雪泥鴻爪

dog2's blog

run Kali Linux in Docker and install Desktop Environment & VNC

Posted on In Disqus:
Symbols count in article: 3.6k Reading time ≈ 3 mins.
  • Title(CN): 在Docker中运行Kali Linux并安装桌面环境及VNC
  • Title(JP): Dockerを使ってKali Linux及びデスクトップ環境とVNC環境を構築
  • Author: dog2

Overview

  • Environment:Mac OS(Windows)
  • Needs ➡ HOWTO
    • run Kali Linux in docker ➡ using kali linux official docker image
    • install Kali Desktop Environment and VNC service for kali so it can be accessed from the host machine
      • ➡ choose one kali desktop env from e17/gnome/i3/kde/lxde/mate/xfce and install
      • ➡ installing vnc server tightvncserver
    • it's better to access VNC without installing VNC client
      • ➡ on Mac OS, the pre-installed app Screen Sharing can be used as a VNC client
      • ➡ use novnc so that we can use browser as an VNC client

run Kali Linux in dokcer

  1. pull docker image 

    1
    docker pull kalilinux/kali-bleeding-edge

  2. run container 

    1
    docker run -t -d --name my-kali -p 25900:5900 -p 25901:5901 kalilinux/kali-bleeding-edge

notice that if your host OS is Linux, you can as well use the host network mode of docker --network host instead of the port mapping above, it will not only become simple in next steps but also be useful to optimize performance.

It is sad that host network mode can not work on Windows and Mac according to docker doc:

The host networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server.

  1. go into container 

    1
    docker exec -it my-kali /bin/bash

  2. update 

    1
    2
    apt update
    apt upgrade

kalilinux/kali-bleeding-edge is a small size image, so there is nothing in it but some essential linux components. You should install all the kali pentest tools by your self. As written in here, the available installations are(the New column):

Old New Notes
kali-linux-full kali-linux-large Our previous default tools for AMD64/i386 images
kali-linux-all kali-linux-everything Every metapackage and tool listed here
kali-linux-top10 kali-tools-top10 The most commonly used tools
kali-desktop-live kali-desktop-live (same) Used during a live session when booted from the image

I chose kali-linux-everything:

1
 
apt install kali-linux-everything

and it took me 4 hours to finish it and the container size came out to be 15GB+ 😂

install Desktop Environment

As written in here, the available Desktop Environment are

Old New Notes
kali-desktop-common kali-desktop-core Any key tools required for a GUI image
new kali-desktop-e17 Enlightenment (WM)
kali-desktop-gnome kali-desktop-gnome (same) GNOME (DE)
new kali-desktop-i3 i3 (WM)
kali-desktop-kde kali-desktop-kde (same) KDE (DE)
kali-desktop-lxde kali-desktop-lxde (same) LXDE (WM)
new kali-desktop-mate MATE (DE)
kali-desktop-xfce kali-desktop-xfce (same) XFCE (WM)

old version of offical kali image used kali-desktop-gnome as default desktop env, but the newests version has changed into kali-desktop-xfce, its has smaller size and is friendly to low-cost machines.

so I ran

1
apt install kali-desktop-xfce

install tightvncserver

old version of kali might use vnc4server as vncserver but it has gone in the new kali, now through apt install we have no choice but tightvncserver .

1
apt install tightvncserver

run vncpasswd for the first time to initiate your VNC password

1
vncpasswd

then run the vncserver, before it you need to set bash environment variable

1
2
export USER=root
tightvncserver :0 -geometry 1280x800 -depth 16 -pixelformat rgb565

the default port of vnc server is 5900, note that my mac is host machine so that the port is 25900, which was mapped when ran docker run command at the beginning. The password was the one you set when running vncpasswd.

so now I can access it from my mac through Screen Sharing, you can try with your VNC client to connect to 127.0.0.1:25900, you will got it

install novnc

1
2
apt install net-tools
apt install novnc

tunnel vncserver on port 5900 into WebSockets vpc server on port 5901

1
/usr/share/novnc/utils/launch.sh --listen 5901 --vnc localhost:5900

then access http://127.0.0.1:25901/vnc.html through your browser and your will get into noVNC, and setting the WebSocket Host to 127.0.0.1 and Port to 25901 so that we can connect to VNC server. The password was the one you set when running vncpasswd.

reference

  • How To Install and Access TightVNC Remote Desktop In Linux
  • Major Metapackage Makeover
  • Kali In The Browser (noVNC)
  • 当 Kali 遇见 Docker
  • 【备忘录】树莓派安装Kali Linux并安装VNC
  • Dockerを使ってKali Linuxの環境を構築した時のメモ