Homelab Learning: Building an attack network with Kali Linux
Hi, all. This is the fifth part in an ongoing series walking through the steps required to build my isolated homelab with a corporate environment, attack network, security operations center, and remote access VPN.
For greater context, take a look at my previous posts:
- Homelab Learning: General Overview
- Homelab Learning: Configuring Proxmox VE
- Homelab Learning: Configuring pfSense
- Homelab Learning: Building a Corporate Environment
Let’s get started on this installment!
In order to test the security posture of my corporate environment, I developed a simple offensive security network with a Kali Linux VM. If you’re not familiar with Kali Linux, it’s a Linux distribution built on Debian that comes packed with many standard tools for offensive security, such as nmap, metasploit, John the Ripper, and so on.
Setup was rather straightforward here: Download the ISO for Kali Linux, add that ISO to your local storage on Proxmox, then create a VM. Make sure you select the appropriate bridge (vmbr#) as its network device. I’ve included a link to a video walkthrough and Kali’s documentation on how to set it up as a Proxmox VM.
While Kali is installing, I recommend configuring either the basic troubleshooting firewall rules (IPv4 and IPv6 traffic to any) or the best practices ones (HTTPS, HTTP, DNS, ping) we just configured for the Corp_Env network above. If you take the latter approach, please note that you can take advantage of pfSense’s “copy rule” feature, which is listed inline with the firewall rule, on the right-hand side, along with other various actions. Be sure to change the interface, source, and descriptions for each.
At this point, your Kali VM should have a network connection, and it should be able to ping IPs and FQDNs. I recommend updating your Kali VM packages at this point.
- sudo apt update
- sudo apt upgrade
You also likely want to ensure the qemu agent is enabled in the VM’s proxmox options before installing, starting, and enabling it in a Kali CLI. This will allow your node to control reboot/shutdown for the VM:
- apt install qemu-guest-agent
- systemctl start qemu-guest-agent
- systemctl enable qemu-guest-agent
Now your Kali VM is ready to roll! It’s time to dig into various attack frameworks and offensive tools.
Note: Occasionally, in past homelab builds, I ran into issues with the VM not automatically receiving a network connection due to what I thought initially were DHCP and/or DNS issues through pfSense. I discuss this at more length in the ‘challenges’ section below. That said, generally, after setup and network configuration, this VM received an internet connection and was fully functional within a few minutes.
In the next post, we’ll be setting up a basic blue team network with a SIEM for event log analysis.
References:
- Kali Documentation: Kali inside Proxmox (Guest VM)
