###########################################################################################################
###########################################################################################################
Equipment used:
- Windows 10 laptop
- 2 USB thumb drives (One 8gb just for transferring files between windows machine and dropbox, one 64GB for flashing Kali ISO )
- Micro SD Card (128GB)
- Download Kali Linux Bare Metal 64 bit Installer [https://www.kali.org/get-kali/#kali-bare-metal]
- Reformat a micro SD card of at least 64gb (I'm using a Sandisk extereme microsdxc 128gb card [https://www.amazon.com/SanDisk-128GB-Extreme-microSD-Adapter/dp/B07FCMKK5X/ref=sr_1_2?crid=3N5TW9WZU2MXJ&dchild=1&keywords=micro+sd+sandisk&qid=1633622645&sprefix=micro+sd+san%2Caps%2C300&sr=8-2] and exFAT was default for mine)
- Flash Baremetal Kali iSO onto USB drive (of at least 16GB- I used a 64GB PNY usb3.0 drive) using Balena Etcher [https://www.balena.io/etcher/]
- Connect reformatted SD card, USB with the Kali iSO, eth cable to network, HDMI to a monitor, a keyboard, and power adapter to the dropbox
- Once the device boots up, press escape multiple times and from boot menu, select Boot Manager
- Selecct the USB device w/ kali image to boot into. From Kali screen, select graphical install
- Install Kali (with username kali- this is so the script later works without issue; I initially selected the username "pentest")
- Create new ovpn file for machine from openvpn server (Pentest-vpn in AWS)
- Log into the server
- Run the "openvpn-install.sh" script with root permissions
- Select option 1 to add a new client
- Type the name of the client at the prompt
- cat the new .ovpn file in the /root directory
- copy the contents of this file (it's the openvpn config we want to use)
- paste the contents of this file into a text doc and rename it with a ".ovpn" filetype
- Move this new .ovpn file onto a storage device (possibly another USB drive. It can be a very small one)
- Plug the storage device with the newly created ovpn file into the dropbox
- Copy ovpn file from storage device onto kali on dropbox in the home directory of the current user
cd /opt- git clone https://github.com/sirchsec/dropbox.git (may need to sudo su in order to clone it)
cd dropboxchmod +x dropbox_setup.sh dropbox_tools.sh hostname_update.sh wifi-tools.sh(if not already root, may need sudo permissions)exitroot account if still logged into it (return to standard kali user account)sudo ./dropbox_setup.sh- Set new password as the prompt reminds you (or ignore if you don't care)
- Enter name of ovpn file in home dir (mine was Zeta0)
- Enter a new hostname for the machine (ideally the name of the customer it will ship to after being set up properly. If no customer is known, enter the name of the device- in my case Zeta0)
- Let the script do its thing
- Choose yes at the screen asking for restarting services without asking (doesn't seem to matter whether yes or no is selected, but the upgrade process is less hands-on if you choose yes)
- Wait for the script to finish updating and upgrading the kali install, and watch it install xrdp and configure it
- The script also modifies the sleep/hibernation settings for kali so it disables the device from sleeping when powered on (don't want to lose a connection in the middle of pentesting)
- Allow the machine to reboot
- Open the terminal and check the network connections with ifconfig. You should see a 10.8.x.x address, which is the machine's IP on the openVPN network.
- Veify that the ovpn file in the user's home directory has been removed (We don't want any customers getting their hands on this and being able to access our pentesting network)
- Test the connection using ssh and rdp from your local machine (you will need your own ovpn file to connect to the openVPN pentesting network. This can be created from the openvpn server by running the "openvpn-install.sh" script, selecting option one to add a user, and providing your name)
- To test SSH from windows you can use powershell, putty, and any other ssh client (though powershell and putty are what I use). Type ssh [username]@[ip_of_kali_machine_tun0_interface] and supply the password you chose. For RDP connections I use the RDP client from my windows machine. Simply input the tunnel0 IP from the kali box and you'll be taken to an xrdp login screen. Using xorg, supply the username and password, and it should connect you to your session (NOTE: RDP only allows one GUI session at a time. If you are logged into the dropbox, you won't be able to connect via RDP. Try rebooting the dropbox and don't log in when the login screen appears. Then you should be able to RDP from a Windows/Linux machine to the dropbox)
- Proceed to install the tools our team needs for the new kali install
This creates a backup of the SD card (ideal for a master image)that can be written to a new, blank SD (essentially copying all content) Follow this guide detailing the process with Win32 Disk Imager: https://www.howtogeek.com/341944/how-to-clone-your-raspberry-pi-sd-card-for-foolproof-backup/
sudo nano /etc/openvpn/server/[new_file]- edit with a list copied from /etc/openvpn/server/ipp.txtsudo nano /etc/openvpn/server/server.conf(edit line ifconfig-pool-persist ipp.txt)- Change ipp.txt in the server-conf file to make it what you named "new_file" earlier
NOTE: This diables the VPN from routing all other traffic from your host machine over the vpn server (the result is significantly less congestion)
A modification needs to be made in the client ovpn file. Open the [name].ovpn file and edit add the following lines to the config:
route-nopull
route 10.8.0.1 255.255.255.0