lab setup guide

1. Author: JollyFrogs, Brisbane, Australia
2. Version: 1.08
3. Revision date: 22 August 2015
4. Updates:
5. v107: Kali version changed to 2.0
6. v107: Virtualbox version changed to 5.0.0 r101573
7. v107: Changed IP from 10.1.x.x. to 10.123.x.x to solve IP overlap issue with OSCP labs
8. v107: Changed from non-PAE kernel to a PAE kernel during installation
9. v108: Fixed slow shutdown issue in Kali 2.0 due to openvpn hanging at shutdown
10. v108: Fixed openvpn init.d startup issue
11. v108: Minor spelling corrections
12.  
13. Note: Kernel is changed back to a non-PAE kernel after installation. This is required for the PWK buffer overflow section.
14.  
15. Note: This guide is written for Windows 7 64-bit Host OS, I strongly advise using this operating system to install your OSCP Kali VM.
16.  
17. This is the hardware that I used to set up this lab, if you don't have similar or better hardware, I advise investing a little in getting good hardware:
18. Asus Maximus Hero VI motherboard
19. 32GB memory (Kingston)
20. Intel 120GB SSD
21. Core i7-4770K CPU @ 3.50GHz, 4 Core(s), 8 Logical Processors
22. Windows 7 64-bit (6.1.7601 SP1)
23.  
24. I have created this lab using my own network IP addressing, details of which are:
25. (All subnet masks in the LAN are /24 aka 255.255.255.0)
26.  
27. The following components are what I start with, just my PC and a router which I used as default gateway to connect to the internet:
28. 10.123.1.1 = My physical internet router (a Ubiquity ERLite3) which acts as my default gateway and DNS server.
29. 10.123.1.110 = My main PC LAN interface, we will lose this IP when we configure a BRIDGE interface later
30.  
31. The following IP addresses are used for various components that are added during this guide:
32. 10.123.1.110 = My main PC BRIDGE interface
33. 10.123.1.199 = Kali 1.1.0a VirtualBox VM
34.  
35. You have two options when following this guide:
36. 1) Rename all references to the IP addresses above and in this guide to IP addresses you are using on your LAN.
37. or
38. 2) Renumber your internal network IP addressing to use the same IP addresses as in this guide.
39.  
40. You do not need hardware components to set up this lab other than a beefy PC, everything will be running in VirtualBox on your PC.
41.  
42. ------------
43. Preparations
44. ------------
45.  
46. Important notice: Do not skim over these instructions, they provide the foundation of your environment. Any typo or mistake here will affect your environment later in unpredictable ways, please take the time to go through these steps carefully. Spelling matters, typos matter. If you run into any issues during installation, please re-read the instructions carefully and ensure you haven't made a typo.
47.  
48. IMPORTANT NOTE: I don't isolate hosts on my network. This is a very *UNSAFE* practice, especially when meddling with vulnerable applications and systems while coding and testing new exploits. I run a simple but good firewall (Ubiquity ERLite3) which protects my network from outside attacks, but more importantly, I have off-line backups of all my important files and documents. If this is something that you don't feel 100% comfortable with, then you should set up an isolated network which is totally segregated from your home network. VirtualBox supports this kind of set up via "Host-only adapters" but this guide doesn't cover such a setup.
49.  
50. Get required files:
51. --------------------
52. VirtualBox 5.0.0 v101573:
53. http://download.virtualbox.org/virtualbox/5.0.0/VirtualBox-5.0.0-101573-Win.exe
54.  
55. Kali 2.0 (kali-linux-2.0-i386.iso):
56. http://images.kali.org/kali-linux-2.0-i386.torrent
57. NOTE: For the OSCP exam, you'll need the 32-bit Kali, NOT the 64-bit version
58.  
59. Create and bridge a loop-back adapter so your virtual machines can talk to your physical PC and network
60. -------------------------------------------------------------------------------------------------------
61. - Click the Windows Start button (bottom left)
62. - type "cmd" but do not press enter
63. - Right-click "cmd.exe" (top of start bar menu) and select "run as Administrator" (Click "Yes" to confirm)
64. Note: In the black cmd.exe screen:
65. - type "hdwwiz.exe" and press Enter
66. Note: the "Add Hardware Wizard" window opens
67. - Click "Next"
68. - Select “Install the hardware that I manually select from a list (Advanced)” and click "Next"
69. - Select “Network adapters” and click "Next"
70. - Select “Microsoft” and “Microsoft Loopback Adapter” under Manufacturer and Network Adapter respectively, then click "Next"
71. - Click "Next" to install the loopback adapter
72. - Click "Finish" to close the "Add Hardware" screen
73. Note: We're still in the black cmd.exe screen:
74. - type "ncpa.cpl" and press Enter
75. Note: the "Network Connections" window opens
76. - Right-click the adapter "Microsoft Loopback Adapter" and select "Rename"
77. - Rename the Loopback Adapter to "LOOPBACK" to remove confusion later
78. - Right-click your wired network adapter and select "Rename"
79. - Rename your wired network adapter to "LAN"
80. - Highlight (left click while holding CTRL key pressed) both the LOOPBACK adapter and your LAN network adapter
81. - Right click on the LOOPBACK while both adapters are highlighted and select "Bridge Connections"
82. Note: This will create a new network card called "Network Bridge"
83. - Right-click your new bridge adapter and select "Rename"
84. - Rename your wired network adapter to "BRIDGE"
85. - Right-click "BRIDGE" and select "Properties"
86. In the "BRIDGE Properties" screen:
87. - Left-click (this highlights) "Internet Protocol Version 4 (TCP/IPv4)" and click "Properties"
88. In the "Internet Protocol Version 4 (TCP/IPv4) Properties" screen:
89. In the "General" tab at the top:
90. Select "Use the following IP address"
91. IP address: 10.123.1.110
92. Subnet mask: 255.255.255.0
93. Default gateway: 10.123.1.1
94. Preferred DNS server: 10.123.1.1
95. Alternate DNS server: <leave blank>
96. - Click "OK" to close the "Internet Protocol Version 4 (TCP/IPv4) Properties" screen
97. - Click "Close" to close the "BRIDGE Properties" screen
98. Note: We're still in the black cmd.exe screen:
99. - type "ping www.google.com"
100. Note: You should see replies from the google web server. Your BRIDGE adapter is now your main network adapter
101. Note: Do not proceed if you do not have internet connectivity
102. - Close the "Command Prompt" black cmd.exe screen
103.  
104. Install VirtualBox
105. ------------------
106. Run "VirtualBox-5.0.0-101573-Win.exe"
107. Note: Click "Yes" on any opening warnings
108. - Click "Next"
109. - Click "Next" (install all options)
110. - Click "Next"
111. - Click "Yes"
112. - Click "Install" to start the installation
113. - Click "Yes" at the UAC warning screen
114. - If you get prompted: Click "Install" to install the device driver
115. - Click "Finish"
116.  
117. Install Kali 2.0 on VirtualBox 5.0.0 r101573
118. --------------------------------------------
119. Start "Oracle VM VirtualBox"
120. - Click "New"
121. Name: Kali20-32bit-v108
122. Type: Linux
123. Version: Debian (32 bit)
124. - Click "Next"
125. MB: 2048 (you can get by with just 1024 but I like to speed things up with more memory)
126. - Click "Next"
127. Select "Create a virtual hard drive now"
128. - Click "Create"
129. - Select "VDI (VirtualBox Disk Image)" and Click "Next"
130. - Select "Dynamically allocated" and Click "Next"
131. - "F:\VIRTUALBOX_DISKS\Kali20-32bit-v108.vdi" (choose a location on a fast drive with at least 50GB of free space)
132. - "50.00 GB" (to make sure we don't run out of space any time soon)
133. - Click "Create"
134. NOTE: A new icon "Kali20-32bit-v108" was created in your "Oracle VM VirtualBox Manager"
135.  
136. NOTE: Leave settings at default unless otherwise stated below
137. NOTE: I'm showing some important settings even though they are defaults, in case the defaults change some day
138. - Right-click "Kali20-32bit-v108" in the left menu and click "Settings..."
139. General - Advanced - Shared Clipboard: "Bidirectional"
140. System - Motherboard - Floppy: Untick
141. System - Processor - Enable PAE/NX: Make sure this is ticked (this changed from our previous guide and we need it to install Kali2.0 with pae kernel)
142. In the "Storage" menu, Left-Click "Empty" to select it
143. On the far right, click on the blue tiny CD-Rom icon and click "Choose a virtual CD/DVD disk file..."
144. Select "D:\APPS\Linux - Kali\kali-linux-2.0-i386.iso" (choose your appropriate folder)
145. Audio - Host Audio Driver - Windows DirectSound
146. Audio - Audio Controller - Intel HD Audio
147. Network - Adapter 1 - Enable Network Adapter: Tick
148. Network - Adapter 1 - Attached to: "Bridged Adapter"
149. Network - Adapter 1 - Name: "MAC Bridge Miniport"
150. Network - Adapter 1 - Advanced - Adapter Type: "Intel PRO/1000 MT Desktop (82540EM)"
151. Network - Adapter 1 - Advanced - Promiscuous Mode: Allow All
152. Network - Adapter 1 - Advanced - MAC Address: 666666666666
153. NOTE: Set the MAC address to an easily identifiable MAC
154. Network - Adapter 1 - Advanced - Cable Connected: Tick
155. Shared Folders - Click the blue folder icon with the green +
156. Folder Path: Click on the pull down and select "Other..."
157. Navigate to "Computer" -> "Local Disk (C:)"
158. Click "Make New Folder" -> use "KALISHARED" as the name
159. With "C:\KALISHARED" highlighted click "OK"
160. Folder Name: KALISHARED
161. Tick "Auto-mount"
162. Click "OK" to create the shared folder
163. - Click "OK" to close the "Kali20-32bit-v108 - Settings" screen
164. - Right-click "Kali20-32bit-v108" in the left menu and click "Start" -> "Normal Start"
165.  
166. Note: A new screen "Kali20-32bit-v108 [Running] - Oracle VM VirtualBox" opens and the Kali Linux installer will boot.
167. In the "Kali20-32bit-v108 [Running] - Oracle VM VirtualBox" screen:
168. You will be presented with the Kali boot menu
169. Use the down arrows on your keyboard to highlight "Install" and press Enter to start installation
170.  
171. Note: The options below assume you're pressing <Enter> to select them:
172. Select "English - English"
173. Select "Australia" (select your country)
174. Select "American English"
175. Hostname: kali20
176. Domain name: frog.pond (choose anything you want)
177. Root password: mysecret (choose any password you like)
178. Re-enter password to verify: mysecret
179. Select the state of province to set your time zone: "Queensland" (the sunny state!)
180. Partitioning method: "Guided - use entire disk"
181. Select disk to partition: "SCSIx (0,0,0) (sda) - 53.7 GB ATA VBOX HARDDISK"
182. Partitioning scheme: "All files in one partition (recommended for new users)"
183. "Finish partitioning and write changes to disk" - press <Enter>
184. Write the changes to disks? "Yes"
185. Note: Kali will now copy required files off the virtual cd-rom to the virtual hard drive
186. Use a network mirror? "Yes"
187. Do you need a proxy: <leave empty> and select "Continue"
188. Note: This step can take a while, the download is around 100-200 MB
189. Install the GRUB boot loader to the master boot record? "Yes"
190. Device for boot loader installation: "/dev/sda (ata-VBOX_HARDDISK_<random_numbers>)"
191. Installation Complete: "Continue"
192. Note: Kali will reboot. Let the GNU GRUB boot menu time out or select "Kali GNU/Linux"
193.  
194. - Username: root
195. - Password: mysecret (whatever password you chose earlier)
196. Note: You will be presented a desktop environment.
197.  
198. In the left menu bar on the desktop, click the black "$_" icon ("terminal")
199. In the "root@kali20:~#" terminal window type:
200. Note: You can not use copy/paste yet! We'll install VirtualBox guest additions for that first
201. # ifconfig
202. Note: You should have gotten an IP address from your network router.
203. # ping 8.8.8.8
204. Note: You should see replies from 8.8.8.8, if you do then you have internet access from Kali!
205. Note: If you do not have internet access then do not continue installation and fix internet first
206.  
207. Install non-PAE kernel so we can run lab exploits on our Kali machine:
208. # apt-get install linux-image-586 linux-headers-586 -y
209. Note: If you get "E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)"
210. Note: then wait 5 minutes and try again, it means the system is checking for updates in the background.
211. # apt-get remove -y linux-image-686-pae
212. # apt-get autoremove -y linux-image-4.0.0-kali1-686-pae
213. Abort kernel removal? <No>
214. # grub-mkconfig -o /boot/grub/grub.cfg
215. # reboot
216.  
217. Note: You can not yet use copy/paste since we have not yet installed the VirtualBox guest additions.
218. Install Virtualbox guest additions:
219. Click "Devices" -> "Insert Guest Additions CD image..."
220. Click "Cancel" when asked to auto-run it
221.  
222. In the left menu bar on the desktop, click the black "$_" icon ("terminal")
223. In the "root@kali20:~#" terminal window type:
224. # cd /root/
225. # cp /media/cdrom/VBoxLinuxAdditions.run /root/
226. # chmod 755 /root/VBoxLinuxAdditions.run
227. # ./VBoxLinuxAdditions.run
228. Note: Ignore the error "The headers for the current running kernel were not found.".
229. # shutdown -h now
230.  
231. After you have shutdown the Kali virtual machine:
232. - Copy "lab-connection.tar.bz2" which you downloaded from offensive security to C:\KALISHARED\ on your PC
233.  
234. In "Oracle VM VirtualBox Manager":
235. - Right-click "Kali20-32bit-v108" in the left menu and click "Settings..."
236. System - Processor - Enable PAE/NX: Make sure this is NOT ticked
237. Note: We disable PAE to also disable NX-bit protection. This will allow us to run exploits on our Kali machine
238. - Right-click "Kali20-32bit-v108" in the left menu and click "Start" -> "Normal Start"
239.  
240. After reboot, login with user root and password you configured earlier
241. Right-click "VBOXADDITIONS_5.0.0_101573" and click "Eject"
242.  
243. Note: Now that you have installed the VirtualBox additions to Kali, you can:
244. - Seamlessly move the mouse in and out of the virtual machine
245. - Copy/Paste to and from the virtual machine using clipboard
246. - Share folders between the virtual machine guest and your host machine
247.  
248. Click the button on the left menu bar that looks like 9 tiny squares that form a bigger square ("Show Applications")
249. In "Type to search..." at the top, type "power"
250. Click the yellow "Power" icon that appears
251. "Blank Screen:" Never
252. Close the Power settings
253.  
254. Click the button on the left menu bar that looks like 9 tiny squares that form a bigger square ("Show Applications")
255. In "Type to search..." at the top, type "privacy"
256. Click the purple "Privacy" icon that appears
257. Click "On" next to "Screen Lock" to turn it off -> Automatic Screenlock: "Off"
258. Close the Privacy settings
259.  
260. Click the button on the left menu bar that looks like a grey control panel ("Tweak Tool")
261. Click "Extensions"
262. Click the settings icon (looks like a bright sun) in the "Dash to Dock" line
263. "Intelligent Auto-hide": Turn this off
264. Close the Tweak Tool
265.  
266. Note: We configure the system to automatically login with root user. A very unsafe practice!
267. In the right-side menu bar click the black "$_" icon ("terminal")
268. # gsettings set org.gnome.login-screen banner-message-enable true
269. # gsettings set org.gnome.login-screen banner-message-text "user=root pass=mysecret"
270. # sed -i 's/# AutomaticLoginEnable = true/AutomaticLoginEnable = true/g' /etc/gdm3/daemon.conf
271. # sed -i 's/# AutomaticLogin = root/AutomaticLogin = root/g' /etc/gdm3/daemon.conf
272. # cd /root/ && cp /media/sf_KALISHARED/lab-connection.tar.bz2 /root/
273. # cd /root/ && bzip2 -cd lab-connection.tar.bz2 | tar xvf -
274. Note: In the next command, replace OS-XXXXX with your offsec userID
275. # echo "OS-XXXXX" >> /root/lab-connection/creds.conf
276. Note: In the next command, replace myoffsecpassword with your offsec password
277. # echo "myoffsecpassword" >> /root/lab-connection/creds.conf
278. # sed -i 's#ca lab-connection.pem#ca /root/lab-connection/lab-connection.pem#g' /root/lab-connection/lab-connection.conf
279. # sed -i 's#auth-user-pass#auth-user-pass /root/lab-connection/creds.conf#g' /root/lab-connection/lab-connection.conf
280. # cp /root/lab-connection/lab-connection.conf /etc/openvpn/offsec.conf
281. # sed -i 's/#AUTOSTART="home office"/AUTOSTART="offsec"/g' /etc/default/openvpn
282. Note: the two copy steps below are required to fix a bug in the init.d script of openvpn which looks for the wrong config file
283. # cp /etc/openvpn/offsec.conf /etc/openvpn/server.conf
284. # cp /etc/openvpn/offsec.conf /etc/openvpn/openvpn.conf
285. # chmod +x /etc/openvpn/*.conf
286. # update-rc.d openvpn enable
287.  
288. Note: Install additional tools
289. # apt-get install veil-evasion veil-catapult ldap-utils terminator python-notify xchat freerdp-x11 mingw32 filezilla xdotool sshpass -y
290.  
291. Note: We configure 3 proxychains configurations which we can use for different networks later
292. # mkdir /root/proxy1 && mkdir /root/proxy2 && mkdir /root/proxy3
293. # echo /root/proxy1/ /root/proxy2/ /root/proxy3 | xargs -n 1 cp /etc/proxychains.conf
294. # sed -i 's/9050/9011/g' /root/proxy1/proxychains.conf && sed -i 's/socks4/socks5/g' /root/proxy1/proxychains.conf
295. # sed -i 's/9050/9022/g' /root/proxy2/proxychains.conf && sed -i 's/socks4/socks5/g' /root/proxy2/proxychains.conf
296. # sed -i 's/9050/9033/g' /root/proxy3/proxychains.conf && sed -i 's/socks4/socks5/g' /root/proxy3/proxychains.conf
297.  
298. Note: You can set up proxychains to reach multiple networks as follows:
299. Note: ssh -i /root/id_rsa -q -f -N -p <publicsshporthost1> host1user@publichost1ip -L 8011:localipofhost1:localsshportofhost1 2> /dev/null
300. Note: ssh -i /root/id_rsa -q -f -N -D 127.0.0.1:9011 -p 8011 host1user@127.0.0.1 2> /dev/null
301. Note: ssh -i /root/id_rsa -q -f -N -p <publicsshporthost2> host2user@publichost2ip -L 8022:localipofhost2:localsshportofhost2 2> /dev/null
302. Note: ssh -i /root/id_rsa -q -f -N -D 127.0.0.1:9022 -p 8022 host2user@127.0.0.1 2> /dev/null
303. Note: ssh -i /root/id_rsa -q -f -N -p <publicsshporthost3> host3user@publichost3ip -L 8033:localipofhost3:localsshportofhost3 2> /dev/null
304. Note: ssh -i /root/id_rsa -q -f -N -D 127.0.0.1:9033 -p 8033 host3user@127.0.0.1 2> /dev/null
305. Note: Now you can proxychain through host1 as follows:
306. Note: cd /root/proxy1/ && proxychains curl localipofsomeremotehostonhost1network
307. Note: Now you can proxychain through host2 as follows:
308. Note: cd /root/proxy2/ && proxychains curl localipofsomeremotehostonhost2network
309. Note: Now you can proxychain through host3 as follows:
310. Note: cd /root/proxy3/ && proxychains curl localipofsomeremotehostonhost3network
311. Note: As you can see, you can browse multiple networks by simply running the proxychains command from a different directory
312.  
313. NOTE: b374k is a php shell with useful features
314. # cd /root/ && git clone https://github.com/b374k/b374k.git /root/b374k
315. # cd /root/b374k && php -f index.php -- -l
316. # php -f index.php -- -o jollyshell.php -p somepassword -s -b -z gzcompress -c 9
317. # mv jollyshell.php /root/jollyshell_somepassword.php
318. # mkdir /root/paexec && cd /root/paexec/ && wget http://www.poweradmin.com/paexec/paexec.exe
319.  
320. Now we run some Metasploit initialization commands:
321. # update-rc.d postgresql enable && /etc/init.d/postgresql start
322. # msfdb init
323. # msfconsole
324. Note: Don't do anything in Metasploit. It can take a while before the database has updated the cache.
325. Note: Open up another terminal and type:
326. # sudo -H -u postgres bash -c 'psql -d msf -c "select count(*) from module_details;"' | sed -n 3p
327. NOTE: The query will return the number of rows updated so far.
328. NOTE: Add up all the exploits, auxiliary, post, payloads, encoders and nops in the welcome message
329. NOTE: On a default Kali 2.0 installation, this number would be 3016.
330. NOTE: After the database has fully updated, do the following:
331. msf > exit
332. # msfconsole
333. msf > search auxiliary
334. NOTE: You should not see a warning that the database is disconnected or the cache has not been updated
335. msf > exit
336.  
337. Note: Start burpsuite
338. - Click the grey/orange icon on the left bar (BurpSuite)
339. Note: Untick "Help improve Burp by submitting anonymous feedback about its performance" unless you want it to
340. Note: Click "I Accept" to accept the licence if it pops up
341. In burpsuite:
342. Click "Proxy" in the top menu bar (towards the left)
343. Click "Options" under the Proxy settings (one bar below the top bar)
344. Highlight the current Proxy Listener (127.0.0.1:8080) and click "Edit":
345. Change "Bind to port:" to 9500
346. In the "Certificate" tab, select "Use a self-signed certificate"
347. Click OK to close the menu
348. Still in the Proxy -> Options, scroll all the way down
349. Enable interception at startup: "Always disable"
350. Close BurpSuite (Click "Yes" to confim)
351. Note: Closing burpsuite saves the settings
352.  
353. Start BurpSuite and IceWeasel and configure it to use Burp as its proxy server as follows:
354. - Click the grey/orange icon on the left bar (BurpSuite)
355. - Minimize BurpSuite
356. - Click the blue/white weasel icon on the menu bar on the left ("Iceweasel")
357. NOTE: Note how open applications have a tiny grey dot next to them in the left menu bar indicating they are running
358. Open Menu -> Preferences -> Advanced -> Network -> Settings...
359. Select "Manual proxy configuration"
360. HTTP Proxy: 127.0.0.1 Port 9500
361. Tick "Use this proxy server for all protocols"
362. No proxy for: localhost, 127.0.0.1
363. Click OK
364. Click "Close"
365.  
366. Navigate to http://burp
367. - Click "CA Certificate" in the top right -> Save File-
368. - In IceWeasel open the IceWeasel Menu.
369. - Click on "Preferences".
370. - Select the "Advanced" tab.
371. - Select the "Certificates" tab and click "View Certificates"
372. - Select the "Authorities" tab
373. - Click "Import", select the Burp CA certificate file that you previously saved and click “Open”.
374. Note: You will be asked for the root password to unlock your keyring
375. - In the dialog box that pops up, check the box "Trust this CA to identify web sites", and click "OK".
376. - Click "OK" and close all dialogs and close IceWeasel and Burpsuite
377.  
378. Note: Auto-start Apache and disable Apache 443 listener so we can use the port for reverse meterpreter shells
379. # update-rc.d apache2 enable
380. # sed -i 's/Listen 443/# Listen 443/g' /etc/apache2/ports.conf
381.  
382. Note: We update nmap scripts
383. # nmap --script-updatedb
384.  
385. # xchat
386. Note: You are reminded that running IRC as root is stupid. Click "OK"
387. In the XChat: Network List screen:
388. Nick name: jollyfrogs (use your own name preferably)
389. Second choice: <leave empty>
390. Third choice: <leave empty>
391. User name: jollyfrogs (use your own login)
392. Real name: jollyfrogs (guess what?)
393. Networks:
394. Scroll down to FreeNode and highlight it, then click "Edit..."
395. Connect to selected server only: Tick
396. Use global user information: Tick
397. Auto connect to this network at startup: Tick
398. Favorite channels: #offsec
399. Nickserv password: <your nickserv password which you can register with /nickserv on the IRC server>
400. Server password: <leave blank>
401. Click "Close"
402. Skip network list on startup: Tick
403. Click "Close"
404. Note: Quit XChat if it didn't already exit for you
405. Note: If you get asked if you are sure select "Don't ask next time" and click "Quit"
406. # xchat
407. Note: XChat should now connect to #offsec.
408. In the "XChat: Connection Complete" window:
409. "Nothing, I'll join a channel later"
410. Untick "Always show this dialog after connecting"
411. Click "OK" to close the "XChat: Connection Complete" window
412. Note: Spend a few minutes to register your nick with nickserv. You do not have to use your OSCP ID as your nickname
413. Close XChat
414. Note: If you get asked if you are sure select "Don't ask next time" and click "Quit"
415.  
416. # mkdir /root/.config/terminator && gedit /root/.config/terminator/config
417. Note: Copy paste below without ===============
418. ===============
419. [global_config]
420. enabled_plugins = LaunchpadCodeURLHandler, APTURLHandler, LaunchpadBugURLHandler
421. [keybindings]
422. [profiles]
423. [[default]]
424. icon_bell = False
425. [layouts]
426. [[default]]
427. [[[child1]]]
428. profile = default
429. type = Terminal
430. parent = window0
431. command = ""
432. [[[window0]]]
433. type = Window
434. parent = ""
435. [[Jollyfrogs]]
436. [[[child0]]]
437. position = 0:27
438. type = Window
439. order = 0
440. parent = ""
441. size = 1329, 650
442. [[[child1]]]
443. labels = NMAP1, NMAP2, MSFCONSOLE, PROXYCHAINS, BASH1, BASH2
444. type = Notebook
445. order = 0
446. parent = child0
447. [[[terminal2]]]
448. profile = default
449. command = ""
450. type = Terminal
451. order = 0
452. parent = child1
453. [[[terminal3]]]
454. profile = default
455. command = ""
456. type = Terminal
457. order = 1
458. parent = child1
459. [[[terminal4]]]
460. profile = default
461. command = ""
462. type = Terminal
463. order = 2
464. parent = child1
465. [[[terminal5]]]
466. profile = default
467. command = ""
468. type = Terminal
469. order = 3
470. parent = child1
471. [[[terminal6]]]
472. profile = default
473. command = ""
474. type = Terminal
475. order = 4
476. parent = child1
477. [[[terminal7]]]
478. profile = default
479. command = ""
480. type = Terminal
481. order = 5
482. parent = child1
483. [plugins]
484. ===============
485. Note: Save the file and exit gedit
486.  
487. # mkdir /root/.config/autostart
488. # gedit /root/.config/autostart/terminator.desktop
489. [Desktop Entry]
490. Type=Application
491. Exec=terminator -l Jollyfrogs -p default
492. Hidden=false
493. X-GNOME-Autostart-enabled=true
494. Name=Terminator
495. Comment=Terminator
496.  
497. # gedit /root/.config/autostart/burpsuite.desktop
498. [Desktop Entry]
499. Type=Application
500. Exec=/usr/bin/burpsuite
501. Hidden=false
502. X-GNOME-Autostart-enabled=true
503. Name=BurpSuite
504. Comment=BurpSuite
505.  
506. # gedit /root/.config/autostart/xchat.desktop
507. [Desktop Entry]
508. Type=Application
509. Exec=/usr/bin/xchat
510. Hidden=false
511. X-GNOME-Autostart-enabled=true
512. Name=XChat
513. Comment=XChat
514.  
515. NOTE: "locate" command uses a database that is first built using "updatedb"
516. # updatedb
517. # apt-get update && apt-get upgrade -y
518.  
519. Note: We're all done!
520. Let's test our new installation by rebooting and seeing if everything comes up properly:
521. # reboot
522.  
523. Note: After verifying everything works and that your VPN is running, we back up our VM so you can restore a clean install in minutes if required
524. # shutdown -h now
525.  
526. In the "Oracle VM VirtualBox Manager" window:
527. - Click "File" -> "Export Appliance..."
528. - Left-click "Kali20-32bit-v108" to highlight it
529. - Click "Next >"
530. File: "D:\STUDY\OSCP\VIRTUAL_MACHINES\VANILLA_BACKUPS\Kali20-32bit-v108-all-apps.ova"
531. Format: "OVF 1.0"
532. Write Manifest file: Tick
533. - Click "Next >"
534. - Click "Export"
535. Note: The export can take quite a while
536.  
537. Note: After the export finishes, we have completed the installation of Kali and are ready for the PWK labs!