Thursday, June 16, 2022

Kali Linux In a Docker Container

 Update: this post has been updated and works as of June 2020 (official Offensive Security image names have changed).

Background

docker pull kalilinux/kali-rolling
docker run -ti kalilinux/kali-rolling /bin/bash

First Things First

apt update
apt dist-upgrade
apt autoremove
apt clean
apt install kali-tools-top10
docker ps -a
CONTAINER ID        IMAGE                         COMMAND             CREATED              STATUS                     PORTS               NAMES
2a08d58bcfa8 kalilinux/kali-rolling "/bin/bash" About a minute ago Exited (0) 2 seconds ago thirsty_snyder
docker commit <CONTAINER ID> my-kali
docker run -ti my-kali /bin/bash

Persistence Strategies

Option 1 — Volumes

  • /root — home dir for root (downloads, notes, source code etc.)
  • /var/lib/postgresql— Postgres database files (used by Metasploit)
docker run -ti --rm --mount src=kali-root,dst=/root --mount src=kali-postgres,dst=/var/lib/postgresql my-kali
  • This will create two volumes named kali-root and kali-postgres — or use existing ones on subsequent runs — and map them to the created container.
  • --rm switch makes Docker delete the container once it stops (i.e. once you exit the shell). This is perfectly fine (and preferred behaviour — you don’t want to waste storage on a bunch of stopped containers) as you have all the components — the image and the two volumes — to recreate it.
docker run -ti --rm --mount type=bind,src=/some/path/kali-root,dst=/root --mount type=bind,src=/some/path/kali-postgres,dst=/var/lib/postgresql my-kali bash

Option 2 — Within the Container

docker ps -a
docker start --attach <CONTAINER ID>

Docker Cleanup

docker container prune

No comments:

Post a Comment