Since I am space and RAM limited on my laptop I decided to make a headless Kali virtual machine to keep around for playing with. Since I couldn’t find a reliable tutorial for removing all the GUI stuff from a normal Kali install, I decided to create a Debian-turned-Kali machine. Currently the goal is to only use this for command line tools.
First step, install and update a minimal Debian Wheezy(7.0) machine. Mine has only SSH installed from the start.
Next, add the Kali software repositories, and update. This is where i hit my first snag, as well as my first triumph. I’m doing this to learn, after all.
- begin by adding the following lines to the /etc/apt/sources.list file
# apt-get updateto pull the latest info. Here is where I hit my snag. I got the following warning
- Pulling this key is simple enough,
# gpg --recv-keys ED444FF07D8D0BF6
- Simply getting the key is not enough, you must tell apt to use it.
# gpg -a --export ED444F07D8D0BF6 | apt-key add -this will return OK, and allow apt-get update to run without any further warnings.
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
This is a missing public key for the Kali Repos. I can still pull down and install software, but it will be doing so unauthenticated. Thanks to the public-ness of PKI, this is an easy fix, once I learned a little about what I was doing.
Now I can install any Kali tool I’d like, and run them remotely through a headless VM. How can I run something headless? EASY, both my favorite Virtual Machine managers, Virtualbox and VMWare Fusion provide LOTS of command line tools for interacting with their software.
$ /Applications/VMware\ Fusion.app/Contents/Library/vmrun -T fusion start "/path/to/vm.vmx" nogui
$ vboxheadless -startvm VMNAME
Next time I visit this topic it’s likely to be “how to run remote GUI tools from a headless Kali VM”, when I find a need for a GUI tool on this machine.