X11 Forwarding with Kali Linux and bhyve

Configuring iohyve and pf

Since we will be using SSH X11 Forwarding, the guest and the host need to be on the same network. On my laptop, since I use WiFi most of the time, I have already put all my guests behind a NAT, as outlined in this iohyve tutorial. I'll go into that a little bit here.

The first step is to configure the hard-coded bridge0 device in your /etc/rc.conf file. Since this is not officially supported by the iohyve setup net=[interface] function, we will need to "roll our own" configuration file. Note that we still load the VMM and NMDM kernel modules via the iohyve_flags="kmod=1" line. You can also "roll your own" /boot/loader.conf file and do this manually. Here's the example /etc/rc.conf file:

iohyve_enable="YES"
iohyve_flags="kmod=1"

cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="addm wlan0 10.10.123.1/24 up addm tap0"

gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="yes"

This method effectively turns the laptop into a Gateway (IP 10.10.123.1), forwarding traffic to the iohyve guests. We will define the guest IP's in the /etc/pf.conf file:

pub="192.168.XXX.XXX"
hyve_net="10.10.123.00/24"
hyve_fbsd="10.10.123.10"
hyve_kali="10.10.123.12"
if="wlan0"

set block-policy return
set skip on lo
scrub in

# NAT
nat on $if from $hyve_fbsd to !$hyve_net -> $pub
nat on $if from $hyve_win to !$hyve_net -> $pub

# default
pass out on $if from $pub to any
block in log on $if

Here we see that I have two guests configured this way. One is a FreeBSD guest that I give the IP address of 10.10.123.10 and the other I will be using for Kali, 10.10.123.12. Note the pub="192.168.XXX.XXX" is the IP address I received via DHCP over WiFi (wlan0 interface). There are also a few other things we configure, but I won't go into why that's done here. I suggest you read Peter N. M. Hansteen's "The Book of PF" if you want to become a pro at using this wonderful firewall software.

Now we need to set up the Kali guest in iohyve. Create it with iohyve create kali 16G and configure with iohyve set kali ram=1024M loader=grub-bhyve description="Kali 10.10.123.12". Note that we do not set the os property, this is because we will need to do some things in the GRUB command line interface, therefore os=default will need to be set (this is done by default as the name suggests). If you haven't done so already, fetch the Kali ISO with something like iohyve fetch http://cdimage.kali.org/kali-2016.1/kali-linux-2016.1-amd64.iso. Since we want all the tools in the Kali toolbox, I choose to install the full 64bit version.

Installing Kali Linux

Installing Kali isn't as straight forward as installing "vanilla" Debian in iohyve. Like I said earlier, we will need to dig around in the GRUB command line interface. Before we begin, I'd like to note that I use tmux to open two simultaneous windows (one for running the guest and one for consoling into the guest). You can find more information on the magic of tmux here. Start the installation by running something like this: iohyve install kali kali-linux-2016.1-amd64.iso. In your iohyve console kali terminal, you should see something like:

                             GNU GRUB  version 2.00

   Minimal BASH-like line editing is supported. For the first word, TAB
   lists possible command completions. Anywhere else TAB lists possible
   device or file completions.


grub>

Since the Linux Kernel and initrd image are located in the (cd0)/install/ folder, we run this series of commands to get the ISO booted:

                             GNU GRUB  version 2.00

   Minimal BASH-like line editing is supported. For the first word, TAB
   lists possible command completions. Anywhere else TAB lists possible
   device or file completions.


grub> ls (cd0)/install/
gtk/ initrd.gz install.bat vmlinuz
grub> linux (cd0)/install/vmlinuz
grub> initrd (cd0)/install/initrd.gz 
grub> boot

The installation itself is pretty straight forward, and shouldn't be a problem, especially if you have installed a Debian or Debian-based OS before. As long as you gave it enough disk space, you shouldn't run into any issues. Remember to give the install an IP of 10.10.123.12 or the one you are using on your pf setup (I also set the DNS to 8.8.8.8 during this portion of the install). Although iohyve can handle an LVM install, I decided to opt for the standard install to hard disk.

Connecting to the Kali Guest

After installation has completed, you can start the guest by running something like iohyve start kali. The guest should start up and you should see some stuff scroll across the screen in your iohyve console kali terminal. Before we get started, we need to start the SSH service in the Kali guest, as it does not start by default. You may choose to start SSH on startup, but I don't personally because sometimes all you need is the built in "serial" console via bhyve. You can start the service by running: service ssh start. If you have not installed any other users, you will need to enable root logins via SSH to your guest. Via the iohyve console, you can edit your /etc/ssh/sshd_config file and do this by finding the line PermitRootLogin and changing the line to PermitRootLogin yes. Once this is done, you will need to restart the SSH service with service ssh restart.

Now, you can start your X11 forwarding session by running something like ssh -X [email protected] on your host, in my case, my laptop. Once logged in, you can then run programs that have GUI's under the virtual machine, but through your host's own X11 server. In other words, MAGIC. You can test it by running xclock, firefox &, or zenmap in the SSH session. You can even run burpsuite from the guest!

This is another mirror from the maintainer's blog