Kali Linux VM in Oracle Virtualbox
Need help with implementation or an upcoming project? We offer professional services at reasonable rates to help you with your next network rollout, security audit, architecture design, and more. Click here to find out more.
While Kali Linux can be installed on bare-metal like a desktop or laptop, it's often easier to use a VM instead. By using a VM we limit hardware compatibility issues, have the ability to do snapshots (and revert if things go wrong), and easily export the VM for backup and portability. Running the VM in full screen allows for a seamless experience with minimal overhead.
Currently I run Kali Linux in 4GB of RAM with 2 virtual CPU cores inside Oracle Virtualbox. On some customer engagements I scale it down to a bare minimum Ubuntu Server install with just Metasploit Framework and a few other tools running in a VM on a laptop that only has 1GB of RAM and 2 virtual CPU cores.
First, start the download of the Prebuilt Kali Linux VirtualBox Image so it finishes while you download and install (or update) Oracle Virtualbox. If you choose the torrent method it's always nice to seed the download for a bit.
You'll need Virtualbox installed and running if you don't have it already - I recommend installing or updating to the latest stable version.
Virtualbox runs on pretty much every mainstream platform out there. I run Virtualbox on Windows development desktops and my road laptops during engagements. Seeing a Linux laptop popping up on a network during a Red Team engagement might give an observant sysadmin the freak out, so I like to keep it standard Windows and run the virtualized tools on top of that.
Once the Kali Linux VM Image has finished downloading go ahead and decompress it. This will give you an OVA file, which is a standard compressed virtual machine image format. Double-click that OVA file and Virtualbox will open the Import Virtual Appliance window for you.
Change the name of the VM to whatever you'd like, though you can leave it alone now and always change it later. I recommend checking the box to Reinitialize the MAC address... so Virtualbox will assign the VM a new, random MAC address. As you can see by looking at the rest of the lines the requirements for this VM are very modest - just 2GB of RAM and 2 virtual CPU cores.
Click Import and wait a few minutes while Virtualbox creates a VM and imports the OVA files.
Once the VM import is complete select the new machine in the left pane of Virtualbox, then select the down arrow next to the Start button, and then Detachable Start. This will open the VM in a new console window that you can move around, minimize, maximize, or full-screen.
Clicking inside the VM window will capture your mouse and keyboard, allowing you to interact with the VM like it's a hardware installation with its own peripherals. To release the mouse and keyboard use the Right Ctrl button.
Log into the Kali Linux VM with the username root and the password toor.
Launch a Terminal session using the icon shown below:
If you're going to use Kali Linux outside a lab environment you need to change the default password before doing anything else - use the passwd command inside a Terminal session.
Before moving on we'll update the Kali Linux VM to the latest stable software. Use the following apt commands to update package lists, then upgrade any packages running behind:
apt-get update apt-get upgrade -y
These updates could take a while, and you will be asked a couple times during the process to allow the process to restart services. Once those updates are done we'll also update the Metasploit Framework if any updates are available using the msfupdate utility:
msfupdate
This ensures we're running the latest tools and have access to the latest exploits. At this point you're ready to start scanning networks, set up the Metasploit Framework database, create macro payloads for Microsoft Excel, and more!