same ISO creation scripts for Debian-based distributions and provide us with a myriad
of tools, packages and environments chosen for a more than satisfied end result, adding to
this we can overcome some compatibility problems with other solutions that we will see
during this article. But first of all, the heart of our distribution itself.
5. Custom | Kali | Iso
Page 5 of 14
Kali custom script
For this first part it will be about the preparation of the environment, preferably a Debian
distribution (Ubuntu or Kali ideally), which is translated as follows :
Update the cache
Apply the necessary system update
Install the necessary packages for the ISOcompilation step
This translates into the following commands in the terminal of your choice (For my part it is
"tmux"):
Git clone
Clone the GitHub repository of live creation for Kali, and move to the installation folder, a
useful command for viewing subdirectories and their content is <<tree>> that gives a
complete tree structure.
Base
For a first test, the basic compilation of Kali with the default tools, with the difference that
ISO generated will have the latest updates available in the same way as if ISO had been
downloaded from the official website and updated to apply to all packages, this is done with
the following command:
For a variant like KDE the command is as follows :
The generation will produce an “.iSO” file that can be burned to DVD or boot on a USB stick
with "Unetbootin" by partitioning the OS part in read-only mode to keep a good hardware
life cycle for example, for rapid testing the use of the following "Qemu" command is useful:
apt update
apt upgrade
apt install -y curl git live-build cdebootstrap
git clone git://git.kali.org/live-build-config.git
cd live-build-config
./build.sh –verbose
./build.sh --variant kde --verbose
apt install qemu-system-x86 -y
qemu-system-x86_64 -boot d -cdrom images/kali-linux-custom-rolling-amd64.iso -m 4096
6. Custom | Kali | Iso
Page 6 of 14
Graphical environmental change as KDE or Gnome
As in the previous step it is possible to define custom graphical environment versions, but
also to use the most known versions by default supported, including gnome by default, and
which are :
Gnome
Kde
Xfce
Mate
e17
lxde
i3wm
For the compilation of the variant, and the optional parameter "light" for a minimum version,
the following command:
./build.sh --variant « variant » [light] --verbose
In the next part the customization of the OS will start with the packages to include, such as
"Bloodhound" for mapping and dominance of the Active directory or "Empire" for the C2C
in PowerShell, although this will not be a list of tools, for pentester has been compiled in the
book "The Hacker Playbook" in version 2 for intrusion tests, and its version 3 for Red team
exercises.
Changing the default Kali packages
To change the list of packages, simply go to the folder "kali-config/variant-default/package-
lists" or variant-default represents the current variant used and then change the content of
the file "kali.list.chroot" by adding the desired packages:
To execute a script or code each time the system is started, for example "Firefox develop
Edition browser" by downloading and installing the package in "kali-
config/common/includes.chroot/opt/firefox/" and adding the client "toxic tox" in "kali-
config/common/includes.chroot/opt/toxic". For the startup of Firefox the following script is
added in "kali -config/common/includes.chroot/usr/bin/firefox.sh".
Then generate the solution as mentioned above.
For a list of all possible changes/hooks, refer to the following link:
https://docs.kali.org/development/live-build-a-custom-kali-iso
vim kali-config/variant-default/package-lists/kali.list.chroot
#!/bin/bash
echo "Starting firefox developer edition"
/opt/firefox/firefox
7. Custom | Kali | Iso
Page 7 of 14
Adding boot entry
The addition of a "syslinux boot entry" is particularly used for digital investigation, for
example it is the case for Kali and the fact of being able to start in forensics mode allows
nothing to be written on the disk, and nothing to be mounted on the system, in order to
preserve the evidence, and to make a true copy with the command "dd" or its equivalent
improves forensic "dcfldd", the live execution is one example among many others. To do
this, an example of the "syslinux boot entry" file:
In the next part it will be discussed the installation of the package directly in the ISO.
Adding deb package
In the next part it will be discussed the installation of packages directly in this case, it is about
packages that are not in any repository, like the vulnerability scanner "Nessus", to automate
its installation it is copied from the "deb" to the following directory:
After the generation of the "Build" and the installation of the packages and their update, it
will be installed in the same way as with the command "dpkg -i package.deb".
Changing the startup screen
To change the wallpaper, creating an image folder in the appropriate directory is sufficient
as follows:
For the OS Boot image replace the three default images that are in the installation
directories, in this case an embedded EY Logo as a quick example and to be tested with the
"quemu" command directly after the generation of the "Build" Kali :
at << EOF > kali-config/common/includes.binary/isolinux/install.cfg
label install
menu label ^Install Automated
linux /install/vmlinuz
initrd /install/initrd.gz
append vga=788 -- quiet file=/cdrom/install/preseed.cfg locale=en_US keymap=us hostname=kali
domain=local.lan
EOF
mkdir kali-config/common/packages.chroot
mv Nessus-*amd64.deb kali-config/common/packages.chroot/
mkdir -p kali-config/common/includes.chroot/usr/share/wallpapers/kali/contents/images
wget https://www.kali.org/dojo/bh2015/wp-blue.png
mv wp-blue.png kali-config/common/includes.chroot/usr/share/wallpapers/kali/contents/images
8. Custom | Kali | Iso
Page 8 of 14
Figure 1: Changing the Boot image
Metapackages Kali
Metaspackages are tool packages that make it easier to install the tool set for certain needs,
so you don't have to choose the packers to install one by one, they are maintained by
"offensive security" and available in the official repository.
The list of "metapackages" for Kali:
kali-linux kali-linux-gpu kali-linux-top10
kali-linux-all kali-linux-pwtools kali-linux-voip
kali-linux-forensic kali-linux-rfid kali-linux-web
kali-linux-full kali-linux-sdr kali-linux-wireless
Tableau 1: List of "Metapackages" kali
For example, the "crackmap-exec" packer used for the "pass the hash" attack is located in
the "meta package" "kali-linux-pwtools" while it is not available in the default distribution. In
particular, it is possible to create your own meta with these favorite tools.
To do a metapackage search:
To consult the list of tools contained in each metapackage, please refer to the following link:
https://tools.kali.org/kali-metapackages
To finish with this part, an example of executing a command at each startup, instead of
adding it as a "cron job" or using the "AT" command, we add it directly in the kali hook
system file, as follows:
apt-get update && apt-cache search kali-linux
echo 'systemctl enable ssh' >> kali-config/common/hooks/01-start-ssh.chroot
chmod +x kali-config/common/hooks/01-start-ssh.chroot
9. Custom | Kali | Iso
Page 9 of 14
Apt clone
For the case of lack of resources and time and if we only have an ISO generated with the
previous step (for the case of my last test, the iso was 5 GO and took 8 hours of downloading
compilation dependencies), having a "mirror" server with all the latest dependencies and
updates and is a solution for a large team, thanks to this changes the IP address of the "listed
source" is enough to directly update all systems, but in case you want to export your entire
current configuration with all your libraries and vox package".Deb", this is the purpose of
the "apt-clone" command.
Installation
Definition of this tool "This package can be used to clone or restore packages on an apt-
based system and will backup or restore packages, sources.list, key ring and automatically
installed states. It can also back up or restore packages that can no longer be downloaded,
thanks to dpkg-repack.
Installation of the package with the command "apt":
Exporting .deb
For exporting the content of the source list and the content of these packages, and obtaining the
necessary information for the result such as the number of packages and distribution:
Restoration
For system restoration with the exported file generate:
For a restoration, in a defined path:
Virtual environment
For the case of mandatory use of some old ruby library versions for a malware investigation,
or of the code review of an old system among others, it is essential to have several versions
of language and database drive execution, to do this an optimized alternative and to use
environments virtually as the "Pycharm" IDE does for the management of these python
versions.
apt install apt-clone
apt-clone clone ~/mypackages
apt-clone info mypackages/apt-clone-state-eykali.tar.gz
apt-clone restore apt-clone-state-eykali.tar.gz
apt-clone restore apt-clone-state- eykali.tar.gz --destination ~/old eykali
10. Custom | Kali | Iso
Page 10 of 14
The packages installed with this environment will not affect the system's global
dependencies, it uses links to the global environment if necessary to avoid cluttering disk
space and optimize work.
Installation
The installation is done in one command, it supports the packer installed with "pip" or
"easy_install":
Utilization
Let's take the example of python, the favorite language of data-scientists and pentesters,
just create a folder and run the command to create the environment:
To activate the chosen environment in the terminal, use the following command:
To exit the "virtualenvironment" use the following command:
Example of dependency
For package installation it is recommended to use the "pip" manager for python:
To install a specific version:
apt install python-virtualenv
Or
pip install virtualenv
virtualenv --version
mkdir ~/virtualenvironment
virtualenv ~/virtualenvironment/my_new_app
cd ~/virtualenvironment/my_new_app/bin
source activate
deactivate
pip install flask
pip install "SomeProject==1.4"
11. Custom | Kali | Iso
Page 11 of 14
Docker
Docker is very useful for conflict for some unsupported dependencies, in the case of conflict
with some python libraries for "Empire" and "Metasploit", for "sonarqube" which contains
conflicts with some versions of JAVA, in these cases we will not systematically change
system environment every time, besides the possibility of having several environments that
interact with each other, whether it is OS, database servers or “web api”, docker is the
appropriate solution to manage this kind of case.
Installation in Kali
For installation on Kali, it is not available in the default repositories as it is a simple "apt
install" on Ubuntu for example, and therefore you must add your PGP key:
Add the Docker repository to the source list:
Make an update and install Docker:
Test if the container manager is working, and check its version:
For the "source list" it is possible to automate this task by placing a file with the appropriate
commands in the directory "kal-config/common/hooks/file.chroot" and thus execute
commands like filling in repository links or starting the SSH service:
Research
Docker has a kind of repository where it is inventoried a panoply of systems, and images
from several sources: https://hub.docker.com/, in addition it is also possible to compile its
own image, export and import it from several sources.
To download the chosen container in the way of "git" it is necessary to proceed to a pull:
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo 'deb https://download.docker.com/linux/debian stretch stable' >
/etc/apt/sources.list.d/docker.list
apt-get update
apt-get install docker-ce
docker run hello-world
docker version
echo 'systemctl enable ssh' >> kali-config/common/hooks/01-start-ssh.chroot
chmod +x kali-config/common/hooks/01-start-ssh.chroot
docker pull container_name
12. Custom | Kali | Iso
Page 12 of 14
First of all, the docker start, like any service with an on-demand start or "enabled" for a
systematic start, to start the following docker command on demand:
To display all available images, the compiled one, the one downloaded from the Hub and all
the images modified with a system attached to the "git" one having tags, commit id:
The following command allows you to make a backup, secondly it restores the backup:
Start
To start and pause an image:
Start the container in port forwarding mode:
The list of the processes of the images in progress:
Modification of containers
For the modification of the container it depends on the system used, its type, for the case to
be discussed it will be a question of modifying a GNU/Linux base system with bash, to
interact with a "Shell":
To make a commit backup of the image, the following command is used:
dockerd # start docker deamon
docker images --all
docker save imagedocker | gzip > ey-ubuntu-saved.tar.gz
docker import /path/to/ey-ubuntu-saved.tar.gz
docker run -d container_name:tag
docker pause container_name:tag
docker run -d -p 5801:5801 -p 5802:5802 ..... container_name:tag
docker ps
docker exec -ti container_name /bin/bash
docker commit id caintainer_name:tag
13. Custom | Kali | Iso
Page 13 of 14
Different tools
The list of tools that make the work much easier, and that I added in my "Chroot" file
except for Pentest tools:
Tools Descriptions
Apt-clone Clonning environnement
meld Fantastique multi diff file
geany IDE Dev
git-gui GUI for Git
gimp Graphical Editor
virtualbox Virtual environement
ftp Comand line client ftp
Libreoffice Suite for report
lightdm Multiple guest sessions
nitrogen For picture background
feh ImageView
scrot Screenshot
evince File reader
chromium Web browser
htop Monitor process
screenfetch Information about system
openssh-server SSH Server
plank Bar icone floating
system-config-printer For printers
shred For erazing bite per bite partition
Wipe Same as shred but for directory
wkhtmltopdf Tool for transforming html page into pdf
metagoofile Extracting metadata from files
python3-pip Pip for python3
freedp2-x11 RDP into windows without some rdp issues
bettercap Swiss army knif for netword
putty Login terminal (SSH,Telnet,…)
Tableau 2: Listes de package utiles
https://www.linkedin.com/in/mohamed-benchenouf/
References
The following references refer to the information contained in this document:
• http://manpages.ubuntu.com/manpages/bionic/man8/apt-clone.8.html
• https://docs.docker.com/get-started/
• https://medium.com/@calypso_bronte/installing-docker-in-kali-linux-2018-1-ef3a8ce3648
• https://gist.github.com/Geoyi/d9fab4f609e9f75941946be45000632b
• https://www.linode.com/docs/development/python/create-a-python-virtualenv-on-ubuntu-
1610/
14. Custom | Kali | Iso
Page 14 of 14
• https://docs.kali.org/kali-dojo/02-mastering-live-build
• https://www.kali.org/tutorials/making-your-own-kali-linux-metapackages/
• https://www.amazon.fr/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
• https://www.amazon.fr/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759
• https://packages.debian.org/fr/sid/apt-clone