Linux In Docker

/ Comments off

Like most people I have been running an instance of Kali in a virtual machine. I am typically on my Surface Pro 4 using Windows 10 and using VMWare Workstation. This workflow has been working fine for sometime now, however I have been wanting something that is a bit more natural, quick and easy to use. Sometimes when you need to quickly spin up a tool in can be cumbersome to have to boot up the full VM to get it running.

Recently I have found Docker as a way to containerise a Kali instance. Spinning up a Docker Container is extremely quick and can provide you instance access to all your tools inside a command prompt of your host operating system. This post will take you through setting up and configuring an instance of Kali Linux in Docker on Windows 10.

Installing Docker for Windows.

Docker run -it -name amazon -d amazonlinux. Check running containers-docker ps. Connect Amazon Linux bash with root user rights. To connect the running container bash, execute the follwing command with root rights-docker exec -it -user root amazond /bin/bash. To stop and start container: docker stop amazon docker start amazon. May 18, 2021 Docker gives you everything you need to build and run containers on your Linux system. Containers are similar to lightweight virtual machines. They let you create portable application images which run using your host’s operating system kernel.

On Windows 10 (Anniversary Edition), you will firstly need to enable the use of containers. Using, Win + r, enter ‘optionalfeatures’ to access the ‘Turn Windows Features on or off’ prompt. Tick the box next to Containers and then click ‘Ok’.Browse to Dockers home page and download the Docker for Windows Community Edition.After Downloading, follow the bouncing ball to install Docker. It will see you need to log out of your account and back in, and you will need to make sure you are an administrator to make sure the installation goes smoothly.

Running Docker

When you run docker for the first time, if you do not have Hyper-V enabled it will ask you to turn it on. For those that are also running VMWare Workstation or VirtualBox this will mean that these Virtual Machine applications will not run. This is one downside to running Docker, however, you can turn Hyper-V off, reboot and then run your Virtual Machine software as normal (when you go to run Docker again, it will again prompt you to turn back on Hyper-V).

Installing Kali

Now that docker is running, open up your prefered command prompt (cmd.exe, PowerShell, I am using Cmder which is great!) and run the following command:

This will download the offical Kali Linux Docker image to your computer. Once downloaded you can run the container with the following command:

The ‘-it’ option allows you to open an interactive session with the container.

You will now be presented with the command prompt of your Kali instance.

Installing Tools

The kali instance you download has no tools installed at all. This allows you to full customise the Kali instance to contain as many tools as you want/need. The first thing to do, is to update the repositories, upgrade whats there and remove what we dont need:

You have a number of options for installing Tools. You can install the individual tools that you need yourself. Or you can install Kali’s meta-packages. These packages allow you to install the tools within Kali in customised packages for specific purposes. If you are not sure, the best option is to simply install the kali-linux-full package as it contains all the tools you would get if you downloaded and installed the .iso for Kali. To do this run the following:

Now, there are other options to install the Kali tools such as the Katoolin script, however, using the offical Kali docker image with the metapackages gives you the extra ‘goodies’ that Kali has other than just the tools. This includes all the things you find in /usr/share/ such as wordlists, password files, directory brute forcing files, Webshells etc, etc..

Committing the Image

Now you can exit your container by simplying type ‘exit’. To view your active container type:

Now, we can re-enter our container by typing:

Note that - ‘a8c6b00c02ca’ is the container ID, this ID will be specific to your container and will change for every container you create.

After re-starting your container, you can enter it by typing:

This method will work well if you only have to have the one Kali container open. However, if you are like me you will have multiple terminal open at once, which means we need to commit our current container to an image, so that we can load multiple containers off that one image. To do this type:

This will create a new image ‘kali’ from our container. We can view the images we have in Docker by running the following command:

From here, we can now remove our container using the commands:

Starting Kali Containers

Now that we have our new image, we can start a new container with the following command:

The option ‘–rm’ means that our kali container will be removed as soon as we exit it. This is beneficial as if we didn’t remove it automatically we could potentially have multiple containers building up on our system chewing up hard disk space and resources. I will often only omit the ‘–rm’ option when I am making system changes that I want to persist in my Kali Docker image (following the process described above).

From here I can spin up as many containers as I need to get my work done.

Connecting to ports

Using tools such as netcat and metasploit where I have listeners set up and waiting to catch a shell, I need to enable that port via my docker image. Therfore, if I know I am going to be using a port in my docker instance I need to enable it when I run docker. i.e.

This maps port 4444 in my docker instance to the port 4444 on my host machine. So, when I set up my reverse listener on a target I want to direct it to the IP address of my host machine, not the IP address of my docker instance.

Issues

Using Kali in Docker is far from perfect. I have not been able to get Kali’s GUI applications to run successfully after trying different X-server options such as XMing and Cygwin/X. This has not stopped me however, and for the majority of GUI tools that I use such as Wireshark, BurpSuit, OWASP ZAP, Dirbuster and Ettercap all have Windows versions that I can use.

Docker for Windows currently does not support USB passthrough, therefore I cannot connect my Alfa Wireless card or RTL-SDR to take advantage of the tools Kali has available for these devices. This means I either need to find Windows alternatives or boot into my Kali VM to use these devices.

Conclusion

I have become a huge fan of this set up with Docker. It is quick and seemless to open up a Kali command prompt and start hacking away. I have found it particularly useful whilst working my through the machines on Hack the Box. However when doing Vulnhub VM’s, I need to either put the VMs on my ESXI server at home or I need to use my Kali VM.

  • Docker Tutorial
  • Docker Useful Resources
  • Selected Reading
Linux In Docker

Docker takes care of the networking aspects so that the containers can communicate with other containers and also with the Docker Host. If you do an ifconfig on the Docker Host, you will see the Docker Ethernet adapter. This adapter is created when Docker is installed on the Docker Host.

This is a bridge between the Docker Host and the Linux Host. Now let’s look at some commands associated with networking in Docker.

Listing All Docker Networks

This command can be used to list all the networks associated with Docker on the host.

Syntax

Options

None

Docker

Return Value

The command will output all the networks on the Docker Host.

Example

Output

The output of the above command is shown below

Inspecting a Docker network

If you want to see more details on the network associated with Docker, you can use the Docker network inspect command.

Syntax

Options

  • networkname − This is the name of the network you need to inspect.

Install kali linux in docker

Return Value

The command will output all the details about the network.

Example

Output

The output of the above command is shown below −

Now let’s run a container and see what happens when we inspect the network again. Let’s spin up an Ubuntu container with the following command −

Now if we inspect our network name via the following command, you will now see that the container is attached to the bridge.

Install Kali Linux In Docker

Creating Your Own New Network

One can create a network in Docker before launching containers. This can be done with the following command −

Windows

Syntax

Linux In Docker

Options

  • drivername − This is the name used for the network driver.

  • name − This is the name given to the network.

Install Kali Linux In Docker

Return Value

The command will output the long ID for the new network.

Linux In Docker Container

Example

Output

Kali Linux In Docker Container

The output of the above command is shown below −

You can now attach the new network when launching the container. So let’s spin up an Ubuntu container with the following command −

Linux Docker In Windows 10

And now when you inspect the network via the following command, you will see the container attached to the network.