阿里云使用Docker安装kali

0x00 安装

使用DaoCloud快速安装docker

1
curl -sSL https://get.daocloud.io/docker | sh

加速下载docker官方镜像 安装kali

1
2
sudo docker pull  kalilinux/kali-linux-docker:latest
apt-get install metasploit-framework

0x01 配置

参考postgresql使用

1
2
3
4
5
6
7
8
9
10
11
12
创建msf5用户:
adduser msf5
su - postgres
psql
\du
CREATE USER msf5 WITH PASSWORD 'msf5';
ALTER USER msf5 CREATEDB|Superuser;

然后修改database.yml 中用户名和密码为msf5,msf5
这里位置为:
重启msfconsole,然后重建cache即可:
db_rebuild_cache

我的/usr/share/metasploit-framework/config/database.yml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Please only use postgresql bound to a TCP port.
# Only postgresql is supportable for metasploit-framework
# these days. (No SQLite, no MySQL).
#
# To set up a metasploit database, follow the directions hosted at:
# http://r-7.co/MSF-DEV#set-up-postgresql
development: &pgsql
adapter: postgresql
database: metasploit_framework_development
username: msf5
password: msf5
host: localhost
port: 5432
pool: 5
timeout: 5

# You will often want to seperate your databases between dev
# mode and prod mode. Absent a production db, though, defaulting
# to dev is pretty sensible for many developer-users.
production: &production
<<: *pgsql

# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
#
# Note also, sqlite3 is totally unsupported by Metasploit now.
test:
<<: *pgsql
database: metasploit_framework_test
username: msf5
password: msf5

0x02 保存镜像

在安装好msf并配置好之后,需要commit保存并导出。

1
2
docker commit commit -m "描述"  容器id  自定义名称:自定义标签 
docker save -o kali_msf_my.tar kali/msf_my:v1

增加一个root用户:

1
2
3
adduser angelwhu   #添加账户
groupadd admin #添加用户组
usermod -G admin -a angelwhu #添加到admin用户组

阿里云下载会断开连接,安装个ftp服务试试,vsftpd:

1
apt-get install vsftpd

配置配置限制

1
2
3
4
5
6
7
8
local_enable=YES   # 允许本地用户登录
write_enable=YES # 可写操作
chroot_local_user=YES
chroot_list_enable=YES //限制访问自身目录
# (default follows)
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

编辑 vsftpd.chroot_list文件,将受限制的用户(angelwhu)添加进去,每个用户名一行

0x03 参考

Docker —— 从入门到实践
科普简介:Docker在渗透中的应用
DockerPool技术文章

文章作者: angelwhu
文章链接: https://www.angelwhu.com/paper/2015/12/28/alibaba-cloud-uses-docker-to-install-kali/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 angelwhu_blog