Category: Linux

How to connect to an Ubuntu VM via SSH with PowerShell

This blog entry shows how to connect to a Ubuntu VM via SSH from PowerShell with Windows 10 as a host.

Are you running Windows 10 as a host and want to connect to your Ubuntu VM? Are you using VirtualBox as a hosted hypervisor? If the answers to these questions are two yes, keep reading!

As you will see below, this technique is especially useful if you are using Ubuntu Server – which comes without a GUI – and want to avoid the pains of working on that terminal. For example, Page Up and Page Down didn’t work and the screen was too small. Even VirtualBox Guest Additions didn’t help solve the problem.

Here you find the list of steps from the creation of the VM to the SSH connection via PowerShell (the relative screenshots are under the list):

  1. Create a Ubuntu VM on VirtualBox (I’m using VirtualBox 6.1.26).
  2. Install Ubuntu Server 18.04.6 LTS in it (download the ISO from here by selecting “Server install image”).
  3. Start the VM and logon.
  4. Make sure that process sshd is running and listening on port 22 (s. Screenshot 1):
    • ps aux | grep sshd
    • sudo netstat -plant | grep :22
  5. Power off the VM.
  6. Open VirtualBox Manager, select the Ubuntu VM, and click on Settings. Click on Network, click on Advanced, click on Port Forwarding. Add a new port forwarding rule and click OK (s. Screenshot 2).
    • PS: The Guest IP field is empty. With Guest IP = 10.0.2.15 (find yours by typing ifconfig in the terminal of the VM), the connection didn’t work.
  7. Start the VM again.
  8. Launch PowerShell on your host and type: ssh pb@127.0.0.1 -p 10022
  9. The first time you connect, PowerShell will ask if you are sure that you want to connect and show you the ECDSA key fingerprint. You can double check it by typing this in the VM terminal: ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub (s. Screenshot 3).
  10. Enter yes.
  11. Type again: ssh pb@127.0.0.1 -p 10022 (if it does not work, restart PowerShell).
  12. Enter you Ubuntu password. You will now see the Ubuntu welcome message (s. Screenshot 4). Now you are connected to your Ubuntu VM via PowerShell from your Windows 10 host. Congratulations! 🙂
Screenshot 1: Check if process sshd is running and listening on port 22.
Screenshot 2: Set up port forwarding.
Screenshot 3: Check if the ECDSA key fingerprint matches.
Screenshot 4: This message means victory 🙂

I hope you liked this post. If you have any questions, feel free to leave a comment in the comment section. Never stop learning!

How to change default credentials in Kali from the terminal

This blog post will explain how to change default credentials in a Kali Linux virtual machine after spinning it from a 2020.3 OVA image.

This blog post will explain how to change default credentials in a Kali Linux virtual machine (VM) after spinning it from a 2020.3 OVA image1.

Since release 2020.1, Kali uses a non-root user policy by default. This means that the default credentials for a pre-created image are2:

  • username: kali
  • password: kali

Running a machine with default credentials is like leaving your house door unlocked at night in a bad neighborhood. Let me show you how to lock this door properly.

We will first change root and kali passwords, and then rename the default user together with its home directory and group.

Login with the default credentials, pretend to be root, and change root password:

Change password for root

BONUS: su let’s you pretend to be root (you are still in your home directory), whereas su - makes you root (you are in ~, that is, root home directory).

Difference between su and su -

Now change the password for kali too by typing passwd kali. The process is the same as the one in the image above. Now log off and log in again as root.

Rename the default user with your username3:

Kill the processes that are using the user kali and then rename it

Make sure that the renaming was successful:

Read the last 10 lines of the file /etc/passwd and make sure that the renaming was successful

Rename the home directory4:

Rename the home directory for savvy_learner

Rename the group:

Rename the group for savvy_learner

Check if the changes were successful:

I hope you liked this post. If you have any question, feel free to leave a comment in the comment section. Never stop learning!

How to verify the integrity and authenticity of a Kali Linux OVA image

You downloaded an image to install Kali Linux and you want to make sure that this file is an integral and authentic copy? This post is for you!

You have downloaded an image to install Kali Linux1 as a virtual machine (VM) on your hypervisor and you want to make sure that this file is an integral and authentic copy? If the answer to this question is yes, keep reading! In this blog entry, I will describe how to verify the integrity and authenticity of a Kali Linux OVA image with Windows 10.

There are two ways to install Kali Linux on a virtual machine. The first is to create a new VM and manually configure it on the hypervisor2. Once this is done, the Kali ISO image3 needs to be attached to the virtual CD-ROM and then the VM can be booted. The second method is to import a copy of an existing virtual machine into the hypervisor. Such copy is distributed as an OVA4 package, which is an archive file that contains metadata for the VM – such as name or hardware requirements – and at least one disk image, among other things. Before importing the OVA image into the hypervisor, we need to make sure that this file wasn’t damaged during the download and perhaps more importantly that this is an authentic copy. This process is what I present next.

The first step of this process is to download the OVA image. In order to do this, go the official website of Offensive Security5: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/. Here you should choose the OVA image compatible with your hypervisor. As I use VirtualBox6, I downloaded the VirtualBox 64-bit file. While downloading, take note of the checksum (SHA256Sum) written next to the file that you selected:

OVA images and SHA256Sums on offensive-security.com

The next step is to open the Windows PowerShell and cd7 into the directory where you saved the OVA image. Here run the following command (modify it with the name of the file that you downloaded): Get-FileHash kali-linux-2020.3-vbox-amd64.ova -Algorithm sha256. If everything worked well, you should see something like this:

Get the hash from the OVA file

The alphanumeric string under the column Hash is the information we need to compare to the SHA256Sum that we took note of before in this tutorial. As I’m lazy – and thus efficient 😀 – I did this with the Python Shell (see Screenshot below; modify the command with your checksum data). If the result of running this command is True, you are ready to go8: