Open in app

Sign in

Write

Sign in

How To: Deploy a Kali Linux distribution in Digital Ocean Cloud

hackthebox
11 min readAug 9, 2020

!!Last update 15/10/2022

HELO to who’s reading in the other side, in this article I will explain how we can deploy a minimalist Kali Linux distribution in a 5 USD VPS hosted in the Digital Ocean’s Cloud. This need was born ’cause few days ago I have to move to a low speed internet area and this situation is making my job very hard in many ways. As a pentester I need a good or a rasonable internet speed for testing and with this technique I can work with a real 125 mb/s of speed against my 20 kb/s conection.

Here is the evidence ^^:

The process is very simple, and with a few configurations we can get all the tools running with a high quality conection, and a lot of pro’s of a Virtual Private Server running Kali Linux.

DigitalOcean is a cloud provider similar to AWS, Microsoft Azure, Google Cloud Platform, and many others. They offer instances, called “droplets”, with different Linux distributions such as Debian, Ubuntu, FreeBSD, etc. Similar to AWS, DigitalOcean has datacenters around the world and sometimes multiple datacenters in each country.

However, one feature in particular sets them apart them from their competitors. A little while ago, they added support for custom images, which allows users to import virtual machine disks and use them as droplets. This is perfect for us as we can use our own version of Kali Linux in their cloud.

While it might be possible to load the official Kali Linux virtual images, it wouldn’t be very efficient. Instead, we’ll build a lightweight Kali installation with the bare minimum to get it working.

​By default, the Kali Linux ISOs on the download page have a desktop environment installed, and while we could use it to build a virtual machine, we want to minimize the amount of data we have to upload to DigitalOcean for reasons we will talk about later. Having a GUI running on a headless system is also a waste of resources so while we could uninstall it or disable it, we’ll install the virtual machine using a netboot ISO. If you are comfortable with a text installation, grab the mini.iso in this directory. If not, head to the gtk/ directory and grab the mini.iso in there, which will start a graphical installer.

In this tutorial we are goging to install throught the text instalation, I don’t need extra megabytes for a graphical install. So first step is to download the 44mb lightweight Kali Linux iso from here.

http://http.kali.org/kali/dists/kali-rolling/main/installer-amd64/current/images/netboot/mini.iso

With our mini.iso , we can now begin to build our virtual machine. Create a new virtual machine setting the OS to the latest Debian 64 bit and allocating a 20 GB hard disk. For this task we will use Virtual Box:

And then create a New Virtual Hard Disk of 20GB, this .vdi will upload to Digital Ocean as a Custom Image:

It is important to store the virtual disk as a single file that is dynamically allocated. The rest like the amount of CPU and RAM won’t matter because only the disk file will be uploaded to DigitalOcean. ​ Disk size matters as billing is based on disk size for custom images. It will also impact the choice of instance we can create. Let’s say a 40 GB hard disk is created, it will prevent creating an instance at the $5/month level because its maximum hard disk size is 25 GB. In that case we would be forced to use the $10/month option for instances with 50 GB disks. Don’t worry, even though the disk is 20 GB, it will get expanded depending on the droplet plan chosen.

Once ‘ve been created this new virtual machine we need to attach the mini.iso to boot into the installer when VM starts.

Now we are ready to go, choose Install:

You can leave blank domain name and proxy.

Now here set the user and password, this is very important, don’t miss this info.

Select your timezone:

Then choose Manual partitioning method:

Next steps are for partition creation, select SCSI1:

Select YES
Select Partition pri/log 21.5
Create a new partition

The new partition size can be set as you want, ‘couse the single vdi file we created before is dinamically expanded at the needs of the system.

Choose Primary:

Done

Finish partitioning and choose ‘No’ for the warning of No Swap space

Accept changes and begin install the base Kali Linux system:

After base system get’s installed, the next screen will appear, we have to deselect all with <spacebar>. We will install all the Kali suite tools when server get’s up and running in Digital Ocean’s Cloud:

Deselect All
Continue

If this step fail, (it happen to me twice while doing this tutorial) retry, it will be successfull then.

Select <Yes> in the GRUB instalation:

When installation it’s done, we have to unattach the mini.iso from Virtual Box to prevent boot into installation on startup, and log in our Kali Headless by running it with the user we’ve created in the first steps of installation:

When installation is complete and after rebooting, we have to login and update the system:

sudo su
apt update && apt full-upgrade -y

If you don’t have internet connectivity, run:

sudo su

In order for DigitalOcean to configure the system for us, we need to install the cloud-init package:

apt install -y cloud-init
echo 'datasource_list: [ ConfigDrive, DigitalOcean, NoCloud, None ]' > /etc/cloud/cloud.cfg.d/99_digitalocean.cfg
systemctl enable cloud-init

Since we will need to use SSH to connect to the system on DigitalOcean, the openssh-server package needs to be installed (and enabled) as well:

apt install -y openssh-server
systemctl enable ssh.service --now

When creating a standard droplet, you can choose to use SSH keys or not. However, when using custom images, this isn’t an option and using SSH keys is mandatory. For this reason, DigitalOcean requires us to remove the root password:

passwd -d root

We also need to create a /root/.ssh folder:a

mkdir /root/.ssh

Before we finish with our virtual machine, we run a few commands to clean things up:

apt autoremove; apt autoclean; rm -rf /var/log/*; history -c

At this point, our virtual machine is ready so we run ‘poweroff’ to shutdown the system.

poweroff

We have our custom Kali Headless done! Now we can upload it to Digital Ocean and enjoy the strenght of that means: Create a Droplet

Choose Custom Image, and add the .vdi of the Virtual Machine we were working on:

You can select the .vdi directly, but Digital Ocean also supports compressed formats. All formats supported for custom images are: gz, bz2, vmdk, vhdx, qcow, qcow2, vdi, raw, img, xz.

!!ZIP is not supported!!

When you select the file, it prompt a new window, to choose Linux distro and datacenter. I recommend choose San Francisco 3, it’s very new and have a very good speed but if you want, choose one near your region.

This take a while for me, I have a very slow conection.

Once done, the “Uploaded” column will indicate how long ago it was uploaded. Now we will click on the “More” option of the image and select “Start a droplet”.

You will be taken to the droplet settings where you can select the droplet plan, the SSH key, and the project to start it in. Since this is a custom image, it is required you use a SSH key. You can either select an existing one or upload a new one by clicking on “New SSH key”, which will open the following screen where you can paste the public key and name it:

If you work with Linux or Windows you can follow this wonderfull guide to get the public and private key.

Remember, this public key will be awarded to root user.

Once done, click “Create” as shown below. It will then take you back to the dashboard (Manage > Droplets) where all your droplets are listed. Because we are using a SSH key, DigitalOcean will not send an email with credentials for the droplet.

Within a few seconds, and after the IP address is displayed, our droplet will be ready. In order to connect, we will need to use the private SSH key we created:

user@linux:~$ ssh -i path/to/key.ppk root@200.111.111.111

In PuTTy, you have to specify the key in Conection / SSH / Auth:

Now we have a nice and minimalist Kali Linux installation that we can deploy and customize as needed.

One issue that’s ‘ve been facing with this is the droplet isn’t connected to internet at every boot. I don’t know why but it’s easily fixed opening graphical terminal from WEB interface and running:

root@kali:~$ dhclient

But we don’t want to run that command every time, so if you’re facing with this issue, just enable rc.local that’s a script of systemd will execute in every boot.

First we need to create the service file:

sudo nano /etc/systemd/system/rc-local.service

Then add the following content to it.

[Unit]
 Description=/etc/rc.local Compatibility
 ConditionPathExists=/etc/rc.local

[Service]
 Type=forking
 ExecStart=/etc/rc.local start
 TimeoutSec=0
 StandardOutput=tty
 RemainAfterExit=yes
 SysVStartPriority=99

[Install]
 WantedBy=multi-user.target

Save and close the file. To save a file in Nano text editor, press Ctrl+O, then press Enter to confirm. To exit the file, Press Ctrl+X. Next, run the following command to create /etc/rc.local file.

sudo nano /etc/rc.local

Add this content to it:

#!/bin/bash
dhclient
exit 0

Save & Close, and then make it executable:

sudo chmod +x /etc/rc.local

After that, enable the service on system boot:

sudo systemctl enable rc-local

Output:

Created symlink from /etc/systemd/system/multi-user.target.wants/rc-local.service to /etc/systemd/system/rc-local.service.

Now start the service and check its status:

sudo systemctl start rc-local.service
sudo systemctl status rc-local.service

Output:

● rc-local.service - /etc/rc.local Compatibility
     Loaded: loaded (/etc/systemd/system/rc-local.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/rc-local.service.d
             └─debian.conf
     Active: active (running) since Sun 2020-08-09 01:49:06 CEST; 21h ago
    Process: 503 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
   Main PID: 517 (dhclient)
      Tasks: 4 (limit: 2312)
     Memory: 5.2M
     CGroup: /system.slice/rc-local.service
             └─517 dhclient

Now you can reboot your system and it automatically renew DHCP and get connected to internet.

Next and final step to get all the Kali Linux Suite installed:

Depends on our needs we can install some tools or a full list of Kali Linux tool, I have to mention that a full instalation of Kali will install more than 20 gigabytes and the 5USD Digital Ocean plan will not satisfy this, and we will have to resize the droplet and buy the 10 USD plan for a 50gb of disk space.

The Kali Linux team makes metapackages available which allows you to install groups of tools for specific function using a single command. The list of metapackages and what they are for is available at Kali Metapackages.

Metapackages give you the flexibility to install specific subsets of tools based on your particular needs. For instance, if you are going to conduct a wireless security assessment, you can quickly include the kali-linux-wireless metapackage to only install the tools you need.

If you want to install the default tools of Kali (around 2 GB) just run:

sudo apt-get install kali-linux-default

The final install will use about 7GB on your drive.

Finally we reach the end of this tutorial, with a functional Kali Linux in a fast VPS provider, any feedback would be appreciated.

See you next time!

Pentesting
Kali Linux
Vps Hosting
Sysadmin
Offensive Security

--

--

hackthebox

Written by hackthebox

115 Followers

pentesting, hacking stuff, web & software developer, music stuff

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams