Tech How-To: Building A Hacker Toolbox

Written By Steve Sharer

A lot of the security assessment work we do is on infrastructure and services that live in the cloud, but we still have plenty of customers with extensive in-office infrastructure. For these customers, we deploy what we call the “RipRap Ripple”, a custom-built hacker toolbox (sometimes referred to as a “dropbox”) that helps us assess vulnerabilities of in-office devices and conduct penetration testing.

We’ve put a lot of thought and testing into our hacker toolbox platform to ensure that it is both highly available and has all the tools we need to keep our customers safe. The team of ethical hackers that builds and maintains the Ripple fleet wrote up this blog post to share our approach with the broader cyber security community. Our hope is that this write up can help other cyber security professionals implement a similar solution in their own environment if it is needed.

Please keep in mind that this how-to guide is more technical than most of our content. We’d also advise that you should always obtain permission from any organization you plan to deploy a similar device to.

How do I get started?

1. Use a NUC or Other Small Form Factor Computer

  • Start with a NUC or a similar small form factor computer that fits your needs.  Formerly made by Intel, Asus now produces and supports the NUC series, but nearly any mini-PC from a reputable brand will do.  Try to ensure there’s an ample amount of RAM (no less than 16GB, ideally 32GB), as we’re going to be virtualizing a number of operating systems.

  • These are often sold as “bare-bones” systems, and may require you to install your own solid-state drive and RAM.  Don’t worry, it makes for a fun project!


An example Intel NUC mini-PC. A great way to get started.

2. Install Proxmox Virtual Environment

  • Proxmox is a handy virtualization platform similar to VMWare’s ESXi but based on open-source technologies. We strongly encourage using their paid support model to help support their development work - they are an amazing group of experts developing an incredibly useful tool.

  • Download the Proxmox ISO and “burn” it to a USB drive using Balena Etcher or a similar tool.  

  • Insert the USB drive into your mini-PC, and power everything up.  You’ll need to be connected to a display and keyboard for these steps.

  • Follow the instructions provided by your mini PC’s manufacturer to choose a boot device, and follow the instructions to install Proxmox on the host.



An example Proxmox screenshot

3. Run Post-Install Script

  • Use scripts from tteck’s Proxmox Helper Scripts to streamline your setup.  We strongly recommend the Proxmox VE Post-Install script to take care of some fairly mundane tasks for you - like enabling or disabling various package repositories, adding or correcting package sources, enabling/disabling test or beta repos, running updates, and more.

4. Set Up LXC with Ubuntu Image

  • Create an LXC container using an Ubuntu image to serve as your remote access solution.  There is a script available here to automate this for you.

5. Proxmox Script to Install Tailscale on LXC

  • Use yet another Proxmox Helper Script to install the Tailscale remote networking solution on the LXC container, and follow the provided instructions to join it to your Tailnet. 

  • Tailscale is a secure and simple VPN solution, based on Wireguard technology.

6. Use SOCKS Proxy to connect

  • A SOCKS (Socket Secure) proxy is an internet protocol that facilitates the routing of network packets between a client and server through a proxy server. It can handle nearly any type of traffic generated by any protocol or program. In this context, a SOCKS proxy can help you tunnel your network traffic through an SSH connection, allowing you to securely access resources on a remote network.

  • Utilize a SOCKS proxy through the LXC container to access local resources on the LAN.

  • Here’s how you can set up the SOCKS proxy:

Ensure your LXC container has an SSH server running. Install and start OpenSSH server:

sudo apt update

sudo apt install openssh-server

sudo systemctl enable ssh

sudo systemctl start ssh

On your local machine, set up the SOCKS proxy by connecting:

ssh -D 1855 user@<LXC-container-IP-or-Tailscale-name>

Configure your applications (e.g., web browsers) to use the SOCKS proxy by setting the proxy host to localhost (127.0.0.1) and port 1855.

7. Install Kali Linux

  • Obtain the latest Kali Linux installer ISO, and upload it to your Proxmox host via the Web UI (at https://<your-proxmox-host’s-IP-address>:8006). (Datacenter -> your-node -> local -> ISO Images -> Upload).

  • Create a new virtual machine using the Proxmox Web UI (Datacenter -> your-node -> Create VM), and follow the wizard to connect the .ISO file you uploaded as a virtual CD-ROM drive.

  • Install Kali Linux on the VM, log in (default username kali, default password kali - change these ASAP!) and update the system:

    • sudo apt update

    • sudo apt upgrade

  • Install Tailscale on this host as well for an additional backup measure in the event the LXC would fail for some reason.

    • curl -fsSL https://tailscale.com/install.sh

8. Configure Automatic Start

  • Ensure both the LXC container and Kali Linux start automatically on boot.  You want to be sure that in the event the dropbox gets rebooted that your means of remote access come back up as well!

  • In the Proxmox web interface, navigate to your LXC container and VM settings.

  • Enable automatic start for both:

LXC: Options -> Start at boot -> Yes.

VM: Options -> Start at boot -> Yes.

9. Secure Your Setup

  • Generate SSH keys on your local machine:

    • ssh-keygen -t rsa

  • Provision SSH public keys to the VM and LXC container.

    • ssh-copy-id user@<LXC-container-IP>

    • ssh-copy-id kali@<Kali-VM-IP>

  • Disable password login and ensure strong user passwords are set on the VMs:

    • From the VMs:

      • sudo nano /etc/ssh/sshd_config 

      • Set line :

        • PasswordAuthentication no 

      • sudo systemctl restart ssh

10. Install Vulnerability Scanning Tools

  • Install OpenVAS or Nessus to support vulnerability scanning. These are available as Docker containers for ease of use if that’s preferred.

Test it out!

1. Network Connectivity

  • Connect the device to a foreign network (or your own, then log in from a different network) to validate that DHCP works and it calls home to Tailscale.

  • From a different network, SSH into the LXC container using Tailscale IP and validate connectivity:
    ssh -D 1855 user@<LXC-container-Tailscale-IP>

  • Ensure that you can use SOCKS to access local resources on the LAN, including the Proxmox VE host on port 8006.

2. Power Restoration

  • Configure the BIOS to restore power on power loss, ensuring the machine automatically turns back on if power is lost.  You don’t want to be locked out of your machine because there was a power interruption on the remote network!

  • Entering and managing the BIOS will be machine and manufacturer-dependent - follow the instructions provided by your mini-PC’s manufacturer to find this setting.

3. Optional: Install Mandiant's Commando VM

  • For those needing Windows penetration testing tools, Mandiant’s Commando VM can optionally be installed.  Manually install a Windows 10 virtual machine, then follow the instructions on the Commando repository to set up the Commando suite of tools.

By following these steps, you can build a robust and reliable pentesting and vulnerability scanning drop-box that allows you to validate the security of your organization’s infrastructure. At RipRap Security, our "Ripple" devices have proven to be an invaluable asset in securing local LANs against potential threats.

Steve Sharer
Previous

Simple Cyber Security Wins for Cyber Security Awareness Month
Next

May 2024 - Latest Cyber Security News