We will first set up our OpenVPN server on a Kali Linux box with an external IP address (a.b.c.d). Once that’s done, we’ll build The Kali Linux ISO of Doom on the same machine and make it available for download through HTTP
echo "1" > /proc/sys/net/ipv4/ip_forward # Turn the server into the client's gateway iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # Generate the OpenVPN server and client certs. mkdir /etc/openvpn/easy-rsa cp /usr/share/easy-rsa/** /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa/ sed -i 's/ --interact//' build-ca sed -i 's/ --interact//' build-key-server . ./vars ./clean-all ./build-ca ./build-key-server server ./build-key client
# start the OpenVPN server /etc/init.d/openvpn start # Generate SSH keys to later access the client. ssh-keygen
# Building the Kali Reverse VPN Agent ISO
apt-get update apt-get install git live-build cdebootstrap curl -y git clone git://git.kali.org/live-build-config.git build cd build echo 'update-rc.d -f ssh enable' >> kali-config/common/hooks/01-start-ssh.chroot chmod +x kali-config/common/hooks/01-start-ssh.chroot echo 'update-rc.d -f openvpn enable' >> kali-config/common/hooks/02-start-openvpn.chroot chmod +x kali-config/common/hooks/02-start-openvpn.chroot wget https://www.kali.org/dojo/unattended.txt -O kali-config/common/hooks/02-unattended-boot.binary chmod +x kali-config/common/hooks/02-unattended-boot.binary ssh-keygen mkdir -p kali-config/common/includes.chroot/root/.ssh/ cp /root/.ssh/id_rsa.pub kali-config/common/includes.chroot/root/.ssh/authorized_keys wget https://www.kali.org/dojo/preseed.cfg -O ./kali-config/common/includes.installer/preseed.cfg echo openvpn >> kali-config/common/package-lists/kali.list.chroot echo openssh-server >> kali-config/common/package-lists/kali.list.chroot echo open-vm-tools >> kali-config/common/package-lists/kali.list.chroot mkdir kali-config/common/includes.chroot/etc mkdir kali-config/common/includes.chroot/etc/openvpn cp /etc/openvpn/easy-rsa/keys/{ca.crt,client.crt,client.key} kali-config/common/includes.chroot/etc/openvpn/ cat << EOF > kali-config/common/includes.chroot/etc/openvpn/client.conf client dev tap proto tcp remote your_server_ip 443 # remote server IP resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 EOF apt-get remove --purge libdebian-installer4 -y wget http://ftp.debian.org/debian/pool/main/libd/libdebian-installer/libdebian-installer_0.99.tar.xz tar xvf libdebian-installer_0.99.tar.xz cd libdebian-installer-0.99 grep -R parser_rfc822 src apt-get install automake libtool autoreconf -i -v ./configure make make install cd ~ lb config lb build mv binary.hybrid.iso /var/www/ service apache start cd /etc/openvpn/ openvpn --config /etc/openvpn/server.conf
Now when you boot a system from the iso. The iso will start an unattended install and connects back over vpn after reboot. Bridging the Network Gaps Once the VPN connection is established by the client, we can SSH to our internal Kali Linux agent and complete the final requirement: to bridge the remote and local networks together. # on the server
enable routing to the remote network on the OpenVPN server: route add -net 192.168.101.0/24 gw 10.8.0.200 # on Kali Agent We proceed and turn on IP forwarding along with IP masquerade on the remote Kali agent:
echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE based on https://www.offensive-security.com/kali-linux/kali-linux-iso-of-doom/
openvpn
openvpn2
openvpn
openvpn2