Kali Linux in Microsoft Azure (Video)

Kali Linux in Microsoft Azure (Video)

Kali Linux is one of the most versatile and highly regarded pentesting platforms available. The suite of over 600 tools is built on Debian Linux, and can run from a thumb drive, a Raspberry PI, a VM, or just about any old machine you have lying around. You can also run Kali Linux in Microsoft Azure, and installing it in your subscription is a simple on-click affair from the Azure Marketplace. In this Tech Tack, Microsoft Technical Architect David Branscome walks us through setting up Kali Linux, introduces a few of the available tools, and explains the rules of engagement for pentesting in Azure and Office 365. Check out our blog on Pentesting Office 365 and Azure for more information on available tools to assure that your environment is secure.    

What is Kali Linux

• Advanced Penetration testing platform
• Based on Debian Linux
• Contains over 600 pentesting tools
• Built by Offensive Security and frequently updated
• You can download Kali Linux and install the ISO on your own machine, or you can provision it in Azure.

How do I provision Kali Linux in Microsoft Azure

• Kali Linux is available in the Azure Marketplace and is free (as in beer)
• From the marketplace, click the Get It Now button.
• When you request the Kali Linux Machine, you will be prompted to ask which account to use when acquiring apps on the Azure Marketplace.
• Once you select the account, it will provision Kali Linux in your Azure Subscription.
• Kali Linux does not come with a default GUI, you will need to SSH into your box.

Connecting to Kali Linux in Azure using SSH

• Download and install PuTTY (or similar)
• Get your Kali Linux IP address from the Azure Portal
• Connect using the reference IP address. SSH port and credentials.

Configuring Kali Linux in Azure

Once you provision your instance of Kali Linux in Azure you will need to configure it.

• By default, the KALIADMIN account created during provisioning does not have root access to update and configure the instance.
• Set root password using “sudo passwd root” command
• Login as root to configure using “su root” command
• Perform updates (as root) using “apt update && apt dist-upgrade” command
• Once updates are complete, you will want to set up a remote desktop using the following commands:
  • apt-get install xrdp
  • systemctl enable xrdp
  • echo xfce4-session >~/.xsession
  • service xrdp restart
• You will need to enable the RDP port in Azure to your Kali Box. Under networking on your Kali Box in Azure, enable an inbound port rule for TCP 3389. It is strongly suggested to harden your source and destination rules.

Getting a GUI interface in Kali Linux on Azure

Installing a GUI is easy. Simply run the command (as root) “apt-get install -f gdm3” to install the Gnome Desktop Manager. (There are many choices for Linux desktop interfaces available)

Kali Linux in Microsoft Azure Demo

To connect to your Kali Linux box in Azure, download the RDP file from your Azure Portal to your local machine.

Once logged in, you can find most of the available tools in the application menu broken into the following categories:

• Information Gathering
• Vulnerability Analysis
• Database Assessment
• Password Attacks
• Wireless Attacks
• Reverse Engineering
• Exploitation Tools
• Sniffing and SPoofing
• Post Exploitation
• Forensics
• Reporting Tools
• Social Engineering Tools

Performing a Credential Harvesting Attack Test in Kali Linux

For the demo, David sets up a spoofed website for a credential harvesting attack using the social engineering toolkit from TrustedSec. This tool will clone a live website on your local box to be used for credential harvesting via a phishing or wateringhole attack.

Steps:

1. Select Social Engineering Toolkit from the application menu
2. Select - Social Engineering Attacks
3. Select - Website Attack Vectors
4. Select - Credential Harvesting Attack
5. Select - Site Cloning Tool
6. Select the local IP address. (Your Kali Linux IP Address)
7. Select a webpage to clone (David used Facebook.com/login.php for demo purposes)
8. Leave the application running
9. Use the local IP address in a browser to test the spoofed site. The site will not let you login, but once the credentials are submitted, the end user will be redirected to the actual Facebook page.
10. When your are finished running the attack, hit Ctrl-C to end the program and generate your report.
11. The location of the report will be returned from the terminal.

The report contains much more than just username and password.  It will also show mouse movements and a limited set of system information. Towards the bottom, are a number of “PARAM:” listings. Username and password will be found under PARAM, and the field name used on the replicated site. For facebook it is “PARAM: email” and “PARAM: pass”.

What kind of pen tests are permitted by Microsoft?

As of June 15, 2017 microsoft no longer requires pre-approval to conduct penetration tests against Azure resources. If you with to formally document your pentesting engagements, you can fill out the https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement. Standard tests that can be performed include:

• Endpoint tests to uncover Open Web Application Security project (AWASP) top 10 vulnerabilities
• Fuzz testing of your endpoints
• Port scanning of your endpoints

DOS / DDOS attack testing on Azure is NEVER permitted, as this can cause service issues for other Azure customers.  

About Agile IT Tech Talks

Agile IT Tech Talks are weekly sessions where we bring in subject matter experts for short, highly focused educational segments, followed by up to an hour of open Q&A where Agile IT clients can discuss their own environments with our engineers and a group of peers. While we release the demos and sessions on our blog, the Q&A benefit is only available to Agile IT Managed Service and Cloud Service Customers. Agile IT is a four time cloud partner of the year and offers fully managed security as a service. To find out more, Request a Quote: