Kasm Workspaces for Hacking
In today’s ever-evolving digital landscape, cybersecurity has become a paramount concern for businesses worldwide. As cyber threats become increasingly sophisticated, organizations must adopt innovative solutions to safeguard their sensitive data, maintain privacy, and optimize productivity. In this pursuit, a game-changing technology has emerged — Kasm.
If you’ve found your way here, it’s clear that you share a passion for exploring the fascinating realm of cybersecurity. And like me, you must be eager to discover how Kasm can become your ultimate ally, making this journey both smoother and more rewarding.
Two of the most recognized names in cybersecurity education are HackTheBox (https://www.hackthebox.com/) and TryHackMe (https://tryhackme.com/). They each offer multiple ways to learn, and offer low- and no-cost in-browser instances of Kali or ParrotOS. However, I found these instances to be laggy and somewhat unreliable. They are fantastic for quick study sessions and less intensive rooms/labs. But for heavy lifting, I simply prefer to use a machine I have full control over.
Enter Kasm, right? Wrong. At least for now.
To use your own machine, you need to download a OpenVPN configuration profile, and connect to their network using the OpenVPN service. This is normally a trivial process, consisting of a simple one-liner:
sudo openvpn --config name_of_file.ovpn
However, due to the security-first design of Kasm, running OpenVPN is not quite that simple. In fact, OpenVPN isn’t even installed in the default image of either Kali or Parrot (at least at the time of this writing). Kasm has a fantastic how-to guide for how to use VPN’s from inside containers that got me about 90% of the way there. But that final 10% push was notably more frustrating, so I figure I would take a few minutes to save you a few hours.
To make things simpler, I’m going to walk through the entire process so you do not need to bounce back and forth between the Kasm documentation and this article. However, is something seems unclear, or you want a more in-depth look into the first part of the guide, I urge you to visit their docs.
Step 0 — Prerequisites
It should go without saying that you need to have installed Kasm. You will also need command-line access to the server running Kasm. Additionally, if you haven’t already, pull the docker image you intend to base this off of, typically Kali or Parrot. I’ve already done Parrot, so I’ll be using Kali as an example as I run through this. I like to work out of the /opt directory, but do so wherever you feel comfortable.
docker pull kasmweb/core-kali-rolling
Step 1 — Create the Dockerfile
A Dockerfile is a text file used to define the configuration and instructions necessary to create a Docker container. In a Dockerfile, you specify a series of commands and settings that Docker will execute in order to build a container image. This image serves as a template for running containers. The Dockerfile typically includes instructions to specify the base image, install dependencies, copy application code, configure the container environment, and define startup commands.
To create, just create a text file named “dockerfile” using whatever text editor you choose, I used nano.
My Dockerfile:
FROM kasmweb/core-kali-rolling:1.13.1-rolling
USER root
ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
ENV INST_SCRIPTS $STARTUPDIR/install
WORKDIR $HOME
######### Customize Container Here ###########
# Install OpenVPN
RUN apt-get update && \
apt-get install -y openvpn
######### End Customizations ###########
RUN chown 1000:0 $HOME
RUN $STARTUPDIR/set_user_permission.sh $HOME
ENV HOME /home/kasm-user
WORKDIR $HOME
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
USER 1000
This will take the base Kali image, and install the OpenVPN client.
Now save the file and exit your text editor.
Step 2 — Build the Container
You can call the image whatever you want. I went with kali-vpn to make it easy on myself. Whatever you do call it, make sure to make note of it.
docker build -t custom:kali-vpn -f dockerfile .
Step 3 — Configure the Workspace in the UI
Log in using your admin account, and select “Workspaces” on the left hand menu. Then select “Add Workspace” in the upper right corner of the Workspaces modal.
Enter the required fields. Note that the Cores and Memory fields will have greyed out text. You will still need to enter in those fields, even if you match the default values shown.
Workspace Type: Container
Friendly Name: Enter a name you like for it, I went with the simple “Kali VPN” for mine.
Description: Again, enter a description you like. I went simple here as well.
Enabled: Yes.
Docker Image: Use the image name you used in Step 2. custom:kali-vpn for mine.
Cores: 2
Memory: 2768 is what I went with, the default. You can move this up or down depending on available server resources. I’ve provided access to Kasm for my colleague and my brother, so I went conservative to ensure we didn’t max out resources with multiple users at once.
GPU Count: 0
CPU Allocation Method: Inherit
OPTIONAL: Scroll down and click sumbit. This will ensure all required fields are filled out.
Step 4 — Configure the Docker Run Config Override
This is where I spent most of my time troubleshooting. Contrary to many guides you’ll find online, if you attempt to start the VPN connection, it will fail. The container does not currently have the configurations/permissions necessary for a successful connection.
Thankfully, it’s a simple fix.
Add this to the Docker Run Config Override (JSON) field in the settings for your new workspace:
{
"cap_add": [
"NET_ADMIN"
],
"devices": [
"dev/net/tun",
"/dev/net/tun"
],
"user": "root",
"privileged": true,
"sysctls": {
"net.ipv6.conf.all.disable_ipv6": "0"
}
}
Now just click Submit!
Step 5 — Launch your new Hacker Learning Lab
If you would like to have the image thumbnails match, you can simply copy the path from the default image thumbnails and paste that in the settings for your new image.
As of the time of this writing, those thumbnails were located at:
Kali: /img/thumbnails/kali.png
Parrot: /img/thumbnails/parrotos.svg
In an era where cyber threats are growing in complexity and frequency, Kasm shines as an innovative solution that empowers businesses and community members alike to stay ahead of the curve. By embracing Kasm, you can fortify your cybersecurity knowledge, protect sensitive data, and elevate productivity without compromise. Join the ranks of forward-thinking practitioners and explore the future of secure computing with Kasm.
You can try it out yourself on there website here: https://www.kasmweb.com/cloud-personal