Booting and installing Kali Linux over the network () can be useful from a single laptop install with no CDROM or ports, to enterprise deployments supporting pre-seeding of the Kali Linux installation.
We will cover three different ways of using PXE. The first way will be how to manually set up PXE with dnsmasq. The second will be a partially-automated way using Docker. The final way will utilize netbootxyz, which hosts the PXE files and uses a separate DNS server to properly direct computers. Please utilize the Table of Contents to quickly navigate to the method you want to follow.
Manually setting up a PXE Server with dnsmasq
First, we need to install to provide the DHCP/TFTP server and then edit the dnsmasq.conf file:
In dnsmasq.conf, enable DHCP, TFTP and PXE booting and set the dhcp-range to match your environment (we are using 192.168.101.100-200). If needed you can also define your gateway and DNS servers with the dhcp-option directive as shown below:
With everything configured, you can now boot your target system and configure it to boot from the network. It should get an IP address from your PXE server and begin booting Kali Linux.
Post Installation
One last thing we need to do if we want to use this system in the future is set up a cron job to pull in the new Netboot images regularly in case of kernel updates. We will create a simple script for this purpose named pxe.sh:
#!/bin/sh
## We input our desired path for the PXE image to be saved to
tftp=/tftpboot
arch=amd64
## We remove the previous directory containing the PXE image and download the newest version
rm -rf $tftp/
mkdir -p $tftp/
wget https://http.kali.org/kali/dists/kali-rolling/main/installer-$arch/current/images/netboot/netboot.tar.gz -P $tftp/
tar -zxpf /tftpboot/netboot.tar.gz -C $tftp
rm -f $tftp/netboot.tar.gz
We save this script to /opt and are sure to set it’s permissions so you can only edit it with root or sudo. An example of this is to set the file to 770 or 700 with chmod, and set it to root:root with chown.
Using Docker and dnsmasq to automate setup of a PXE serverDocker file and dnsmasq.conf
The docker file we will use looks like the following:
FROM kalilinux/kali-rolling
ENV HOME /root
RUN apt update && apt install -y init
CMD ["/sbin/init"]
RUN apt install -y dnsmasq syslinux nginx iproute2 vim wget net-tools less
RUN rm /etc/dnsmasq.conf
COPY dnsmasq.conf /etc/dnsmasq.conf
RUN mkdir -p /tftpboot/
RUN wget https://http.kali.org/kali/dists/kali-rolling/main/installer-amd64/current/images/netboot/netboot.tar.gz -P /tftpboot/
RUN tar -zxpf /tftpboot/netboot.tar.gz -C /tftpboot
RUN rm -f /tftpboot/netboot.tar.gz
Before we can build this container we need to create the file dnsmasq.conf. We use the following options:
We run the following commands to create our Docker container. Please note --privileged=true and --network host is necessary for the port mapping to work properly:
Once booted and connected, we must run the following command:
:~$ sudo systemctl restart dnsmasq
We are now good to go!
Preseeding PXEPreseed file
We can use the following preseed file to automatically install our Kali instance. Be sure to change package selection, user information, region information, and hard drive to match what you are using. Alternatively, should you want to be prompted for any of those, just comment out the line:
Now that you’ve completed installing Kali Linux, it’s time to customize your system. The has more information and you can also find tips on how to get the most out of Kali Linux in our .
To install netbootxyz we will follow the . Using this method will allow us to set up a server and use our existing DHCP server to point to it, rather than creating a new DHCP server.
