How To: Running PowerShell Core and PowerCLI on Kali Linux

Introduction

In this article we install Microsoft PowerShell Core and VMware PowerCLI on Kali Linux. Then, we move on to install, configure, and start using VMware PowerCLI.

TLDR

Launch PowerShell like this:

TERM=xterm pwsh

Motivation

I've been looking for a Linux distro on which I can run both PowerShell Core and PowerCLI. We know that Ubuntu and MacOS work fine. Honestly, I was hoping for CentOS to work, but last I checked that one was not working (I'll be testing that soon!).

Audience

You enjoy long walks on the beach and your /etc/issue looks like this:

root@kali:~# cat /etc/issue
Kali GNU/Linux Rolling \n \l

Requirements

A virtual machine or other device running Kali Linux. This can be a VMware Fusion or BootCamp install or even the Windows 10 Kali App.

However, if you want to connect to VMware ESXi Server and/or vCenter Server, then you should use a full Kali install or virtual appliance (instead of the Windows app).

If using Windows 10 Kali App, you can perform all installs and use the modules. However, you will not be able to connect to a vSphere environment since networking is disabled by default.


Build Out

When building my VM on Fusion, I chose Other > Other 64 bit and used UEFI for BIOS. I gave it 4 cores and 8GB RAM and flipped the disk to SCSI and grew it to 80GB. You can find many ways to deploy, that is just one example.

Download required bits

From here on, we assume you have Kali Linux up and running. We follow the Kali team guidance and download gnupg, apt-transport-https, and of course PowerShell Core (the perfect version for Kali).

Perform these commands from a terminal as root (the default in Kali Installed):

apt update

apt-get dist-upgrade

apt -y install curl gnupg apt-transport-https

curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -

echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/powershell.list

apt update

If you are using the Win 10 Kali App, you must use sudo for everything


Install libcurl3

This one is not hard to figure out, but currently if you try to install PowerShell Core without this, it will error and tell you it needs libcurl3. Easy enough; let's add that.

apt -y install libcurl3

Install PowerShell

Now it's time to bend space and time.

apt -y install powershell

Launch PowerShell

Always launch PowerShell like this in Kali:

TERM=xterm pwsh

See Github Issue 6132 for more. Also linked at the end of article.


Show PowerShell Version

We can use $PSVersionTable as usual to show our PowerShell version.

PS /root> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      6.1.0-preview.2
PSEdition                      Core
GitCommitId                    v6.1.0-preview.2
OS                             Linux 4.16.0-kali2-amd64 #1 SMP Debian 4.16.12-1kali1 (2018-05-28)
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Install PowerCLI

The VMware team has been hard at work making PowerCLI effortless for us; Here's the proof. One line and you are done.

Install-Module VMware.PowerCLI

Answer y as needed to start the download from the online gallery.


Show the Module

Type Get-Module -Name VMware.PowerCLI -ListAvailable to show the parent module.

Get-Module -Name VMware.PowerCLI -ListAvailable

Directory: /usr/local/share/powershell/Modules

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Manifest   10.1.1.... VMware.PowerCLI 

Note: You can also type Get-Module -Name VMware* -ListAvailable to see all available modules.


Default PowerCLI Settings

Before using PowerCLI for the first time, let's look at the defaults.

Get-PowerCLIConfiguration | fl *

Don't worry about this yet, but observe that settings exist for Session, User, and All Users. More on that soon.

Configure PowerCLI - Certificate Handling

Every VMware ESXi host and vCenter Server uses default certificates out of the box. As such, we like to set this and get it out of the way. This way if our server uses a self-generated default, we still connect error-free.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

In modern versions of vSphere, if you skip this step you will not be able to connect to VIServers (ESXi and vCenter Servers) unless you have saved certs.


Configure PowerCLI - Timeout Handling

When deploying OVAs or other long running jobs, your session may timeout. We can control that by setting the time in Seconds. When deploying across country I will sometimes set it to 8 hours; Here we'll go with 10 minutes, or 600 seconds.

Set-PowerCLIConfiguration -WebOperationTimeoutSeconds 600

Configure PowerCLI - CEIP

This is VMware's telemetry. It feeds cleansed errors and usage related to API,versions, etc. to the engineers at VMware. It provides valuable nerd diagnostics and is part of the reason I am successful installing PowerCLI on Linux now. So, I like it and use it where possible.

The default is off, but you can activate like so:

Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $true

The recommendation is to turn CEIP on ($true) for Lab and off ($false) for production.

About Scope

When configuring PowerCLI, you can choose between the following:

Session - the setting is valid for the current VMware PowerCLI session only and overrides any User and All Users settings.

User - the setting is valid for the current Windows user only, overrides All Users settings, and is applied only if a Session setting cannot be detected.

All Users - the setting is valid for all users and is applied only if Session and User settings cannot be detected.

Source: help Set-PowerCLIConfiguration -Parameter Scope

About Kali and PowerCLI Configuration

Since Kali Installed by default runs as root, we do not need to specify Scope when configuring PowerCLI. However, if you use the Windows 10 Kali App (which creates a user by default), then you may want to use Scope more.

Connect to VIServer

With PowerCLI, we can connect to an ESXi Host (i.e. root) or vCenter Server (i.e. administrator@vsphere.local).

Here we will use root on ESXi, but instead of having it prompt us for the password, we use a PSCredential saved to a variable.

## Enter the password when prompted:
$credESX = Get-Credential root

## Connect to ESXi
Connect-VIServer 172.16.21.132 -Credential $credESX

Name                           Port  User
----                           ----  ----
172.16.21.132                  443   root

## Show Version, etc.
$global:DefaultVIServer | select name,version,build

Name          Version Build
----          ------- -----
172.16.21.132 6.7.0   8169922

## Get some host info
Get-VMHost | select Name,ConnectionState,ProcessorType

Name          ConnectionState ProcessorType
----          --------------- -------------
172.16.21.132       Connected Intel(R) Xeon(R) W-2140B CPU @ 3.20GHz

Disconnect from VIServer

When you are done, clean up your session by performing Disconnect-VIServer against one or more VIServers. In our case we are only connected to one, but we will just use wildcard (*) to disconnect any sessions we may have open.

Disconnect-VIServer * -Confirm:$false -ErrorAction Ignore

Exit PowerShell

To exit PowerShell type exit. This will return you to your Linux shell.
The recommendation is to close your terminal when done with PowerShell since we are currently monkeying with the TERM setting.

More About this TERM thing

TERM is an environment variable in linux, and the Kali default looks like this:

TERM=xterm-256color

However, the setting we like for PowerShell is:

TERM=xterm

Once that environment variable is set, you can just launch PowerShell with pwsh like normal. The recommendation is to just chain them together like so:

TERM=xterm pwsh

Note: This issue will be fixed in an upcoming preview release of PowerShell Core. The fix can also be obtained from the latest master. More info in the github link below.


Bonus Section - Coder's Paradise

This is for the folks running the Kali App; Okay so you can't route upstream... but you can make a coder's paradise by installing VSCode and then enjoying your Kali Desktop.

This is best consumed through xrdp for Kali, so we show that first. For more detailed info see the official documentation from the Kali team.

## Get desktop environment
wget https://kali.sh/xfce4.sh
cat ./xfce4.sh 
sudo sh xfce4.sh 
sudo /etc/init.d/xrdp start

## Optionally, RDP to kali to finish the config
## From Start > Run on Windows 10, enter the following:
mstsc /v:127.0.01:3390

## Get Visual Studio Code (Script Editor)
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'
sudo apt-get update
sudo apt-get install code

Note: VSCode also works on the full Kali installs!

End

This concludes today's walk-through. Thanks for reading and I hope you enjoy running PowerShell/PowerCLI on Kali.

Kali Official - Installing PowerShell on Kali Linux
Github Issue - Resolved by using xterm to launch PowerShell
PowerCLI Documentation

Who to Follow

@kalilinux
@PowerShell_Team
@PowerCLI

Example - The finished product

PowerShell-PowerCLI-and-Kali-Linux

APPENDIX

The following illustrates the expected error if the TERM environment variable is not xterm (desired for PowerShell) and is instead something like xterm-256color (the Kali default).

root@kali:~# pwsh
PowerShell v6.1.0-preview.2
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

FailFast: The terminfo database is invalid.

   at System.Environment.FailFast(System.String, System.Exception)
   at System.Environment.FailFast(System.String, System.Exception)
   at Microsoft.PowerShell.UnmanagedPSEntry.Start(System.String, System.String[], Int32)
   at Microsoft.PowerShell.ManagedPSEntry.Main(System.String[])
Aborted

-end-