Running Metasploit on Kali Linux Docker (AWS EC2 Instance)

Docker + AWS

Installing Docker

Once you managed to SSH PuTTy into the EC2 instance with the given private key (.ppk), you should see something like this:

__|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/
[ec2-user]$

You are now in control of a fully working Linux server running in the AWS cloud. Let’s install Docker on it.

[ec2-user]$ sudo yum update -y
[ec2-user]$ sudo yum install -y docker
[ec2-user]$ sudo service docker start
For Ubuntu 14.04
[ubuntu] sudo apt-get -y install docker.io

Next, add the ec2-user to the docker group so you can execute Docker commands without using sudo. Note: You’ll have to log out and log back in for the settings to take effect:

[ec2-user]$ sudo usermod -a -G docker ec2-user
[ec2-user]$ exit
For Ubuntu 14.04
[ubuntu] sudo usermod -a -G docker ubuntu

If you did everything correctly, the last command, docker info, will return lots of information about your Docker install without any errors.

[ec2-user]$ docker info
Containers: 0
Images: 0
Server Version: 1.9.1
Storage Driver: devicemapper
 Pool Name: docker-202:1-263779-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 107.4 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 53.74 MB
 Data Space Total: 107.4 GB
 Data Space Available: 7.04 GB
 Metadata Space Used: 606.2 kB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.147 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.93-RHEL7 (2015-01-28)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.4.5-15.26.amzn1.x86_64
Operating System: Amazon Linux AMI 2016.03
CPUs: 1
Total Memory: 995.5 MiB

Next we can run commands to display the containers and images that we have. For now let’s focus on images by running the following command.

[ec2-user]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

This returns us nothing at the moment, once we have images it will list them.

Kali Linux on Docker

Next, we will be pulling the official Kali Linux Docker image. More info — https://hub.docker.com/r/kalilinux/kali-linux-docker/

The following command will pull the image of “Kali Linux” to a “Docker” container:

[ec2-user]$ docker pull kalilinux/kali-linux-docker
Using default tag: latest
latest: Pulling from kalilinux/kali-linux-docker
70db9b668cb6: Downloading 3.717 MB/147.8 MB
a81d9fac6fb3: Download complete
5b01bfbc9252: Download complete
df6421a22da8: Download complete
012088302aa6: Downloading 6.603 MB/24.02 MB
bd568109a0cc: Download complete

Once completed we can then run the image which will load the image into its container and then returns me a command prompt for the “Kali Linux” instance.

[ec2-user]$ docker run -t -i kalilinux/kali-linux-docker /bin/bash

Now that we are in the Kali Linux instance (notice the prompt has changed), we will proceed to do an apt-get update/upgrade.

root@944d5319b119:/#
root@944d5319b119:/# apt-get update && apt-get upgrade

Installing Metasploit on Kali Linux Docker

Due to the image being trimmed down, in order to install Metasploit you will need to apt-get it. This can be done using a standard “apt-get” command. Metasploit was removed from Kali (it’s in the Kali 2.0 release notes), they now support only metasploit-framework out of the box.

root@944d5319b119:/# apt-get install metasploit-framework

Once it has completed you are able to then run Metasploit using the standard command and voila!

root@944d5319b119:/# msfconsole -L

Now if we exit out of the “Kali Linux Image” we can now run “docker ps –a” and we now should our image and the associated container. To resume, run “docker attach <container name>”.

[ec2-user]$ docker ps -a
CONTAINER ID        IMAGE                         COMMAND             CREATED             STATUS                                              PORTS               NAMES
944d5319b119        kalilinux/kali-linux-docker   "/bin/bash"         21 minutes ago      Exited (127) 5 seconds                        ago                       cocky_kirchs

To save the current state of a container as an image, you can issue the commit command. When you commit your container, Docker Engine only stores the diff (difference) between the source image and the current state of the container’s image. To list images you already have, run “docker images”

[ec2-user]$ docker commit 944d5319b119 msf
[ec2-user]$ docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
msf                           latest              a176edaf18ea        About a minute ago   1.883 GB
kalilinux/kali-linux-docker   latest              bd568109a0cc        5 weeks ago          386.5 MB
[ec2-user]$ docker run -t -p 5555:5555 -i msf /bin/bash

The -p 5555:5555 flag in the command above tells Docker to link port 5555 on the Docker container to port 5555 on the EC Instance.

For more Cybersecurity resources, check out my humble page — https://ceeso.co