I already know what you’re thinking: “Seriously? This topic has been beaten into the ground. Do we need another write up on this?” the answer is quite frankly, “possibly not”! But having gone through this some variation of this setup process numerous times, I would like to share some of the small details and recommendations I have regarding it.
If you do not want to follow through this entire guide, please see these key takeaways. Note that this post is being written with *Windows* in mind.
- Choose VMware Workstation over Oracle VirtualBox. This of course is subjective, but having used both, I can tell you the UI for VMware is just a lot more enjoyable and intuitive. Not only that, but Oracle doesn’t have a great track record with regards to security and patching their applications, so I would trust VMware more with regards to guest isolation and secure software.
- I recommend you download the VMware pre-built image, as opposed to creating the VM yourself from an ISO. One of the main reasons for this (that is hard to find mentions of) is because creating the VM yourself with an ISO will cause Metasploit modules and other tools to be detected by Windows Defender as malicious or as cause for concern. This can be remedied fairly easily by excluding the virtual disk folder from AV scans, but I just find it easier to not have to worry about that.
- Create a new directory to store your virtual machines in. If you unzip the image into your “Downloads” folder, it will most be certainly be accidentally deleted at some point. Or submerged in installers.
- For most security-related use, and in general for that matter, you’ll want to isolate the VM as much as possible from other computers in your network, including the host itself. I like to do a few things with regards to that: remove the USB controller, disable folder sharing, and use NAT on the virtual network adapter. All of these settings can be found in the “Edit virtual machine settings” option within VMware. In some instances, you will have the “Enable side-channel mitigations” option available to you. I have yet to have any issues with this setting enabled, so that is recommended as well.
Let’s get started!
If you are new to this, you’ll want to start out by installing VMware Workstation Player. “Workstation” refers to their Type 2 hypervisor products for Windows and Linux. macOS users would instead use VMware Fusion. “Player” refers to their free tier, the alternative being Workstation Pro, currently listed for $199 as a one-time purchase for version 16. Version 17, upon its release, would require a separate purchase. Workstation Pro provides some additional functionality over Workstation Player, including VM snapshots (backups), encryption, better utilization of GPU resources, and more. For our non-commercial purposes, Workstation Player will be sufficient. The install should be fairly self-explanatory, but be sure to select “Non-commercial use” when prompted, assuming that’s the case.
Next, we’ll want to visit the Kali Linux downloads page, where we will begin the download for the pre-built image.
Then, make sure you have selected “64-bit” unless you are running a 32-bit architecture, and select the download icon under “VMware”, and choose “Save file” to a directory of your choosing. By default, this will generally be your “Downloads” folder.
Calculate the SHA-256 checksum of the download using 7-Zip’s checksum utility, and compare it with the “sum” provided on the Kali website, pictured above. If you don’t already have 7-Zip, download it here (x64).
Assuming that’s been verified, continue on to extract the archive in a directory of your choosing. I personally find it easier to “Extract here”, and then move the extracted files where I need them to go. It’s a small enough file to not have to worry about read & write speeds.
After having moved the extracted folder to its new home, open VMware Workstation, choose “Open a Virtual Machine”, and find that same folder. You’ll need to look inside the folder for the particular file VMware wants to open, which should be a “.vmx” file, used for virtual machine configuration.
Now we’ll be making some adjustments to the default configuration, but this can vary depending on how many resources your workstation has, and much you are willing to share with the guest machine. I personally wouldn’t go below 4GB of memory, but I haven’t tried using it with the default 2GB for very long. To scale this up, go to “Edit virtual machine settings”, click “Memory”, and adjust the slider to your desired position. I would stay considerably below “Maximum recommended memory”, as in some cases, that is the total amount of memory your host machine has.
I also like to remove the “USB Controller” from the VM if I know it is not going to be used. There has been at least one vulnerability in the USB controller in ESXi (a separate, type 1 hypervisor), so it’s best to play it on the safe side. This won’t affect the use of your mouse and keyboard on the VM, but it will prevent you from connecting additional physical devices to it. In the event you need to do this, you can always add the USB controller back to the VM.
Next, and more importantly, we’ll be disabling the “shared folders” feature of our VM. This particular feature, and ones like it, have had some pretty nasty vulnerabilities surrounding them in the past, as by its very nature, it has to provide a channel from the virtual machine to your host’s file system. Depending on your use-case, disabling it may or may not have any discernible impact on your workflow. If you do need to get files to and from your VM, there are better, more controlled ways of doing so. This setting will be under the “Options” tab, on “Shared Folders”
Finally, we’ll be changing the Network Adapter to use “NAT”, instead of “Bridged” mode. What this means is that your host machine will be providing NAT to your VM, putting it behind double-NAT when accessing the Internet; whereas “Bridged” mode will give the virtual machine its own IP address on your LAN. Of course, isolating it from the other machines in your network is ideal for most of our uses and the things we’ll be working with in Kali, but other virtualization use-cases may not benefit from this. Go back to “Hardware”, click “Network Adapter”, and ensure “NAT” is selected.
Et voilà! Return to the main VMware Workstation screen, and click “Play virtual machine”. Login with the default Kali credentials, kali/kali, and run this all-in-one command in a terminal to get it updated:
sudo apt update -y && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean -y && sudo apt autoclean -y
Oh, and let’s change those default credentials.
sudo passwd kali