Kali Linux Unattended PXE Install

Kali Linux Pxe Network Install


One of the little-known features of Kali Linux is that it supports unattended installations over a network. This feature allows for easy deployment of custom Kali Linux instances that do not require any manual intervention during the installation process.

Before dealing with unattended installs, you will first want to follow the instructions for a Kali Linux Network PXE Install to get all of the major components ready. Once your PXE server is all configured, you’re ready to move on and get ready to automate your installations.


Before you start the installation, place a preseed.cfg file on a web server that will be available to the machine you are trying to install. You can use the preseed file shown below as a starting point. In our example, the web server serving the preseed file is located on the same network as the machine being installed, with the IP address:

d-i debian-installer/locale string en_US
d-i console-keymaps-at/keymap select usd-i mirror/country string enter information manually
d-i mirror/suite string kali
d-i mirror/codename string kali
d-i mirror/http/hostname string archive.kali.org
d-i mirror/http/directory string /kali
d-i mirror/http/proxy string
d-i clock-setup/utc boolean true
d-i time/zone string US/Eastern

# Disable volatile and security
d-i apt-setup/services-select multiselect

# Enable contrib and non-free
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true

d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true

# Add our own security mirror
d-i apt-setup/local0/repository string http://archive.kali.org/kali-security kali/updates main
d-i apt-setup/local0/comment string Security updates
d-i apt-setup/local0/source boolean false
d-i apt-setup/use_mirror boolean true

# Upgrade installed packages
tasksel tasksel/first multiselect standard
d-i pkgsel/upgrade select full-upgrade
# Install a limited subset of tools from the Kali Linux repositories
d-i pkgsel/include string openssh-server openvas metasploit-framework metasploit nano

# Change default hostname
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/hostname string kali

# Do not create a normal user account
d-i passwd/make-user boolean false
d-i passwd/root-password password toor
d-i passwd/root-password-again password toor

popularity-contest popularity-contest/participate boolean false
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
d-i finish-install/reboot_in_progress note

d-i preseed/late_command string
in-target wget;
in-target /bin/bash -x chmod 755 ./postseed.sh;
in-target /bin/bash -x ./postseed.sh;

The sample preseed file above will install a limited subset of tools, specifically openssh-server, openvas, metasploit, and nano. You can feel free to change this as needed, adding or removing whatever tools you like. Take particular note of the last section of the preseed file, which allows you to run post installation scripts. In our case, we run an additional post install script, postseed.sh, which is located on the same web root directory as the preseed.cfg file. The postseed.sh script enters an SSH key into the image and makes sure that all our desired services will start at boot time.

mkdir -p /root/.ssh
# Replace "YOUR SSH KEY" with a your ssh public key.
echo "YOUR SSH KEY" > /root/.ssh/authorized_keys
# Disable SSH password authentication
sed 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config# Set the admin password of OpenVas to admin123
sed '/add_user/ s|$| -w admin123|' /usr/bin/openvas-setup
rm -rf /etc/rc.local

cat << EOF > /etc/rc.local
/etc/init.d/greenbone-security-assistant start
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-administrator start
/etc/init.d/openvas-manager start
# Set msfrpcd to username "metadmin" and password "metpass123" on port 1337
/usr/bin/msfrpcd -S -U metadmin -P metpass123 -p 1337 &

exit 0

chmod 755 /etc/rc.local

update-rc.d ssh enable
update-rc.d postgresql enable
update-rc.d metasploit enable


To avoid having to enter the boot parameters for the preseed install on every boot, you can simply edit the/tftpboot/debian-installer/amd64/boot-screens/txt.cfg file to look like the following. Do not forget to update the URL of the preseed file:

default install
label install
menu label ^Unattended Install
menu default
kernel debian-installer/amd64/linux
append vga=788 initrd=debian-installer/amd64/initrd.gz -- quiet url= locale=en_US keymap=us hostname=kali domain=local.lan


Boot up the target computer and initiate a PXE boot; the Kali Linux boot prompt should appear before you. Choosing the “Unattended Install” option should start and finish the entire Kali installation without any intervention required.

No comments:

Post a Comment