如果你想在一台windows机器上安装kali,用于渗透扫描,那么这篇文章不要错过。方法简单快速。
下载virtualbox
Downloads – Oracle VM VirtualBox
下载专门用于virtualbox的kali镜像
Get Kali | Kali Linux
双击virtualbox安装包,执行安装依次点击 “下一步”、“是”、“完成”。
安装成功界面
将下载下来的kali安装包解压,双击蓝色文件,可以发现自动导入了virtualbox。
点击 绿色的“启动(T)”,稍等片刻,进入kali登录界面。输入用户名密码kali/kali。
登录成功,尝试一个小功能,测试下有没有可以使用
OK,可以使用了。
那么我们用于windows桌面和 kali linux环境之间的复制粘贴和文件传输是否方便呢?
检查 "设备-共享粘贴板" 和 "设备-拖放" 都是双向,说明可以复制粘贴。
如果再设个共享文件夹就更方便了。
点击固定分配 ,填写windows目录和kali挂载点目录,选择 自动挂载。
设置成功。
往windows共享目录拖几个文件,可以发现kali挂载共享目录也有了相应文件。
如果你想在kali访问互联网和扫描目标设备,应该怎么办呢?
cmd + ipconfig 检查本机ip
查看本机网络连接
根据上一步查看“网络连接”的结果,在virtualbox配置网络。这里根据WLAN的显示选择。
配置/etc/network/interfaces,动态分配IP地址
source /etc/network/interfaces.d/*
auto eth0
iface eth0 inet dhcp
配置/etc/resolv.conf, 注意nameserver要和PC机的默认网关ip一致。
┌──(root㉿kali)-[/home/kali]
└─# cat /etc/resolv.conf
nameserver 192.168.43.1
执行
service networking restart
检查kali网络配置
┌──(root㉿kali)-[/home/kali]
└─# ifconfig
eth0: flags=4163 mtu 1500
inet 192.168.43.209 netmask 255.255.255.0 broadcast 192.168.43.255
inet6 fe80::a00:27ff:fe22:464f prefixlen 64 scopeid 0x20
ether 08:00:27:22:46:4f txqueuelen 1000 (Ethernet)
RX packets 7682 bytes 3505522 (3.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11328 bytes 1428680 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 4 bytes 240 (240.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 240 (240.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
使用kali扫描本局域网的设备
┌──(root㉿kali)-[/home/kali]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 08:00:27:22:46:4f, IPv4: 192.168.43.209
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.43.1 02:72:88:63:34:4c (Unknown: locally administered)
192.168.43.168 88:d8:2e:f3:fa:11 (Unknown)
192.168.43.86 10:3f:44:50:5b:fd (Unknown) (DUP: 1)
使用kali访问互联网
随着时间的推移,您一定会遇到想将漏洞利用工具更新到最新的想法。
以metasploit为例,之前安装的时候版本是6.2.9,现在我要把它升级到最新。
首先,kali更新包获取:
┌──(root㉿kali)-[/etc/apt]
└─# apt-get update
Get:1 http://kali.download/kali kali-rolling InRelease [41.2 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 Packages [19.5 MB]
Get:3 http://kali.download/kali kali-rolling/main amd64 Contents (deb) [45.4 MB]
Get:4 http://kali.download/kali kali-rolling/contrib amd64 Packages [116 kB]
Get:5 http://kali.download/kali kali-rolling/contrib amd64 Contents (deb) [172 kB]
Get:6 http://kali.download/kali kali-rolling/non-free amd64 Packages [222 kB]
Get:7 http://kali.download/kali kali-rolling/non-free amd64 Contents (deb) [931 kB]
Fetched 66.4 MB in 24s (2,781 kB/s)
Reading package lists... Done
再次,安装最新的metasploit-framework:
┌──(root㉿kali)-[/etc/apt]
└─# apt-get install metasploit-framework
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
ruby3.0 ruby3.0-dev ruby3.0-doc
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
libc-bin libc-dev-bin libc-devtools libc-l10n libc6 libc6-dev libc6-i386 libedit2 libpq5 libruby libruby3.1 locales ruby ruby-dev ruby-ffi ruby-nokogiri ruby-oj ruby-sdbm ruby-sqlite3 ruby-unf-ext ruby-webrick
ruby-yajl ruby3.1 ruby3.1-dev ruby3.1-doc
Suggested packages:
glibc-doc libnss-nis libnss-nisplus clamav clamav-daemon ri
The following NEW packages will be installed:
libruby libruby3.1 ruby-sdbm ruby3.1 ruby3.1-dev ruby3.1-doc
The following packages will be upgraded:
libc-bin libc-dev-bin libc-devtools libc-l10n libc6 libc6-dev libc6-i386 libedit2 libpq5 locales metasploit-framework ruby ruby-dev ruby-ffi ruby-nokogiri ruby-oj ruby-sqlite3 ruby-unf-ext ruby-webrick
ruby-yajl
20 upgraded, 6 newly installed, 0 to remove and 1755 not upgraded.
Need to get 180 MB of archives.
After this operation, 62.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://kali.download/kali kali-rolling/main amd64 libc-l10n all 2.36-8 [673 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 libc-devtools amd64 2.36-8 [51.4 kB]
Get:3 http://kali.download/kali kali-rolling/main amd64 libc-dev-bin amd64 2.36-8 [43.8 kB]
Get:4 http://kali.download/kali kali-rolling/main amd64 libc6-dev amd64 2.36-8 [1,897 kB]
Get:5 http://kali.download/kali kali-rolling/main amd64 libc6-i386 amd64 2.36-8 [2,457 kB]
Get:6 http://kali.download/kali kali-rolling/main amd64 locales all 2.36-8 [3,900 kB]
Get:7 http://kali.download/kali kali-rolling/main amd64 libc6 amd64 2.36-8 [2,747 kB]
Get:8 http://kali.download/kali kali-rolling/main amd64 libc-bin amd64 2.36-8 [605 kB]
Get:9 http://kali.download/kali kali-rolling/main amd64 libedit2 amd64 3.1-20221030-2 [93.0 kB]
Get:10 http://kali.download/kali kali-rolling/main amd64 libpq5 amd64 15.2-1 [185 kB]
Get:11 http://kali.download/kali kali-rolling/main amd64 ruby-webrick all 1.8.1-1 [51.4 kB]
Get:12 http://http.kali.org/kali kali-rolling/main amd64 ruby-sdbm amd64 1.0.0-5+b1 [15.4 kB]
Get:13 http://kali.download/kali kali-rolling/main amd64 libruby3.1 amd64 3.1.2-6 [5,402 kB]
Get:14 http://kali.download/kali kali-rolling/main amd64 libruby amd64 1:3.1 [4,972 B]
Get:15 http://http.kali.org/kali kali-rolling/main amd64 ruby-ffi amd64 1.15.5+dfsg-1+b1 [92.6 kB]
Get:16 http://http.kali.org/kali kali-rolling/main amd64 ruby-yajl amd64 1.4.3-1+b2 [46.8 kB]
Get:17 http://http.kali.org/kali kali-rolling/main amd64 ruby-unf-ext amd64 0.0.7.7-1+b4 [91.1 kB]
Get:18 http://http.kali.org/kali kali-rolling/main amd64 ruby-sqlite3 amd64 1.4.2-4+b3 [43.2 kB]
Get:19 http://kali.download/kali kali-rolling/main amd64 ruby-oj amd64 3.14.1-3 [189 kB]
Get:20 http://http.kali.org/kali kali-rolling/main amd64 ruby-nokogiri amd64 1.13.10+dfsg-2+b1 [256 kB]
Get:21 http://kali.download/kali kali-rolling/main amd64 ruby3.1 amd64 3.1.2-6 [663 kB]
Get:22 http://kali.download/kali kali-rolling/main amd64 metasploit-framework amd64 6.3.4-0kali1 [157 MB]
Get:23 http://kali.download/kali kali-rolling/main amd64 ruby amd64 1:3.1 [5,868 B]
Get:24 http://kali.download/kali kali-rolling/main amd64 ruby3.1-dev amd64 3.1.2-6 [1,001 kB]
Get:25 http://kali.download/kali kali-rolling/main amd64 ruby-dev amd64 1:3.1 [5,116 B]
Get:26 http://kali.download/kali kali-rolling/main amd64 ruby3.1-doc all 3.1.2-6 [2,449 kB]
Fetched 180 MB in 1min 3s (2,872 kB/s)
Preconfiguring packages ...
(Reading database ... 338365 files and directories currently installed.)
......
Generation complete.
Setting up ruby3.1-doc (3.1.2-6) ...
Setting up ruby-webrick (1.8.1-1) ...
Setting up libc6-i386 (2.36-8) ...
Setting up libc-dev-bin (2.36-8) ...
Setting up libc-devtools (2.36-8) ...
Setting up libc6-dev:amd64 (2.36-8) ...
Setting up libruby3.1:amd64 (3.1.2-6) ...
Setting up libruby:amd64 (1:3.1) ...
Setting up ruby-oj:amd64 (3.14.1-3) ...
Setting up ruby-sqlite3 (1.4.2-4+b3) ...
Setting up ruby3.1 (3.1.2-6) ...
Setting up ruby3.1-dev:amd64 (3.1.2-6) ...
Setting up ruby-ffi:amd64 (1.15.5+dfsg-1+b1) ...
Setting up ruby-sdbm:amd64 (1.0.0-5+b1) ...
Setting up ruby-dev:amd64 (1:3.1) ...
Setting up ruby (1:3.1) ...
Setting up ruby-yajl (1.4.3-1+b2) ...
Setting up ruby-nokogiri (1.13.10+dfsg-2+b1) ...
Setting up ruby-unf-ext (0.0.7.7-1+b4) ...
Setting up metasploit-framework (6.3.4-0kali1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for kali-menu (2022.3.1) ...
Processing triggers for libc-bin (2.36-8) ...
现在验证下版本号,变成了6.3.4,这是此刻的最新版本。
┌──(root㉿kali)-[/etc/apt]
└─# msfconsole
___ ____
,-"" `. < HONK >
,' _ e )`-._ / ----
/ ,' `-._<.===-'
/ /
/ ;
_ / ;
(`._ _.-"" ""--..__,' |
<_ `-"" \
<`- :
(__ <__. ;
`-. '-.__. _.' /
\ `-.__,-' _,'
`._ , /__,-'
""._\__,'< <____
| | `----.`.
| | \ `.
; |___ \-``
\ --<
`.`.<
`-'
=[ metasploit v6.3.4-dev ]
+ -- --=[ 2294 exploits - 1201 auxiliary - 409 post ]
+ -- --=[ 968 payloads - 45 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: Use the analyze command to suggest
runnable modules for hosts
Metasploit Documentation: https://docs.metasploit.com/
msf6 >
这大概是我能找到的最简单的方法了。
之前,包括我在内的很多人都是先下载kali普通镜像,然后再虚拟机里先分配内存再做很繁杂的配置,经常出错,令人头疼。现在用这种与虚拟机直接匹配的kali镜像,直接导入,非常方便。