- Kali On ARM
- Gem PDA
- Raspberry Pi - Full Disk Encryption
- Raspberry Pi
- Acer Tegra Chromebook 13"
- ASUS Chromebook Flip
- BeagleBone Black
- Cubieboard 2
- HP Chromebook
- ODROID U2
- Raspberry Pi - Disk Encryption
- Raspberry Pi 2
- Samsung ChromeBook
- Samsung Chromebook 2
- USB Armory
- Utilite Pro
- Kali NetHunter Documentation
- NetHunter Rootless
- Installing NetHunter
- Installing NetHunter On the Gemini PDA
- NetHunter Components
- NetHunter Home Screen
- NetHunter Chroot Manager
- NetHunter KeX Manager
- NetHunter USB-Arsenal
- NetHunter BadUSB Attack
- NetHunter Application - Terminal
- NetHunter Custom Commands
- NetHunter DuckHunter Attacks
- NetHunter HID Keyboard Attacks
- NetHunter Kali Services
- NetHunter MAC Changer
- NetHunter MANA Evil Access Point
- NetHunter Man In The Middle Framework
- NetHunter Metasploit Payload Generator
- NetHunter Nmap Scan
- NetHunter Exploit Database SearchSploit
- Wireless Cards and NetHunter
- Building a New Device File
- Building NetHunter
- Porting NetHunter to New Devices
- Testing Checklist
- Patching the Kernel
- Configuring the Kernel - General
- Configuring the Kernel - Network
- Configuring the Kernel - Wifi
- Configuring the Kernel - SDR
- Configuring the Kernel - USB
- General Use
- Kali Network Repositories (/etc/apt/sources.list)
- HiDPI (High Dots Per Inch) Display
- Install NVIDIA GPU Drivers
- Kali Linux XFCE FAQ
- Kali Linux Forensics Mode
- Kali Linux Metapackages
- Configuring Yubikeys for SSH Authentication
- Packages That Behave Differently With Non-root
- Setting up RDP with Xfce
- Kali In The Browser (Guacamole)
- Kali In The Browser (noVNC)
- All about sudo
- Updating Kali
- Kali's Domains
- Kali Development
- Building Custom Kali ISOs
- Generate an Updated Kali ISO
- Live Build a Custom Kali ISO
- Public Packaging
- Setting Up A System For Packaging
- ARM Cross-Compilation
- Custom Beaglebone Black Image
- Custom Chromebook Image
- Custom CuBox Image
- Custom EfikaMX Image
- Custom MK/SS808 Image
- Custom ODROID X2 U2 Image
- Custom Raspberry Pi Image
- Preparing a Kali Linux ARM chroot
- Rebuilding a Source Package
- Recompiling the Kali Linux Kernel
- Contributing run-time tests with autopkgtest
DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called “droplets”, with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.
However, one feature in particular sets them apart them from their competitors. A little while ago, they added support for custom images, which allows users to import virtual machine disks and use them as droplets. This is perfect for us as we can use our own version of Kali Linux in their cloud.
While it might be possible to load the official Kali Linux virtual images, it wouldn’t be very efficient. Instead, we’ll build a lightweight Kali installation with the bare minimum to get it working.
Get the netboot ISO
By default, the Kali Linux ISOs on the download page have a desktop environment installed, and while we could use it to build a virtual machine, we want to minimize the amount of data we have to upload to DigitalOcean for reasons we will talk about later. Having a GUI running on a headless system is also a waste of resources so while we could uninstall it or disable it, we’ll install the virtual machine using a netboot ISO. If you are comfortable with a text installation, grab the mini.iso in this directory. If not, head to the gtk/ directory and grab the mini.iso in there, which will start a graphical installer.
Create the Virtual Machine
With our mini.iso , we can now begin to build our virtual machine. Create a new virtual machine setting the OS to the latest Debian 64 bit and allocating a 20 GB hard disk. If needed, detailed set-up is explained on the Kali Training website. It is important to store the virtual disk as a single file that is dynamically allocated. The rest like the amount of CPU and RAM won’t matter because only the disk file will be uploaded to DigitalOcean. Disk size matters as billing is based on disk size for custom images. It will also impact the choice of instance we can create. Let’s say a 40 GB hard disk is created, it will prevent creating an instance at the $5/month level because its maximum hard disk size is 25 GB. In that case we would be forced to use the $10/month option for instances with 50 GB disks. Don’t worry, even though the disk is 20 GB, it will get expanded depending on the droplet plan chosen.
During the installation, select manual partitioning and set it up as shown below, with all files in one partition and no swap file.
During the installation, it will prompt for software preferences. For the sake of simplicity and to limit disk space use, we’ll just have the base system installed, therefore we’ll only select “standard system utilities” as shown below.
Update the System
When installation is complete and after rebooting, we login at the console and update the system:
apt update apt full-upgrade -y
If you don’t see it going over a mirror during ‘apt update’, you may have accidentally forgotten to add a network mirror during the installation. Follow the instructions on the Kali Docs site to fix it and run both of the commands again.
Install Required Packages
In order for DigitalOcean to configure the system for us, we need to install the cloud-init package:
apt install -y cloud-init echo 'datasource_list: [ ConfigDrive, DigitalOcean, NoCloud, None ]' > /etc/cloud/cloud.cfg.d/99_digitalocean.cfg systemctl enable cloud-init
Prepare for SSH
Since we will need to use SSH to connect to the system on DigitalOcean, the openssh-server package needs to be installed (and enabled) as well:
apt install -y openssh-server systemctl enable ssh.service
When creating a standard droplet, you can choose to use SSH keys or not. However, when using custom images, this isn’t an option and using SSH keys is mandatory. For this reason, DigitalOcean requires us to remove the root password:
passwd -d root
We also need to create a /root/.ssh folder:
Before we finish with our virtual machine, we run a few commands to clean things up:
apt autoremove apt autoclean rm -rf /var/log/* history -c
At this point, our virtual machine is ready so we run ‘poweroff’ to shutdown the system.
In the virtual machine folder, locate the .vmdk file, then compress it using bzip2, gzip, or zip in preparation for uploading to DigitalOcean.
Login to your DigitalOcean account. In the “Manage” section on the left, click on “Images”, then select the “Custom Images” tab.
From there, we upload the compressed disk image. We’ll name it Kali, mark it as Debian, and select the region and datacenter to upload it to. Note that once uploaded to a location, droplets can only be started at that location, which is a current limitation for custom images. Another thing to remember at this stage is that uploaded images consume disk space and DigitalOcean will bill based on disk usage.
Starting a Droplet
Once done, the “Uploaded” column will indicate how long ago it was uploaded. Now we will click on the “More” option of the image and select “Start a droplet”.
You will be taken to the droplet settings where you can select the droplet plan, the SSH key, and the project to start it in. Since this is a custom image, it is required you use a SSH key. You can either select an existing one or upload a new one by clicking on “New SSH key”, which will open the following screen where you can paste the public key and name it:
Once done, click “Create” as shown below. It will then take you back to the dashboard (Manage > Droplets) where all your droplets are listed. Because we are using a SSH key, DigitalOcean will not send an email with credentials for the droplet.
Within a few seconds, and after the IP is displayed, our droplet will be ready. In order to connect, we will need to use the private SSH key we created (called MY_KEY in this example):
user@computer:~$ ssh -i MY_KEY email@example.com The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. ECDSA key fingerprint is SHA256:d83fcd43d25e2a7edd291666160b47360cc85870ded. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'IP' (ECDSA) to the list of known hosts. Linux kali-s-1vcpu-1gb-nyc3-01 4.19.0-kali5-amd64 #1 SMP Debian 4.19.37-2kali1 (2019-05-15) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
Now we have a nice, minimal Kali Linux installation that we can deploy and customize as needed.
root@kali-s-1vcpu-1gb-nyc3-01:~# lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2019.2 Codename: n/a root@kali-s-1vcpu-1gb-nyc3-01:~# uname -a Linux kali-s-1vcpu-1gb-nyc3-01 4.19.0-kali5-amd64 #1 SMP Debian 4.19.37-2kali1 (2019-05-15) x86_64 GNU/Linux root@kali-s-1vcpu-1gb-lon1-01:~# free -h total used free shared buff/cache available Mem: 987Mi 51Mi 527Mi 1.0Mi 407Mi 790Mi Swap: 0B 0B 0B