Create a Kali Linux VM in Proxmox

In this module, we will look at the process of creating a Kali Linux VM using the command line in Proxmox
Create a Kali Linux VM in Proxmox
In: Proxmox, Attack, Home Lab
ℹ️
This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click here to be taken back to the project home page.

Previous Step

Adding a Comprehensive Wazuh SIEM and Network Intrusion Detection System (NIDS) to the Proxmox Lab
In this module, we will take a look at the process setting up a comprehensive Wazuh SIEM, including a NIDS and some HIDS agents, in our Proxmox home lab.





Building Kali in the Shell

The point of this exercise is to use a pre-built Kali Linux VM from Offensive Security and demonstrate to you how you can:

  • Download a packaged VM using the command line
  • Extract a .QCOW2 virtual disk file
  • Create a VM on the command line
  • Import and attach the .QCOW2 disk to the VM
  • Set the disk as the primary boot method

Go to https://www.kali.org/get-kali/#kali-virtual-machines. Under QEMU, right-click the download icon:

Right-click and choose "Copy link address"

Choose copy link address. Right-click on your Proxmox node and choose shell.

Run some commands to create a Kali VM and import the disk file and use OffSec’s prebuilt Kali VM images in Proxmox

# This is a comment. You do not need to type this in your shell.
# Install the unar package -- a universal archive decompression tool
apt clean && apt update
apt install -y unar

# Initialize a variable to hold the URL copied in step 1
# Ensure the URL you're copying points to the .7z file
url="https://cdimage.kali.org/kali-2022.4/kali-linux-2022.4-qemu-amd64.7z"

# Get the filename from the URL for use later in the process
filename=$(echo $url | rev | awk -v FS='/' '{print $1}' | rev)

# Change to the /tmp directory
cd /tmp

# Make a directory for easy cleanup and move into it
mkdir kali-download && cd kali-download

# Download the VM image (may take a while)
wget $url

# Extract the contents of the .7z file
# This is a big file, be patient
unar $filename

# Initialize a variable containing the name of the QCOW2 disk file
qcow2file=$(find $PWD -name '*.qcow2')

# Create a VM placeholder for Kali.
qm create 106 --memory 8192 --balloon 4096 --cores 2 --name Kali --description 'Kali Linux from prebuilt images' --net0 model=virtio,bridge=vmbr1 --ostype l26 --autostart 1 --startup order=10,up=30,down=30

# Attach the disk .QCOW2 disk to the Kali VM. Wait for command to finish
# local-lvm is the default VM disk storage in my setup, yours may be different
qm importdisk 106 $qcow2file local-lvm --format qcow2

# Attach the disk
qm set 106 --scsi0 local-lvm:vm-106-disk-0

# Set the disk as the primary boot
qm set 106 --boot=order=scsi0

# Clean up
cd /tmp
rm -rf ./kali-download

You should now be able to log into the Proxmox web console and start the VM.



Kali's Booted — Now What?

You'll quickly find that the default NoVNC console for viewing your VM's desktop is fine in a pinch, but is not the greatest user experience.

💡
The best solution for interacting with your VMs when you want something other than NoVNC is to install a Remote Desktop server application on your VM and connect to it with a client application.

Here is a list of the things I typically do once I provision a new Kali guest.

Kali Optimizations | 0xBEN | Notes

Of the items in the link above, I view these of the most importance:

  1. Change the default user account
  2. Install a remote desktop service



Install Remote Desktop Solutions

🚨
I recommend always taking a snapshot or backup of your VM before making major changes, so that you can roll back if anything goes awry

SPICE Protocol

Enable the SPICE Display Driver on Kali

SPICE - Proxmox VE
Because Kali is a Linux host, the necessary SPICE drivers are already present in the kernel, and is the case for most Linux hosts post-2011.

Running SPICE on Windows VMs requires some additional drivers, consult the documentation linked above.
Stop your Kali VM
Click Hardware
Double-click Display
Click OK



Install the SPICE Client

Linux Clients

  1. Use your operating system's package manager to install virt-viewer
  2. For example: sudo apt install -y virt-viewer
  3. virt-viewer will be the default file handler for the .vv files served by Proxmox

Windows Clients

  1. Navigate to: https://virt-manager.org/download
  2. Current release: https://releases.pagure.org/virt-viewer/virt-viewer-x64-11.0-1.0.msi (64-bit)
  3. This will install virt-viewer on Windows
  4. virt-viewer will be the default file handler for the .vv files served by Proxmox

Power on your Kali VM and Double-click your VM's name
This downloads a .vv file, which virt-viewer will open
My Kali VM running KDE Plasma
Right-click on the desktop and choose Configure Display Settings...
Change your resolution to a larger screen size if desired



NoMachine (NX Protocol)

NoMachine runs over TCP/IP. Therefore, you need to be able to route to your Kali VM's IP address.

Make sure you add the proper host and/or network firewall rules and routes to allow the traffic to flow from your computer to your Kali VM. See: https://benheater.com/proxmox-lab-pfsense-firewall/#optional-configuring-static-routes

Install NoMachine Service

I like to use the NoMachine server on my Linux (and Windows) guests, as it will run on a huge variety of operating systems. It works very well with clipboard support, drive mapping, dynamic screen resizing, and much more.

Download NoMachine Server for Linux
We'll be using the .deb file version for 64-bit Linux.
Right-click and choose 'Copy link address'
nomachnine_deb_url="https://download.nomachine.com/download/8.8/Linux/nomachine_8.8.1_1_amd64.deb"

cd /tmp
# The version you're downloading may be different
wget $nomachnine_deb_url
# Again, ensure you're specifying the correct file name
dpkg -i ./nomachine_8.8.1_1_amd64.deb
systemctl enable --now nxserver

The NoMachine daemon should now be listening on tcp/4000





Install the NoMachine Enterprise Client

I'll be using the NoMachine Enterprise Client for Windows installer. Download the correct package for your operating system and complete the installation.

Enterprise Client in the Start Menu
Click the Add button
Click the Add button in the top-right
Double-click your connection profile
Fill in your login details
My Kali VM running KDE Plasma



Making Some Tweaks to NoMachine

I keep a list of some of the configuration changes to my NoMachine environment here. You don't have to follow these recommendations, but they may improve your quality of life with NoMachine

NoMachine Customizations | 0xBEN | Notes
Auto-Login On Kali side, go to Startup & Shutdown > Login Screen (SDDM) and click Behavior . Set th…
ℹ️
As I note in the article above, NoMachine isn't perfect and is going to require some fine-tuning. But in my experience, the drive mapping, clipboard support, and dynamic screen resizing all outperform what you'd get in standard RDP clients.



Next Step

Create an OWASP Juice Shop Container in Proxmox
In this module, we will look at creating a container in our Proxmox home lab to run OWASP Juice Shop to practice our web app pentest skills
More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.