Proxmox: HTB Parrot OS in a Linux Container

In this post, I walk you through the process of using the Parrot OS alternate install script to run HackTheBox's version of Parrot OS in a Proxmox Linux Container (LXC)
Proxmox: HTB Parrot OS in a Linux Container
In: Proxmox, Home Lab, Linux, HackTheBox, Attack, CTF

Potential Pitfalls

In another post, I went over the process of installing Kali Linux in a Proxmox Linux Container. I also discussed some of the potential pitfalls to doing so.

🛑
Please do take a moment review the information linked below, especially with regard to limitations and security mitigations surrounding unprivileged Linux Containers.

Rather than re-write everything here, I'll just refer you to that section of the write-up, because frankly, running Parrot OS in a LXC comes with the same challenges.



Creating the Container

Download the Latest Debian Image

  1. Click on your Proxmox node
  2. Open a shell and run pveam update
  3. Click on your local storage (or whichever storage pool is allocated to store CT templates)
At the time of this writing, this was the latest



Build the Container

  1. Right-Click the Proxmox node where you want to create the LXC
  2. Click Create CT
⚠️
The network configurations are specific to my environment, adjust to your network accordingly.



Install Parrot OS

Update the Base Debian Installation

  1. Start and log into your new container
  2. Run these commands in the terminal
apt clean && apt update && apt upgrade -y
apt install -y gnupg sudo git curl wget



Clone and run the Install Script

cd /tmp
git clone https://gitlab.com/parrotsec/project/installer-script
cd installer-script
chmod u+x installer.sh

Install Parrot OS Core

./installer.sh

Choose 1) Install Core Edition.

ℹ️
During the installation you may be asked a series of Y or N prompts. Just use the default selections.



Install HTB Edition

Once the Core installation finishes, you'll be re-routed to the installation prompt. Choose 4) Install Hack The Box Edition (or whichever flavor you prefer).

ℹ️
If you happen to see any kind of red error output on the first run of choosing option 4, just rerun the installer script again.
./installer.sh

Then, choose option 4 again and it should work this time.

ℹ️
This is going to install many large packages, so be patient while the installation completes. You may also see some error output regarding permissions issues to modify certain files, which is a result of running Parrot OS as an unprivileged container.
✅
Reboot your Linux Container once the installation completes.



Install Remote Desktop Server

ℹ️
The default desktop environment shipped with Parrot OS is MATE. If you would prefer to change that to something else, please refer to the official documentation linked below.
Desktop Enviroments | ParrotOS Documentation
From version 5.0 LTS, ParrotOS is available with the default MATE Desktop Environment (DE) for all editions (Home, Security). However, other desktop environments like XFCE, KDE, etc... can be installed. Each DE has its peculiarity, but we recommend trying them out before deciding what to install (keep in mind that you can install multiple DEs on one OS).

Take a Snapshot

Before making significant changes to the operating system, I like to take a snapshot of my guests, so that I can roll back to the last known good state just before those changes.

  1. Click on your Proxmox node running Parrot OS
  2. Click on your Parrot OS container
  3. Click Snapshots
  4. Click Take Snapshot
  5. Name it something like pre_rdp_install and save the snapshot



Install XRDP Server

apt install -y xorg xrdp

Install the core services

cat <<EOF | sudo tee /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF

Add PolKit policy to allow controlling any color devices

systemctl enable --now xrdp

Enable and start the XRDP server

⚠️
Make sure you add the proper host and/or network firewall rules to allow the traffic to flow from your computer to your Parrot LXC.



Test RDP Connectivity

Choose 'Yes'
ℹ️
In my testing, it takes about 30 seconds for the desktop background to display after logging in. I haven't done any investigation as to why.



Set Your Time Zone

timedatectl set-timezone <tab_key>

Press the TAB key with this command for a list of timezones

⚠️
Little Snitch — a host-based NIPS tool — may block ntpd from making the necessary UDP connections to the NTP server configured on your host. If that's the case, open Little Snitch, delete the block rule, and try running the command again.



Issue Workarounds

Again, referring you to my write-up on running Kali Linux in a LXC, I've already written about an issue experienced when trying to run the openvpn client to VPN servers (e.g. HackTheBox and TryHackMe).

Because Parrot OS is running as an unprivileged container, the container does not have permissions to create necessary device files on the Proxmox node. You will need to make some adjustments to the Linux Container's configuration to allow it to do so.

Proxmox: Kali in a Linux Container (LXC)
In this post, I demonstrate the process of importing, installing, and configuring a Kali LXC image in Proxmox. I also discuss some of the potential challenges that may present.



Conclusion

As mentioned in my write-up on running Kali in a Linux Container, if you experience stability issues, or find yourself inconvenienced by the multiple workarounds required to get Parrot OS running in an unprivileged Linux Container, I advise you to scrap the install and just run it in a VM.

proxmox parrot os - Google Search
More from 0xBEN
Proxmox: GNS3 Lab 2
Proxmox

Proxmox: GNS3 Lab 2

This is the second post in a computer networking mini-series following the University of the Pacific COMP 177 labs, using GNS3 hosted on my Proxmox server.
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.