Custom Linux Images in Kasm

Santiago Moya

4 min read
Custom Linux Images in Kasm
Custom PwnBox Kam Image

Introduction

My quest to explore Kasm Workspaces led me to a video tutorial by Christian Lempa. This video was a goldmine, as it showcased how to create a customized Linux Desktop, tailor-made for Hack the Box, commonly known as a "Pwn Box." While Christian's GitHub Repo had a configuration file to start with, I had some specific tweaks in mind.

What do I want?

My vision was to create a Pwn Box using Parrot OS, equipped with pre installed security tools similar to the HTB Academy Pwn Box. Furthermore, I wanted to enable OpenVPN, facilitating access to HTB Labs directly from the Kasm image. I also wanted add the classic HTB background, and install SecLists (Used in the Labs I'm currently working on).

How do we get there?

After closely following Christian's video and setting up my folder structure, I needed to tackle a few more tasks. This included installing WSL2 on my Windows 11 laptop, installing and configuring Docker Desktop, and creating a Docker Hub account. This account allowed me to push the custom image to my repository, simplifying updates and allowing for quick installations on any Kasm instance.

With these prerequisites in place, I delved into Kasm's Building Custom Images documentation. I was pleasantly surprised by the comprehensive nature of their documentation, which provided a clear path for customizing images. They've anticipated a wide range of customizations and even offered examples to help you get started.

One particularly helpful feature is the ability to run the custom image locally and access it via a web browser. This eliminates the need to repeatedly build, push, and download on your Kasm instance while making changes and updates. The command for this is available in the Kasm documentation, as well as in Christian Lempa's GitHub Repo. This step became my learning playground as I researched each task I needed to accomplish, tweaked the Dockerfile, and ran tests. The journey taught me valuable lessons about Linux, the Parrot OS DE, and Docker.

Below, you'll find the Dockerfile I honed after numerous iterations and testing.

Custom Dockerfile
FROM kasmweb/parrotos-5-desktop:1.14.0
USER root

ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
ENV INST_SCRIPTS $STARTUPDIR/install
WORKDIR $HOME

######### Customize Container Here ###########

# Copy startup script and set it to run on startup
COPY scripts/custom_startup.sh $STARTUPDIR/custom_startup.sh
RUN chmod +x $STARTUPDIR/custom_startup.sh
RUN chmod 755 $STARTUPDIR/custom_startup.sh

# Update Ubuntu and software.
RUN apt update \
    && sudo apt upgrade -y

# Install OpenVPN
RUN apt install openvpn -y

# Install Seclists and move to /opt/useful/SecLists for HTB Modules
RUN apt install seclists -y \
    && mkdir /opt/useful/ && mv /usr/share/seclists/ /opt/useful/SecLists/

# Add kasm-user to sudoers and delete kasm-user password
RUN apt install -y sudo \
    && echo 'kasm-user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \
    && rm -rf /var/lib/apt/list/* \
    && sudo passwd -d kasm-user

######### End Customizations ###########

RUN chown 1000:0 $HOME
RUN $STARTUPDIR/set_user_permission.sh $HOME

ENV HOME /home/kasm-user
WORKDIR $HOME
RUN mkdir -p $HOME && chown -R 1000:0 $HOME

USER 1000

Custom Dockerfile

Some objectives required a startup script instead of direct execution within the Dockerfile. Here's what I settled on for that.

Custom Startup Script
#!/usr/bin/env bash

# Change wallpaper
cp /usr/share/backgrounds/hackthebox-alt.jpg /usr/share/extra/backgrounds/bg_default.png

# Make Firefox the defaul web browser
gio mime x-scheme-handler/http firefox.desktop
gio mime x-scheme-handler/https firefox.desktop

# Create desktop shortcuts for Burpsuite and ZAP
cp /usr/share/applications/parrot-zaproxy.desktop ~/Desktop/
chmod +x ~/Desktop/parrot-zaproxy.desktop
cp /usr/share/applications/parrot-burpsuite.desktop ~/Desktop/
chmod +x ~/Desktop/parrot-burpsuite.desktop

Custom Startup Script

Once the Dockerfile and startup script were complete, and the image performed as I'd envisioned, I did one final build before setting it up on my Kasm instance and pushing it to my Docker Hub repository.

With everything constructed and uploaded to my repo, I added the image to my Kasm instance and configured a custom Docker Run Config Override, accessible through the workspace settings. This tweak ensures that functionalities like OpenVPN work within the image. You can locate this information in both Kasm's documentation and Christian Lempa's GitHub Repo.

{
  "hostname": "kasm",
  "user": "kasm-user",
  "cap_add": [
    "NET_ADMIN"
  ],
  "devices": [
    "dev/net/tun",
    "/dev/net/tun"
  ],
  "sysctls": {
    "net.ipv6.conf.all.disable_ipv6": "0"
  }
}

I also introduced a custom workspace logo by uploading it to my Kasm server via SCP and specifying the path in the workspace settings.

Custom Logo
PwnBox Desktop

Future Plans

This journey has ignited my passion for creating custom Linux images using this method. The project was an educational adventure, and I'm eager to continue my exploration and discover more images I can customize and run on Kasm. Thank you for accompanying me on this journey; I hope you have a fantastic day!