One of the excellent qualities he has Qubes-OS is the ability to create virtual spaces dedicated to a specific task, such as: pentesting.
In this article I'm going to describe How to create a standalone VM for Pentesting purpose.
1.- Create the VM first, and assign a WiFi card to it:
[dom0]$ qvm-create wififun --standalone --label yellow
[dom0]$ qvm-prefs -s wififun memory 800 # ensure at least this mem at startup
[dom0]$ qvm-prefs -s wififun kernel none # use own copy of kernel and modules
[dom0]$ qvm-pci -a wififun
It's important doesn't use the Wifi interface in other VM instance, for this reason is recomended use a external Wifi card. To planning your HDD Storage capacity, the standalone VM copy the whole root filesystem, thus It would eat about 5GB of your disk.
|Architecture standalone VM for Pentesting purposes.|
2.- Start the new VM and install it. The prerequisite software there, starting with downloading the reasonably new compat-wireless sources, together with the required injection patches, and then building and installing the new kernel modules.
In this case, the example is using a compact-wireless card, for this reason the following lines include this source to built and prepare de system:
[wififun]$ wget http://linuxwireless.org/download/compat-wireless-2.6/compat-wireless-2011-07-14.tar.bz2
[wififun]$ wget http://patches.aircrack-ng.org/channel-negative-one-maxim.patch
[wififun]$ wget http://patches.aircrack-ng.org/mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch
[wififun]$ wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch
[wififun]$ sudo yum install kernel-devel patch gcc
[wififun]$ tar xjf compat-wireless-2011-07-14.tar.bz2
[wififun]$ cd compat-wireless-2011-07-14
[wififun]$ patch -p1 < ../channel-negative-one-maxim.patch
[wififun]$ patch -p1 < ../mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch
[wififun]$ patch -p1 < ../mac80211.compat08082009.wl_frag+ack_v1.patch
[wififun]$ sudo make unload
[wififun]$ sudo make install
[dom0]$ qvm-run --shutdown --wait wififun
[dom0]$ qvm-run -a wififun gnome-terminal
If the wifi driver is load properly, then go on:
4.- Prepare the wifi security tools and resolve the problems like any Linux System, you can use dmesg log to debug any problem. For example:
[wififun]$ sudo bash
[wififun]# yum install aircrack-ng dnsmasq
[wififun]# airmon-ng start wlan0
[wififun]# iptables -F INPUT
[wififun]# iptables -F FORWARD
[wififun]# echo “1” > /proc/sys/net/ipv4/ip_forward
You don't need to add any explicit masquerading rules, as they are applied by default on Qubes VMs. Edit the /etc/dnsmasq.conf, so that it contains at least the following:
[wififun]# /etc/init.d/dnsmasq start
[wififun]# airbase-ng -e free_wifi mon0
6.- Configure the at0 interface and check it (make sure it matches what you wrote into dnsmasq.conf):
[wififun]# ifconfig at0 192.168.0.1 up
[wififun]# tcpdump -i at0
Please note that as your wififun VM is a regular Qubes VM, it is automatically connected to the default Net VM, which in turn provides networking to it. That's why it is so easy to create a fully functioning fake AP
Catch#1: When you start a driver domain late after system boot, so after some days of uptime and extensive use of VMs, Xen might not be able to allocate enough continues (in terms of MFNs) memory for a driver domain.
The work around is to close as many VMs as possible before starting such driver domain, and then also reducing, for a moment, the amount of memory assigned to Dom0:
[dom0]$ xm mem-set 0 1600m
and starting the driver domain should be fine.
Catch#2: Some network cards, notably Express Cards, might not work well with the 3.0.4 pvops kernel that we use in all VMs by default. try to use the 184.108.40.206 xenlinux kernel in your WiFi fun VM:
[dom0]$ sudo qvm-dom0-update kernel-qubes-vm-220.127.116.11-10.xenlinux.qubes
[dom0]$ cp /var/lib/qubes/vm-kernels/18.104.22.168/* /var/lib/qubes/appvms/wififun/kernels/
[dom0]$ qvm-prefs wififun -s kernelopts "swiotlb=force"
[wififun]$ sudo yum install kernel-devel-22.214.171.124-10.xenlinux.qubes
And rebuild the compat-wireless, unload, install modules, and then load drivers again.
Fuente | The Invisible Things Labs