Knowledgebase
  • Welcome!
  • Threats
    • Software
      • Malware
      • Ransomware
      • Macros
    • Hardware
      • Flipper Zero
        • Firmware
          • 🐬flipperzero
            • Getting Started
          • 🐬flipper-xtreme
            • Wiki
              • Key Combos
              • Generic Guides
              • iButton key file format
              • SubGhz
              • How to add new SubGHz frequencies
              • Sub-GHz Remote
              • LF RFID key file format
              • NFC Flipper File Formats
              • Infrared Flipper File Formats
              • BadKB
              • Asset Packs
              • Unit tests
              • OTA Updates
              • How To Build
              • Hardware Targets
              • Flipper Build Tool
              • FAP (Flipper Application Package)
              • Flipper Application Manifests (.fam)
          • 🐬roguemaster
          • 🐬unleashed
    • Human
      • Advanced Persistent Threats (APTs)
      • Social engineering
      • Phishing
      • Typosquatting
    • Disinformation
      • Black Propaganda
      • White Propaganda
      • Grey Propaganda
      • Info Warfare
      • Political Warfare
      • Astroturfing
      • Greenwashing
      • Bluewashing
      • Whisper Campaigns
      • Push Polling
      • "Joe Jobs"
      • False Flags
      • Deep Fakes
  • About
    • Ports
      • 20
      • 21
      • 22
      • 23
      • 25
      • 587
      • 2323
      • 53
      • 80
      • 194
  • Tools
    • Radio Frequency & SubGHZ
      • gnuradio
      • hackrf
    • Digital Forensics
      • afflib
    • Reverse Engineering
      • binwalk
      • radare2
    • Hardware & Virtualization
      • qemu
      • freerdp2
      • util-linux
      • lvm2
    • VPN Providers
      • ProtonVPN
      • NordVPN
      • ExpressVPN
      • Surfshark
      • CyberGhost
      • Private Internet Access
    • Database, Cloud, & Firewalls
      • sqlmap
      • cewl
      • gobuster
      • fwbuilder
      • clamav
    • Enumeration & Lists
      • crunch
      • aflplusplus
      • ffuf
      • maltego
        • maltego-teeth
      • getallurls
    • Penetration Testing
      • beef-xss
      • wifite
      • burpsuite
      • metasploit-framework
    • Passwords & Auth
      • john
      • hashcat
      • hydra
      • cryptsetup
    • Surface Intelligence
      • theharvester
      • subfinder
      • dsniff
      • dnsrecon
      • dirb
      • nikto
      • legion
      • spiderfoot
    • Networks & Wireless
      • nmap
      • impacket-scripts
      • tcpdump
      • traceroute
      • wireshark
      • responder
      • aircrack-ng
      • netcat
      • kismet
      • ubertooth
      • routersploit
      • apache2
      • ettercap
      • bettercap
      • bettercap-ui
      • freeradius
      • bind9
      • samba
      • net-snmp
      • tcpreplay
    • Social Media
      • sherlock
    • Miscellaneous
      • git
      • libnfc
      • llvm-defaults
  • Operating Systems
    • Ubuntu
      • Installation
        • Switching
          • From Windows
          • From macOS
          • From a different Linux
        • Applications
        • Ubuntu PreInstalled
    • Linux Mint
      • Installation Guide
        • Verify your ISO image
        • Choose the right edition
        • Boot Linux Mint
        • Create the bootable media
        • Install Linux Mint
        • Hardware drivers
        • Language support
        • EFI
        • Multimedia codecs
        • System snapshots
        • Pre-installing Linux Mint (OEM Installation)
        • Where to find help
        • Boot options
        • Partitioning
        • Multi-boot
      • User Guide
        • Grub Boot Menu
        • Snap Store
        • Chromium
        • Bluetooth
        • Windows ISOs and multiboot USB
        • How to upgrade to Linux Mint 20
        • Edge ISO Images
        • Lost Password
        • Upgrades
        • Printers and Scanners
        • How to upgrade to Linux Mint 21
      • Troubleshooting Guide
        • Expectation
        • Responsibility
        • Change
        • Reproducibility
        • Observation
        • Environment
        • What
        • When
        • Why
        • Errors
        • Where
        • How
      • Translation Guide
        • Using Launchpad
        • Verify your translations
        • Localization
      • Developer Guide
        • Getting Started
          • Setup
          • Technology
        • Mint Tools
        • Cinnamon
        • XApps
        • Development
          • Daily Builds
          • Coding Guidelines
          • Optimizing JS with Cinnamon
          • Building
    • Kali Linux
      • Installation
        • Installing Kali Linux
        • Bare-bones Kali
        • Installing Kali on Mac Hardware
        • Dual Booting Kali with Linux
        • Making a Kali Bootable USB Drive
        • Dual Booting Kali with macOS/OS X
        • Dual Booting Kali with Windows
        • BTRFS Install (Kali Unkaputtbar)
        • Deploying Kali over Network PXE/iPXE Install
      • Virtualization
        • Running Kali Linux as a Virtual Machine in Windows
        • Installing VMware on Apple Silicon (M1/M2) Macs (Host)
        • Customizing a Kali Vagrant Vagrantfile
        • Kali inside Proxmox (Guest VM)
        • Installing VMware on Kali (Host)
        • Installing VirtualBox on Kali (Host)
        • Import Pre-Made Kali VMware VM
        • Kali inside Parallels (Guest VM)
        • Kali inside Vagrant (Guest VM)
        • Kali inside VMware (Guest VM)
        • Kali inside VirtualBox (Guest VM)
        • Import Pre-Made Kali VirtualBox VM
        • Kali inside Hyper-V (Guest VM)
        • Kali inside UTM (Guest VM)
        • Kali inside QEMU/LibVirt with virt-manager (Guest VM)
        • Improving Virtual Machine Performance for VMware
        • Installing VMware Tools (Guest Tools)
        • Installing VirtualBox Guest Addition (Guest Tools)
        • Installing Hyper-V Enhanced Session Mode (Guest Tools)
        • Converting VMX to an OVA
      • USB
        • Making a Kali Bootable USB Drive (Linux)
        • Making a Kali Bootable USB Drive (macOS/OS X)
        • Updating Kali Linux on USB
        • Making a Kali Bootable USB Drive on Windows
        • Standalone Kali Linux 2021.4 Installation on a USB Drive, Fully Encrypted
        • Adding Persistence to a Kali Linux Live USB Drive
        • Adding Encrypted Persistence to a Kali Linux Live USB Drive
        • USB Boot in VirtualBox
        • USB Boot in VMware
      • Kali On ARM
        • BeagleBone Black
        • Acer Tegra Chromebook 13" (Nyan)
        • ASUS Chromebook Flip (Veyron)
        • Banana Pro
        • Banana Pi
        • CubieBoard2
        • CuBox-i4Pro
        • CubieTruck (CubieBoard3)
        • Gateworks Newport
        • CuBox
        • Gateworks Ventana
        • NanoPi NEO Plus2
        • NanoPi2
        • Mini-X
        • NanoPC-T3
        • ODROID-C0/C1/C1+
        • ODROID-XU3
        • ODROID-U2/U3
        • ODROID-C2
        • Pinebook
      • Containers
        • Kali Linux LXC/LXD Images
        • Official Kali Linux Docker Images
        • Installing Docker on Kali Linux
        • Using Kali Linux Docker Images
        • Using Kali Linux Podman Images
      • WSL
        • Win-KeX SL
        • Win-KeX ESM
        • Preparing a system for WSL
        • Win-KeX
        • Win-KeX Win
      • Cloud
        • Digital Ocean
        • AWS
        • Azure
        • Linode
      • Kali NetHunter
        • Installing NetHunter On the OnePlus 7
        • Installing NetHunter On the Gemini PDA
        • Installing NetHunter
        • Installing NetHunter On the TicWatch Pro 3
        • Installing NetHunter On the TicWatch Pro
        • NetHunter Application - Terminal
        • NetHunter BadUSB Attack
        • NetHunter Bluetooth-Arsenal
        • NetHunter Chroot Manager
        • NetHunter Components
        • NetHunter Custom Commands
        • NetHunter Home Screen
        • NetHunter DuckHunter Attacks
        • NetHunter HID Keyboard Attacks
        • NetHunter Exploit Database SearchSploit
        • NetHunter Kali Services
        • NetHunter MAC Changer
        • NetHunter MANA Evil Access Point
        • NetHunter Man In The Middle Framework
        • NetHunter KeX Manager
      • Tools
        • Installing Tor Browser on Kali Linux
        • Kali Tools
        • Installing snapd on Kali Linux
        • Metasploit Framework
        • Installing Flatpak on Kali Linux
        • Submitting tools to Kali
        • Removed Tools From Kali
      • Troubleshooting
        • Discovering Problems With Download Speed
        • Common Cloud Based Setup Information
        • The Basics of Troubleshooting
        • Troubleshooting Installations Failures
        • Troubleshooting Wireless Drivers
        • Minimum Install Setup Information
      • Kali Development
        • Contributing run-time tests with autopkgtest
        • Custom CuBox Image
        • Custom Beaglebone Black Image
        • Custom EfikaMX Image
        • Custom Chromebook Image
        • Custom MK/SS808 Image
        • Custom Raspberry Pi Image
        • Custom ODROID X2 U2 Image
        • Setting up a system for packaging
        • Intermediate packaging step-by-step example
        • Introduction to packaging step-by-step example
        • Getting the best out of the Kali Bot
        • Advanced Packaging Step-By-Step Example (FinalRecon & Python-icmplib)
        • Generate an Updated Kali ISO
        • Creating A Custom Kali ISO
        • Building Custom Kali ISOs
        • Rebuilding a Source Package
        • Recompiling the Kali Linux Kernel
        • ARM Build Scripts
        • Preparing a Kali Linux ARM chroot
    • Arch Linux
      • Installation Guide
      • Frequently Asked Questions
      • General Recommendations
      • Applications
        • Office & Docs
        • Internet
        • Multimedia
        • Science
        • Security
        • Utilities
        • Others
      • Arch compared to other distributions
    • NetBSD
      • Calls and Errors
      • Libraries
      • Lua Modules
      • Devices and Drivers
  • Law, Policy, and Ethics
    • Fair Use
    • DMCA
      • 🗄️Notable Cases
        • MGM Studios Inc. v. Grokster, Ltd.
        • Viacom International, Inc v YouTube, Inc
        • Capitol Records, Inc. v. Thomas-Rasset
        • Perfect 10, Inc. v. Amazon.com
        • Recording Industry Association of America (RIAA) v. Diamond Multimedia Systems, Inc.
        • A&M Records, Inc. v. Napster, Inc.
        • BMG Music v. Gonzalez
        • Sony Computer Entertainment America (SCEA) v. Connectix Corp.
        • Columbia Pictures Industries, Inc. v. Fung
        • Warner Bros. Entertainment Inc. v. RDR Books
        • BMG Music v. John Doe
        • Universal Music Group v. Veoh Networks, Inc.
        • Universal Music Group v. MySpace, Inc.
        • UMG Recordings, Inc. v. MP3.com, Inc.
        • Cartoon Network LP v. CSC Holdings, Inc.
        • Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd.
        • Viacom International Inc. v. Google Inc.
        • Tiffany (NJ) Inc. v. eBay Inc.
        • Perfect 10, Inc. v. Visa International Service Association
        • Universal City Studios Productions LLLP v. Reimerdes
        • Recording Industry Association of America (RIAA) v. Lime Group LLC
        • Sony BMG Music Entertainment v. Tenenbaum
        • Viacom International Inc. v. Time Warner Cable Inc.
        • UMG Recordings, Inc. v. Shelter Capital Partners LLC
        • Sony Computer Entertainment America Inc. v. Bleem LLC
        • Universal City Studios, Inc. v. Corley
        • Ticketmaster Corp. v. Tickets.com, Inc.
        • Authors Guild, Inc. v. Google, Inc.
        • Perfect 10, Inc. v. Cybernet Ventures, Inc.
        • Tiffany (NJ) Inc. v. Ningbo Beyond Home Textile Co., Ltd.
        • Google Inc. v. American Blind & Wallpaper Factory, Inc.
        • Columbia Pictures Industries, Inc. v. Redd Horne, Inc.
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Operating Systems
  2. Kali Linux
  3. Containers

Kali Linux LXC/LXD Images

PreviousContainersNextOfficial Kali Linux Docker Images

Last updated 2 years ago

Was this helpful?

Content:

  • Overview

  • Command line Kali LXD container on Ubuntu host

  • Gui Kali LXD container on Ubuntu host

  • Privileged Kali LXC container on Kali host

  • Unprivileged Kali LXC container on Kali host

  • References


Overview

Kali Linux containers are the ideal solution to

  • run Kali Linux within other Linux distributions

  • provide isolated environments for development or testing activities

without the overhead of virtual machines. Docker is the preferred solution for applications whilst LXC/LXD are preferred for entire systems.

Linux containers provide features like snapshots and freezing which comes in very handy when developing or testing software.

Kali images are available on the and can easily be launched either in LXD using the “images:” image server or in LXC using the “lxc-download” template.

LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.

LXD is a next generation system container manager. It offers a user experience similar to virtual machines but using Linux containers instead. It’s image based with pre-made images available for a wide number of Linux distributions and is built around a very powerful, yet pretty simple, REST API.

LXD vs LXC:

LXD is the more convenient of the two but is only available in Ubuntu or other distributions (such as Kali) as snap package.

LXC is available in more distributions and preferred in Kali as it is supported natively and does not required snapd to be running.


Command line Kali LXD container on Ubuntu host

Installing a Kali Linux container in Ubuntu only requires a few steps:

  1. Install LXD

  2. Launch a Kali container

  3. Install additional packages inside the container

  4. Create non-root user

  5. Login


1 - Install lxd via snap and perform initial setup:

:~$ sudo snap install lxd
:~$ lxd init

2 - Launch your first Kali Linux container with

:~$ lxc launch images:kali/current/amd64 my-kali

3 - Install additional packages inside the container via

:~$ xc exec my-kali -- apt update
:~$ xc exec my-kali -- apt install -y kali-linux-default kali-desktop-xfce

4 - Create non-root user - “kali” in this example:

:~$ lxc exec my-kali -- adduser kali
:~$ lxc exec my-kali -- usermod -aG sudo kali
:~$ lxc exec my-kali -- sed -i '1 i\TERM=xterm-256color' /home/kali/.bashrc
:~$ lxc exec my-kali -- sh -c "echo 'Set disable_coredump false' > /etc/sudo.conf"

5 - Login to the new container as user “kali” via

:~$ lxc console my-kali

Voila!

Container management:

  • Start: lxc start my-kali

  • Stop: lxc stop my-kali

  • Remove: lxc destroy my-kali


GUI Kali LXD container on Ubuntu host

Installing a Kali container to run GUI applications is similar to the previous example with a few additional steps:

  1. Install LXD

  2. Create GUI profile and launch a Kali GUI container

  3. Install additional packages inside the container

  4. Create non-root user

  5. Start Kali Xfce panel

  6. Customise Kali Xfce panel


1 - Install lxd via snap and perform initial setup (if not already done):

:~$ sudo snap install lxd
:~$ lxd init

2 - Launch your first Kali Linux container with

:~$ wget https://blog.simos.info/wp-content/uploads/2018/06/lxdguiprofile.txt
:~$ lxc profile create gui
:~$ cat lxdguiprofile.txt | lxc profile edit gui
:~$ lxc profile list
:~$ lxc launch --profile default --profile gui images:kali/current/amd64    gui-kali

3 - Install additional packages inside the container via

:~$ lxc exec gui-kali -- apt update
:~$ lxc exec gui-kali -- apt install -y kali-linux-default
:~$ lxc exec gui-kali -- apt install -y kali-desktop-xfce

4 - Create non-root user - “kali” in this example:

:~$ lxc exec gui-kali -- adduser kali
:~$ lxc exec gui-kali -- usermod -aG sudo kali
:~$ lxc exec gui-kali -- sed -i '1 i\TERM=xterm-256color' /home/kali/.bashrc
:~$ lxc exec gui-kali -- echo "export DISPLAY=:0" >> /home/kali/.bashrc
:~$ lxc exec gui-kali -- sh -c "echo 'Set disable_coredump false' > /etc/sudo.conf"

5 - Start Kali Xfce panel via

:~$ lxc exec gui-kali -- sudo -u kali xfce4-panel

Customise the panel as desired.

Container management:

  • Start: lxc start gui-kali

  • Stop: lxc stop gui-kali

  • Remove: lxc destroy gui-kali


Privileged Kali LXC container on Kali host

Privileged containers are containers created by root and running as root. They are quicker to setup than unprivileged containers but are inherently unsafe. Installing a privileged Kali Linux container on a Kali host only requires to:

  1. Install and setup lxc

  2. Download the kali image from the image server

  3. Start the container

  4. Attach to the container


1 - Install lxc and setup the network:

:~$ sudo apt install -y lxc libvirt0 libpam-cgfs bridge-utils libvirt-clients libvirt-daemon-system iptables ebtables dnsmasq-base
:~$
:~$ sudo cat <<EOF > /etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = virbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
EOF
:~$
:~$ sudo virsh net-start default
:~$ sudo virsh net-autostart default

2 - Download the Kali Linux image from the image server via

:~$ lxc-create -t download -n my-kali

This will list all available images.

When prompted, enter:

  • Distribution: kali

  • Release: current

  • Architecture: amd64 (or other as applicable)

3 - Start the container with

:~$ sudo lxc-start -n my-kali -d

4 - Attach to the container via

:~$ sudo lxc-attach -n my-kali

There you have it. Next you should set a root password and install the “kali-linux-default” metapackage.

Container management:

  • Start: sudo lxc-start -n my-kali -d

  • Stop: sudo lxc-stop -n my-kali

  • List: sudo lxc-ls -f

  • Info: sudo lxc-info -n my-kali

  • Remove: sudo lxc-destroy -n my-kali


Unprivileged Kali LXC container on Kali host

Unprivileged containers run in a user context and are considered safer and are preferred over using privileged container. The setup it slightly more involved:

  1. Install and setup lxc

  2. Setup LXC for unprivileged containers

  3. Download the kali image from the image server

  4. Start the container

  5. Install some additional packages

  6. Create non-root user

  7. Login


1 - Install lxc (if required):

:~$ sudo apt install -y lxc libvirt0 libpam-cgfs bridge-utils libvirt-clients libvirt-daemon-system iptables ebtables dnsmasq-base

2 - Setup LXC for unprivileged containers

:~$ echo "$USER veth virbr0 10" | sudo tee -i /etc/lxc/lxc-usernet
:~$ sudo sh -c 'echo "kernel.unprivileged_userns_clone=1" > /etc/sysctl.d/80-lxc-userns.conf'
:~$ sudo sysctl kernel.unprivileged_userns_clone=1
:~$ sudo chmod u+s /usr/libexec/lxc/lxc-user-nic
:~$
:~$ mkdir -p ~/.config/lxc
:~$ cp /etc/lxc/default.conf ~/.config/lxc/default.conf
:~$ sed -i 's/lxc.apparmor.profile = generated/lxc.apparmor.profile = unconfined/g' ~/.config/lxc/default.conf

Next we have to add two lines into ~/.config/lxc/default.conf whose subuid & subguid match those listed in /etc/subuid and /etc/subgid. First let’s get the id’s via cat /etc/s*i d grep $USER The result should look like this:

kali:100000:65536
kali:100000:65536

Substitute the ID’s in the following commands with the ones in the previous output:

:~$ echo lxc.idmap = u 0 100000 65536 >> ~/.config/lxc/default.conf
:~$ echo lxc.idmap = g 0 100000 65536 >> ~/.config/lxc/default.conf

3 - Download the Kali Linux image from the image server via

:~$ lxc-create -t download -n my-kali

This will list all available images.

When prompted, enter:

  • Distribution: kali

  • Release: current

  • Architecture: amd64 (or other as applicable)

4 - Start the container with

:~$ lxc-start -n my-kali -d

But before we login, we perform some post-installation setup tasks

5 - Install default packages:

:~$ lxc-attach -n my-kali apt update
:~$ lxc-attach -n my-kali apt install -y kali-linux-default

6 - Create a non-root user:

:~$ lxc-attach -n my-kali --clear-env adduser <username>
:~$ lxc-attach -n my-kali --clear-env adduser <username> sudo

7 - Login as non-root user via

:~$ lxc-console

And perform the following on initial login to get some colors in the console:

:~$ sed -i '1 i\TERM=xterm-256color' ~/.bashrc
:~$ . ~/.bashrc

Container management:

  • Start: sudo lxc-start -n my-kali -d

  • Stop: sudo lxc-stop -n my-kali

  • List: sudo lxc-ls -f

  • Info: sudo lxc-info -n my-kali

  • Remove: sudo lxc-destroy -n my-kali


References:

image server for LXC and LXD
Linux Containers
How to run GUI apps in LXD containers on your Ubuntu desktop