Creating a custom Kali iso

  • @dhudson Ok...I've started putting together a custom Kali iso for our needs at AZ03 from home (I think). I've only crashed my terminal once so far.

    The subject of this post has now changed from the original so starting a new thread and linking to your original recommendations here.


    1. I'm assuming I need to include the OpenSSH package so our computers can talk to the servers. Is there different client-server package that's preferred? I didn't find any. I read OpenSSH is built from OpenBSD. I think I recall someone making fund of OpenBSD for some reason I can't recall...(I think they though it was clunky and old or something).

    2. What other preferred packages, besides the "top ten Kali recommended" packages would you guys recommend as a baseline for azcwr students? I'm sure there will be stuff from the Larkanian dump that we'll want to add, but we've yet to go through that stuff to see what's useful.

    3. In order to add bookmarks for "cool links" will there be a Firefox Quantum browser package that I'll need to configure before adding to the iso build? I have no idea how to configure a browser's bookmarks during an iso build.

    4. Am I right in thinking it's best to leave VirtualBox or other virtualization software off of the stations, and that a VM running on the server can be pushed to the floor as if the student was accessing the application without VirtualBox?

    5. Preseed file: Do we use "file=cdrom/install/preseed.cfg" or can we do something else to enable initial boot/install from the server, similar to post installation 'hook' which I'm guessing will enable SSH boot at startup after post-install? If we use the file above it seems like we'll still have to reimage all computers individually from the cd or usb iso. It would be nice to avoid that if possible.

    6. To make sure that necessary things like our bwapp guide or target list (with DNS, IP's) show up on the desktop, do I build the iso with locations for those resources via "nano sources.list' (or how)?

    I have yet to look at your clonezilla resources...not there yet: (Server Edition works as standard and server) (Saving the disk image)

  • @jdez , just ran across this and am curious what you are trying to do... if you just want an image for people with links, set your Kali up and save the .iso, or even better as an .ova appliance. Any package you install (i.e. OpenSSH) as well as any bookmarks in your FF should be saved with the image. Set a default user/password combo for the setup process, and Linux is going to reconfigure for hdwe anyway. It doesn't care where it is. Am I missing something, or are you trying to make this hard on yourself? heh.
    Not criticizing... kudos on doing it, Just curious

  • @jdez

    1. SSH command comes native in Kali.

    2. Baseline for students... In previous ranges this has been what has already come installed with the Kali image. Since I was not at AZ02 quite often I may not be the best to ask for what extra tools where on the Kali images but the base Kali image should work fine. @TheVillageIdiot

    3. Pretty sure you should just be able to add bookmarks within the firefox on the Kali machine and they will be stored locally. Please correct me if I'm wrong 🙂

    4. Yes, you can leave virtual box of off the workstations . If we want to teach students how to create a VM we can push a trial windows version out to their machines through the FOG server

    5. No. Clonezilla and the FOG server work off of PIXIE boot (From the NIC) and will only be pushed out to the machines when you choose to reimage. I agree that it would be better to not have to re-image them individually. I think we should at least get the basic working and that could be a "bonus" project or thing to do if you would like. It is up to you ^_^

    6. cd ~/Desktop ; touch onSiteTargets(Click ME).txt ; nano onSiteTargets(Click ME).txt (insert the targets and their corresponding IP addresses).

    Your doing a good job and I appreciate your initiative! Keep it up 🙂

  • @dhudson Thanks Dylan...I'll keep going.
    @JMBradley are correct. I am trying to make it hard on myself! 🤓 Primarily I'm trying to learn linux better with a small hands-on project, that might have the potential to help AZ03. So I'm trying to automate a bit of what we do and increase consistency - since we use Kali a lot and currently aren't able to automate cleanup/startup of the twenty-something stations in an efficient way, I'm hoping this might help a bit when we get to that point. I'm trying to help mimic and learn what would actually happen in a server-mulit-client environment.

  • @jdez

    Check to see if the hosts support PXE boot and WOL. If they do, then you can use that to push clean images to the hosts.

  • @jdez ooohhhh, I gotcha now. That's the detail I was missing that didn't make sense. Didn't realize it was for the terminals at the range. Easier to understand now, haha

  • hey @jdez if you keep notes on all the steps you do, we can write a python script that would automate anything done in the terminal. With some digging, stuff done in the GUI as well.

  • A custom live desktop ISO would be cool because we could distribute it and brand it. I think that may be best an AZCWR project rather than an AZ03 specific one. Writing scripts to automate the process and make it reproducible would be great. I believe the AZ01 Ubuntu-based server discs were auto-built by scripts. Probably in Python.

    In terms of getting it installed on the workstations / laptops, I think imaging is the best solution. It's a huge pain to do installs from scratch. Keith and I finished deploying FOG / PXE booting this week. Bonnie helped but was not given privileged access.

    1. I think sshd is installed on Kali by default by disabled. Off the top of my head you want to systemctl enable sshd and service start sshd, then install a master SSH key to the .ssh directory of root. This will "backdoor" the systems for us to remotely manage. We should do this on our image as well. We did this at AZ02.
    2. LibreOffice is nice. The newest Firefox (Quantum) would probably be preferred over Firefox ESR. Chromium might be nice to cover the full gamut of Linux-based browsers. If you can get VirtualBox working as included in a standard install that would be amazing, but I'm willing to bet that's going to be a nightmare. I had a few other things in the core AZ02 image, but I can't recall now.
    3. Here's what I put in Signal, which I'm still not sure if is correct from memory from my Tuesday visit:

    Also to install Firefox Quantum: download tar.bz2 file, untar, move the Firefox directory it creates to /opt/, then rename firefox-esr in the /usr/local/bin/ (?) folder to firefox-esr.bak, and then ln -s the /opt/firefox/firefox (?) binary into /usr/local/bin/firefox-esr

    1. I like putting them on the stations, if users want to run their own VulnHub targets or install their own Ubuntu / CentOS VM to do things like CertDepot exercises on. This assumes you will not have a lab on the floor for metal-based operations like we did at AZ02, and/or you will not be liberal with data center access / allocation of resources.
    2. Honestly if you can modify the stock squashfs filesystem to include everything you want, it's much better than most of the stuff the pre-seed file can do. Pre-seed scripts might require pulling down files off the internet, and doing that multiple times for multiple machines would be a huge pain in the ass and waste of bandwidth / processing power. This is partially how AZ01 server ISOs were provisioned, though. They (particularly Andrew) probably have a lot more experience.
    3. Creating a custom desktop item is probably the same as most Debian-based systems. A guide can be found here: Info for a URL shortcut in particular can be found here: I'm not sure how to best include a custom one, either putting it in a modified squashfs or sticking it in a pre-seed. At AZ02 we had the browsers open both and by default as their home, and the wiki landing page guided you to the targets page which had a link to the local bwapp target and a link to the guide as well. At AZ03 I've modified the bwapp deployment to have the guide embedded in the target and served from the root index rather than link to Google Drive. I'm not sure if we snapshotted the target though or if this was the best idea.

    In regards to Clonezilla, we installed FOG server on-site at AZ03 which under-the-hood works very similarly to Clonezilla when it comes to the actual imaging. After AZ02 got FOG, I only ever used Clonezilla to ad-hoc image a few "special" machines at a time, or if I needed more in an ad-hoc process, I got a gigantic portable switch (often unmanaged) that supported multi-cast and hooked up laptops to every switch port to blast images onto the machines. This meant I needed no network and had no risk of disrupting the range one. I may be lying about multi-cast, not sure if we ever got it to work, but we could Unicast fine with about 7 machines (with an extra one used as the server) on a $12 Netgear switch off NewEgg.

  • @TheVillageIdiot Thanks for the overview! I managed to get a preliminary "custom" iso done at home using a few Kali, Debian, and other online resources and tested it on one of the "malware" stations disconnected from the network at AZ03 just to see if it was functional as a live install from usb key. Now the challenge is to see how easily another version can be customized further with the above suggestions and others. Ease of making the necessary preseed, hook, and especially the chroot changes will be the determining factor. Only guessing here based on the first pass.

    Keith gave me a brief overview of Bleachbit... I think it would be very handy in making a custom iso. I'm still not sure whether there's much advantage in building a custom iso from the terminal (other than an education). Making it an AZCWR project rather than site specific makes sense since there are so many possibilities for including useful packages that could be a decision process by several. Maintaining it for public branding/distribution might be a bitch I'm guessing.

  • @jdez @TheVillageIdiot @dhudson how about this idea? Come up with a base set of requirement for the image. Then make it an AZCWR project. Have members post up what they've done with the image then we all vote on the one to use? Something along those lines to get the members engaged and learn something at the same time? Thoughts? 🙂

  • @Tails Possibly....but have you done a dpkg -l on the full Kali install?! I haven't counted them, but there's something like a couple hundred applications/tools at least. It's nuts...I'm hoping that deciding on a core group of packages or meta that can be expanded conservatively would be a good starting point. It would be in iterative process for sure I'm thinking that would have to evolve as new tools come available or others get outdated.

  • @jdez lol oh ya. It is nuts the amount of tools. Take this in small batches. Get started with the core packages like you said. Then grow as needed or establish a periodic review once the base image is going. Involve the range members as much as possible. 🙂

Log in to reply