How to set up a Kali Linux virtual machine on Azure to serve as a TryHackMe attack box

Having developed and architected applications for the past ten years, I’m always concerned about the security of the solutions I build. I would feel so guilty and ashamed if a security breach ever happened because of a mistake I made or a detail I overlooked. Thus, applications’ security must be assessed — regularly, I might add, because updates are generally made to software after their go-live.

For Azure solutions, security assessments typically happen by reviewing the application’s documentation, source code, the configurations of the related resources, and even Azure DevOps CI/CD pipelines. I’m simplifying things a lot here, but on a basic level, you go through the scope of the assessment (both manually and with the help of tools) until you find something that makes you think “hmm, this is not exactly how you should do it; there could be a vulnerability here”. Then you can do something called penetration testing (a.k.a. pentesting or ethical hacking) to confirm your findings, or even demonstrate the vulnerability to your client, so they understand the severity of the situation if the issue is not fixed. And later, when the vulnerability has supposedly been handled, you can also use pentesting to confirm that the fix actually works.

Today, in addition to having a shortage of skilled software developers, we also have a shortage of application security specialists who perform these security assessments. If assessing the level of cybersecurity sounds like something you might want to do in the future, TryHackMe is a great website for learning about vulnerabilities and penetration testing in general. It teaches you the fundamental knowledge of the different aspects of cybersecurity and offers virtual machines and applications you are allowed to hack. There are learning paths and series you can choose from based on your experience level and interests, which will direct you to learn the required skills. The rooms have instructions that explain the theory, and gamified exercises (a.k.a. capture the flag/CTF challenges) allow you to try out and enhance your newly acquired hacking skills hands-on.

You can practice on the site for free or get a subscription that costs $10 per month (or $7.5 if you pay annually). One of the main differences between the free and the subscribed version is that if you subscribe, you get unlimited access to a browser-based Kali Linux machine which serves as your “attack box”. Getting the subscription is a quick and easy way for you to get started because there’s no need to set up your own virtual machine or worry about the VPN connection. However, the downside with this is that you deploy the VM instance for each of your hacking sessions from scratch, which means that any changes you make to the VM won’t persist. Losing all the changes is annoying if you want to use a tool which is not preinstalled on the image (e.g., Nessus vulnerability scanner) during several separate hacking sessions, and you need to re-install the tool every time.

To get around this “issue”, you might want to set up your own separate virtual machine instead, which retains all the tools you decide to install. Creating a Kali Linux virtual machine on Azure is a breeze. Depending on size, it typically costs only some cents per hour, and you only get billed for the time the VM is running. If you remember to shut down the VM when you stop using it and take advantage of the auto-shutdown feature, running your Azure attack box is very cheap. It might even cost you nothing if you get free Azure credits each month, e.g., via a Visual Studio Enterprise subscription. So, without a further ado, let’s put those credits into good use!

PS: I still recommend getting the subscription for TryHackMe if you plan to practice on the platform excessively as it gives you access to some great additional content.

Creating a Kali Linux virtual machine via Azure portal

Let’s head to the Azure Portal to create our resources. If you don’t have an Azure subscription yet, you need to create one before proceeding. You can create a new subscription, e.g., by clicking on the Start trial button on the Azure Portal front page. The trial gives you $200 worth of free credit toward Azure products and services for the first 30 days, and you can use some popular services for free for the first 12 months.

1. On the left-hand navigation, click on Resource groups and then Add. Select your subscription from the dropdown, and specify a name for your resource group that matches your organization’s — imaginary or not — naming conventions. You also need to select a region most convenient for you, such as, West Europe if you are European.
   

   Note: I’m saying “imaginary” because if your Azure subscription is tied to a developer/demo tenant, it still sort of has an organization, even though it is not a real one. Also, there might not exist agreed upon naming conventions yet. If the sub is purely your private playground, you can come up with the naming conventions yourself. However, if it is also used by other people, you should define the naming conventions more broadly and ensure everyone follows them.

2. After the resource group has been provisioned, go to it, and click on Create resources.
3. Search for Kali Linux on the Azure Marketplace, and click on Create.
4. Create the VM with the following basic configurations:
   • Subscription and Resource group: These should be set automatically, but ensure that they are correct.
   • Virtual machine name: Specify a descriptive name for your virtual machine following your organization’s naming conventions.
   • Region: Select the same region you selected for your resource group.
   • Availability options: No infrastructure redundancy required
   • Security type: Standard
   • Image: Kali Linux – Gen1
   • Run with Azure Spot discount: If you want to save a bit of money and aren’t annoyed if your VM suddenly gets shut down with a 30 seconds notice, you can opt in for using Azure Spot. I personally did not select this because I’d definitely get annoyed if my work was interrupted. However, if you wish to do so, I recommend you select Capacity only and Stop / Deallocate as the eviction policy and type.
   • Size: Click on See all sizes, and look for one that matches your purposes and budget. You most likely want to look at the A-Series that has machines meant for development and test purposes, or the D-Series, which offers the cheapest and most popular general purpose machines. At the time of this writing, I personally chose D2s_v4 for my machine which cost $0.01564 per hour, but better options may have been introduced since then. Remember that you can always adjust the VM size later if your needs change.
   • Authentication type: SSH public key
   • Username: Change the default username to something else you’ll remember
   • SSH public key source: Generate new key pair
   • Key pair name: By default, the key name is _key, but you can change it to something else too if you prefer.
   • Public inbound ports: Choose Allow selected ports, and then select SSH (22). Don’t worry about the warning, we’ll limit the access after creation.
5. On the Disks tab, select…
   • OS disk type: (Standard) SSD if it is available for the VM size you selected earlier
   • Opt in to Delete with VM
   • Encryption type: (Default) Encryption at-rest with a platform managed key
   • Data disks: If you need more storage space than what’s available on the OS disk, you can attach additional data disks.
   • Advanced: Opt in for using managed disks.
6. On the Networking tab, you need to configure the NIC settings:
   • Virtual network: You can use the suggested name (<the name of the resource group>-vnet) or specify your own by clicking Create new
   • Subnet: Use the default (10.0.0.0/24) or specify your own address range by clicking on Create new under the Virtual network dropdown.
   • Public IP: Click on Create new. Set SKU to Basic and Assignment to Dynamic. You can also choose to have a static public IP address, although keep in mind that it will cost extra ($0.0036/hour).
   • NIC network security group: Basic
   • Public inbound ports: Choose Allow selected ports
   • Select inbound ports: SSH (22) and RDP (3389). Don’t worry about the warning; again, we’ll limit access after creation.
   • Opt in to Delete public IP and NIC when VM is deleted
   • Don’t put the VM behind a load balancer (no need).
7. On the Management tab, set…
   • You can enable the system assigned managed identity if you need it for something. Otherwise, leave it unchecked. You can enable the feature later, too, if a need arises.
   • Enable auto-shutdown: Definitely. This feature is very useful for controlling the running costs of the VM in Azure in case you ever forget to shut it down after your pentesting session.
   • Shutdown time: What is the time of day you are most likely done working with the VM and it can be turned off?
   • Time zone: Select your time zone
   • Notification before shutdown: You can have a notification sent to your email address if you think you might need to skip/delay the shutdown sometime (probably depends on the shutdown time you’ve selected).
8. On the Management tab, set…
   • Boot diagnostics: If you want to be able to troubleshoot potential virtual machine startup issues, you should leave this option to its default value (Enable with managed storage account (recommended)). The storage account will increase the running costs of the VM a little bit (depending of the amount of data stored and the number of read/write operations). If you are not concerned about the boot issues and are ready to redeploy the VM if everything goes to south, you can disable this feature to save some money.
   • You can enable OS guest diagnostics if you need it for something. Otherwise, leave it unchecked. You can enable the feature later, too, if a need arises.
9. On the Advanced tab, you can specify additional configurations, if you have something special in mind you’d like to include.
10. The Tags tab allows you to add tags your resources so it is easier to distinguish what they are being used for and by whom. Someone in your organization might have even created an Azure Policy that requires you to tag your resources.
11. On the Review + create tab, review the settings that they are correct, and then press Create.
12. Hit the Download private key and create resource button to finalize creation.
13. Move the private key file to a location (directory) where you can find it later.

It is typically quite fast to deploy the virtual machine and other required resources, and it shouldn’t take more than a minute. After the deployment is complete, click on Go to resource.

Limit connections to the SSH and RDP ports

First, let’s limit the connections we allow to the VM via the inbound ports. Go to the Networking blade on the virtual machine resource. You should see how there’s a warning for both the SSH and RDP ports because they currently allow connections from anywhere on the internet. We want to limit this so that only we can connect.

1. Click on the SSH row on the Inbound port rules table.
2. Change Source to IP Addresses.
3. In the Source IP addresses/CIDR ranges field, specify your public IP address (e.g., google “what is my IP address” to find out what it is) or a range of allowed addresses using either the CIDR notation or as a comma-separated list.
4. Click on Save, and repeat the steps for the RDP port.

A page refresh might be required for the warning icons to disappear.

Updating the Kali instance and enabling Remote Desktop connections

Currently, we are already able to connect to our Kali Linux virtual machine via SSH. Connecting via SSH is enough if all you want to do is to run commands in the terminal. However, if you wish to use any tools with a graphical user interface, we also need to be able to RDP, i.e. form a Remote Desktop connection to the virtual machine. We should also set the user account passwords and update the Kali instance to use the latest packages.

Connect to the virtual machine via SSH

To do all of the things mentioned above, let’s connect to our VM via SSH:

1. On the Overview blade of the virtual machine resource, ensure the VM is running. If the VM is currently stopped, click on Start.
2. Go to the Connect blade and copy the command from the Run the example command below to connect to your VM section to, e.g., Notepad.
3. Replace the <private key path> portion of the command with the full directory path to the private key file you downloaded earlier when you created the virtual machine (including the filename and extension).
4. Launch Command Prompt and run the completed command. You might get notified that the authenticity of the host can’t be established. Choose to connect regardless. Also, sometimes the connection might get closed immediately after that. In such case, simply rerun the command to connect.

You should now be connected to the Kali machine via SSH and using its terminal.

Set the account passwords and update the existing packages

After connecting to the virtual machine with SSH, run the following command to set/change the user accounts’ passwords.

sudo passwd <the username you specified when creating the VM>
sudo passwd root

You’ll get prompted for a new password. Type it (no characters will appear) and press Enter.

Switch to the root account by using the command su root and providing the password you just set for it. Then, update the existing packages in the virtual machine by running the below commands. Running the upgrade can take some time, and it might prompt you for some confirmations.

apt update
apt full-upgrade

After upgrading the instance, there might be obsolete packages. You can remove them with the following command.

apt autoremove

Install and configure RDP tools

To enable RDP for our Linux machine, we need to run a few more of commands. You can omit sudo if you switched to the root account earlier.

1. Install the Xfce Desktop Environment: sudo apt -y install xfce4 (might already be installed)
2. Install the xrdp remote desktop server: sudo apt -y install xrdp
3. After installation, you need to separately enable xrdp with the following command: sudo systemctl enable xrdp
4. You also need to specify xrdp to use xfce as the desktop environment: echo xfce4-session >~/.xsession
5. Finalize the configurations by restarting the xrdp service: sudo service xrdp restart

You are now able to connect to the Kali Linux virtual machine via RDP!

Connecting to the virtual machine via RDP

Now that we’ve done all the required configurations, we can finally connect to the VM via RDP.

1. In Azure Portal, go to the Connect blade of the virtual machine resource, if you are not there already.
2. Open the RDP tab.
3. Click on the Download RDP File button to download the .rdp file. When it has downloaded, click on it to connect. Approve the initial prompts and optionally choose not to display them again.
4. Log in using the user account you created during the virtual machine creation, using the password you set earlier via the terminal.
5. If you get prompted for the root account password, provide it as well.

You should now see the virtual machine desktop with that awesome Kali logo, and we are ready to install some more tools!

Connecting to the TryHackMe network from the virtual machine via OpenVPN

We are almost done! Let’s see how we can connect to the TryHackMe network via OpenVPN.

1. Connect to your Kali machine via RDP if you aren’t connected already.
2. In the RDP session, open the terminal (use the keyboard shortcut CTRL+ALT+T or click on the icon in the top-left corner).
3. Run the following command in the terminal to open the Access page of your TryHackMe profile in Mozilla Firefox (installed by default).
   

   firefox --new-tab https://tryhackme.com/access &

4. After logging in, select a VPN server matching your geographical location from the dropdown, and then click on the Download My Configuration File button.
5. Finally, run the following commands in the terminal:
   • sudo apt install openvpn (might already be installed)
   • sudo openvpn ~/Downloads/<YOUR_THM_USERNAME>.ovpn (in the future, simply run this last command to connect)
6. Refresh the Access page on the TryHackMe website. A green checkmark should have appeared next to Connected to indicate a successfully formed VPN connection.

You can now connect to the machines you deploy in TryHackMe rooms from your Azure Kali Linux VM!

Afterword

OK, that’s it, all done! Now you have a brand spanking new Kali Linux instance running on Azure, ready for some hacking action. There is no need to worry about extending your attack box’s up-time or having to reinstall tools if you suddenly need to take a break from hacking mid-room. And when you feel like you are ready to take upon more challenges, also check out another service called Hack The Box. You can continue to use your Azure Kali Linux VM for solving the CTFs on that platform as well.

I hope you enjoyed reading this article and found it useful! In case you have any questions or comments, please write them in the comments section below. Also, if you’d like to consume some more cybersecurity related content from me in the future, feel free to subscribe to my Insider (news)letter and follow me on your favourite social media platforms (Twitter, YouTube, LinkedIn, Github). I post a little bit different content on each one of them, so choose the ones most to your liking.

Happy hacking, and until next time!

Laura