unman has provided templates for Kali-enthusiasts to QubesOS (v. 4.1 only) and you need to enable the repository in /etc/qubes/repo-templates/qubes-templates.repo. The mentioned command using “enable-repo …” mentioned in the forum did not work for me, so I had to edit the 1 directly in the file 🙂
Edit the repo-file:
Install the template:
Then I created an AppVM based on the Kali template and vupti, everything works perfectly.
That is except for reverse shell 🙂
I had an issue with reverse shell’s not working on Qubes Kali AppVM, due to firewall restrictions even though I disabled the firewall following these instructions(Spoiler:NOT working in Qubes AppVM).
I got no SYN-ACK to my SYN’s, and with the firewall “disabled” I tried searching elsewhere for answers. It turned out that disabling the local firewall in Kali is not enough and I am afraid to mess up security by following the guides incorrectly.
To resolve the issue, clean out the firewall rules on the local AppVM (or template VM for persistance):
This can be done in a more optimal way opening up only for the specific endpoints/IP-range’s from TryHackMe, but this just gets your reverse shells working right now.
The other, safer way, that works (if there is no inbound firewall on target host), is to change the payload in metasploit from reverse_tcp to bind_tcp with a sample:
set PAYLOAD payload/linux/x86/meterpreter/bind_tcp
My daily patching of my Qubes fedora-32 template failed, and I just found our that Skype might be the reason. I tried starting skype, and found it to be requiring of an update:
This proved faulty, since Microsoft might have given up on Skype, their last update was unsigned and broke updates on one of my fedora-32 templates.
Then I tried forcing the install, since I trusted the package origin, but I saw that the quality of the package might be below par(it does work, though), so I chose to part with Skype for now:
Updating / installing… 1:skypeforlinux-8.62.0.83-1 ################################# [100%] Redirecting to /bin/systemctl start atd.service Failed to start atd.service: Unit atd.service not found.
Remember to remove the repo also, if you really mean it 🙂
So, instead of just downloading the package from keepassxc.org and miss any updates coming in the future, I decided to install from testing repository, and hope that the package will be sent to stable in the near future. I accept the risk that seems to be close non-existing, compared to trusting the stable/testing repo:
Less than 10 days later we had the same issue, so contemplating on how it is possible to have 1 package using the “updates-testing” repository and the rest run stable (without having the below running in a cron job)
Sharing my experiences, installing Windows 10 Enterprise on Qubes 4.0, maybe spiced up with the infamous QWT(Qubes Windows Tools 4.0.1.3) installation(Spoiler alert: NOT Working!).
Following this guide, I will try to describe the issues I’ve been encountering accompanied with screenshots. The big issue is getting the Qubes Windows tools to install properly. All my installations have failed, so even though Invisible Things Lab has worked on QWT tirelessly for years, corporate clients, understandably, is more important than a few backers and the community. The backers are apparently not contributing enough, although I might believe that backer numbers would go through the roof, if the tools would work, flawlessly on windows 10. If you want to contribute to Qubes OS, please donate either once or continuously here. And if you have the skills and tools to make QWT v.4.0.2.0, then please create an indiegogo(or similar) crowdfunding campaign. I’m sure it will be backed.
But, let’s go and take som challenges. The first one is that fedora doesn’t support exFAT (crazy as it sounds, and I wrote about this before here), and debian does. That means I have to use a debian appVM to share the ISO file to the new Windows 10 VM. unless, there is another way.
When the restart is performed, Qubes does a bunch of things, such as moving the user directory from C: to the newly created private drive of 2GB(E:). That fails horribly, btw:
It might be a great day or a sad day. Now Marek is taking over, it will be interesting to see if a guy who works a lot already, can take on yet another hat. Will strategic partnerships, fundraising, etc. drown in a developer tunnel-vision mindset?
Hope not. Please DONATE! to ensure vision and development.
I want my data to be @home, without being accessible from the internet. No unnecessary risks of breaches, if avoidable and no access from a giant attack vector(The whole internet if it is in the public cloud). Private cloud it is. And NextCloud seems to be best of breed.
As advertised in qubes-users mailing list, the templates of whonix version 14 is now available and flawlessly installed on my Qubes 4.0, without much effort.
To use the great benefits derived from Qubes VM’s, Micah Lee recommended the use of Katoolin, instead of HVM based Kali, I normally use, so let’s try it out:
I have tried both yes and no to “restarting services automatically”, but the terminal crashes and remains unresponsive. i cannot get in contact with the VM. The latest screenshot was:
It seems the install is running, since my fan speeds up and down continuously.
I tried following this tutorial, and found out that you can install some stuff from the menus, but you have to remove the sources before updating or it will crash. That means no software from Kali will be updated?
For now, I’m continuing to work with my Kali rolling standalone HVM.