Kali Linux on EC2 in AWS for Pen Testing (Part 1)

Kali Linux: A Robust Platform for Security Professionals

Kali Linux is a versatile, open-source Linux distribution based on Debian, designed specifically for advanced information security tasks. Its key applications include penetration testing, security research, computer forensics, and reverse engineering. For cloud-based environments, a Kali Linux Amazon Machine Image (AMI) is available for deployment on Amazon EC2 within Amazon Web Services (AWS). This setup is ideal for organisations requiring an internal penetration testing environment. To quote the developers of Kali Linux: “Try harder!”

What Sets Kali Linux Apart?

Kali Linux is meticulously crafted with penetration testers in mind, but adapting it to your specific requirements may involve a learning curve. Below are some considerations highlighted by the developers:

• Specialised Design: Tailored for professional pentesting, Kali Linux might not align perfectly with all use cases out of the box. Adjustments and configurations may be required.
• Learning Curve: Users new to Linux or unfamiliar with command-line interfaces might find the system challenging, despite efforts to enhance usability.
• Hardware Compatibility: While designed to support a wide range of hardware, some components may exhibit compatibility issues. Researching hardware requirements prior to installation is strongly advised to avoid potential issues.
• First-Time Installation: For beginners, installing Kali Linux on a virtual machine is recommended as a preliminary step. This approach allows users to familiarise themselves with the system before committing to a physical installation.

For further details, refer to the comprehensive guide: "Should I Use Kali Linux?"

TL:DR – If you’ve decided to deploy Kali Linux in AWS, the following sections will provide a detailed, step-by-step guide to get you started.

Part one - Implement a working Kali Linux instance in Amazon EC2

Step by step screenshots of creating the AMI, connecting to it, configuring it, and installing kali linux.

Creating and launching a Kali Linux instance in Amazon EC2

You'll need an AWS account in order to complete this task. Once you have one and can reach the AWS console in a web browser you can continue.

In EC2 Select 'AMI Catalog' then Click on 'AWS Marketplace AMIs', and search for "kali". Click 'Select' on the official Kali Linux image.

Next Click 'Continue'.

Now click 'Launch instance with AMI' 

Choose a name for your new instance. I chose 'Kali Linux'. Check you selected the right AMI, and then choose an instance type. Kali recommends t2.medium but I've found that t2.micro works at least for testing, and this has the advantage of being in the free tier if you qualify.

Create a new key pair or assign a key pair to use with this instance. I chose to create a new key pair called 'kalilinux' and chose RSA for Key pair type and PEM for Private key file format

In 'Network settings', under Firewall (security groups) check the 'Create security group' radio button and the 'Allow SSH traffic from' and choose 'My IP address'. This is to restrict access to Kali Linux to your network which is a good but not perfect security setting and I should not have to underline why that is important for a penetration testing tool.

Then 'Configure storage' I chose 20GB a little more than the default, and I changed the storage from gp2 to gp3 as it is faster and cheaper.

Scroll to the bottom of the page and click 'Launch instance'.

Your instance will launch and you can get started on configuration in the instance of Kali Linux itself.

Connect to your new Kali Linux instance in Amazon EC2

Click 'Connect to instance' and follow the instructions, but note that the user is kali, not root!

Heres the command in a terminal, (on macOS) with some output omitted. When prompted type 'yes' to  continue connecting to a new SSH host.

% ssh -i "yourkeyname.pem" This email address is being protected from spambots. You need JavaScript enabled to view it..
...
Linux kali 6.0.0-kali5-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.10-2kali1 (2022-12-06) x86_64
...
(kali㉿kali)-[~]
└─$ 

You are in, connected by SSH to your Kali Linux instance in Amazon EC2. But you probably have a few more notices and errors on the screen. than my example! Configuration is required.

Configure your Kali Linux instance in Amazon EC2

Set your locales

If you see WARNING! Your environment specifies an invalid locale. you need to follow the instructions on the screen before going any further. You can install the locales by running:

$ sudo dpkg-reconfigure locales

In my case, in the UK, I needed to choose en_GB.UTF-8 and en_US.UTF-8. Use the arrow and space keys to select the locales you want and tab to select 'OK' and press return.

On the next screen I chose C.UTF-8 just because this is an english language system and I am the only user and the 'C' locale always used to work properly on older Unix and Unix like systems. Your mileage may vary.

You should see the local generation complete

Generating locales (this might take a while)...
  en_GB.UTF-8... done
  en_US.UTF-8... done
Generation complete.

Install the kali-linux-headless metapackage

Install more of kali linux as the AMI is a minimal install. This takes a while!

$ sudo apt update && sudo apt install -y kali-linux-headless

Once you've let this finish, and answered any questions which might be asked, you'll have a clean login with no warnings.

Linux kali 6.0.0-kali5-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.10-2kali1 (2022-12-06) x86_64

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Feb 25 09:38:53 2023 from 86.27.156.11
┏━(Message from Kali developers)
┃
┃ This is a cloud installation of Kali Linux. Learn more about
┃ the specificities of the various cloud images:
┃ ⇒ https://www.kali.org/docs/troubleshooting/common-cloud-setup/
┃
┗━(Run: “touch ~/.hushlogin” to hide this message)
┌──(kali㉿kali)-[~]
└─$ 

And if you run touch ~/.hushlogin as the login screen suggests, your prompt will be very minimalist indeed!

┌──(kali㉿kali)-[~]
└─$ 

See also:

• Hands-On AWS Penetration Testing with Kali Linux — by Karl Gilbert and Benjamin Caudill (Amazon). I highly recommended this book. It led me to Apache Guacamole which is ace!
• Kali Linux (Documentation). The documentation is very good indeed, but I had some specific needs and wanted to document my install hence the article.
• Kali Linux — The Basics of Troubleshooting (Documentation)
• Kali Linux — Setting up RDP with Xfce (Documentation)
• Kali Forums Forums can be variable but this helped!
• Apache Guacamole™ Free and open source clientless VNC, RDP, and SSH via HTML5 in your browser from the Apache Software Foundation.
• Apache Tomcat® Guacamole uses Apache Tomcat. I used Tomcat 9 which is an open source implementation of specifications developed as part of Java EE.
• Apache Tomcat — Troubleshooting and Diagnostics . Tomcat is mature software and you should follow the troubleshooting if you can't configure it - its you not them :)
• xrdp — free and open-source implementation of Microsoft RDP (Remote Desktop Protocol) server. It works by bridging graphics from the X Window System to the client and relaying controls from the client back to X Window Server.