Results 1 to 13 of 13

Thread: X Windows on Kali EC2 AMI

  1. #1
    Join Date
    2014-Feb
    Posts
    11

    X Windows on Kali EC2 AMI

    Created an instance using the Kali image from the Amazon EC2 marketplace and updated it with various Kali tools from apt repository. The problem is getting X up and running (i'd like to connect via vnc over ssh and have a desktop so that I can use gui tools like burp). I tried to install the xorg package and xfce as the window manager but every time I run startx, I get the error message "fatal error: no screens found". I've installed X and gnome on other Ubuntu based AMIs and it works fine. Anyone know what the fix is to get X running on the Kali AMI?

  2. #2
    Join Date
    2014-Feb
    Posts
    11
    Fixed my own problem. Rather than attempting to start the xserver (as done on ubuntu ami) I just started the vnc server (tightvncserver) and connected to it over ssh. One thing to note was that after installing the kali-linux-full metapackage on the AMI, I still had to install xorg and xfce4. Then modify the .vnc/xstartup file (remove /etc/X11/Xsession and replace with /usr/bin/xfce4-session). Works perfectly now.

  3. #3
    Join Date
    2014-Jul
    Posts
    30
    Quote Originally Posted by dio1911 View Post
    Fixed my own problem. Rather than attempting to start the xserver (as done on ubuntu ami) I just started the vnc server (tightvncserver) and connected to it over ssh. One thing to note was that after installing the kali-linux-full metapackage on the AMI, I still had to install xorg and xfce4. Then modify the .vnc/xstartup file (remove /etc/X11/Xsession and replace with /usr/bin/xfce4-session). Works perfectly now.
    Am I right in saying that you ssh into the vncserver using your client machine's CLI?

    If so, could you let us know the command?

    Thanks.

  4. #4
    Join Date
    2014-Feb
    Posts
    11
    start vncserver using command:

    Code:
    vncserver :1
    Then connect to the server using vnc client over port 5901 or whatever port you have chosen to run vnc on. Note: you will need to ensure the AWS instance is configured to allow inbound connections on that port. Use the AWS Console (under Security Groups) to set it up. Keep in mind that direct connections to the server using VNC is not secure! Highly recommend running vnc over ssh to tunnel the VNC traffic. This can be accomplished by establishing an ssh session to the server using an ssh client (putty, nomachine, etc.) and configuring port forwarding on the ssh client to tunnel the VNC traffic over ssh.

    Hope this helps...

  5. #5
    Join Date
    2014-Jul
    Posts
    30
    dio1911 your response is very much appreciated. Unfortunately I'm new to all this so I'm experiencing a lot of teething trouble, for instance when I tried to start vncserver I get this:

    root@(none):~# vncserver :1
    sh: 1: Syntax error: "(" unexpected
    sh: 1: Syntax error: "(" unexpected
    sh: 1: Syntax error: "(" unexpected
    sh: 1: Syntax error: "(" unexpected
    Couldn't start Xtightvnc; trying default font path.
    Please set correct fontPath in the vncserver script.
    sh: 1: Syntax error: "(" unexpected
    sh: 1: Syntax error: "(" unexpected
    Couldn't start Xtightvnc process.
    Note that even my hostname has now disappeared. Not sure how to fix any of this.

    . . . and all I'm trying to do is setup Kali with a GUI!
    Last edited by factgasm; 2014-07-22 at 11:19. Reason: Typos

  6. #6
    Join Date
    2014-Feb
    Posts
    11
    I'm not sure what desktop configuration you are using (xfce, kde, gnome, etc.). You probably need to review the .vnc/xstartup file and ensure you have the correct configuration for the respective desktop you are using (or try removing and re-installing tightvncserver).

    The missing hostname problem is another issue altogether. Not sure what you may have going on there but you may want to consider deleting that EC2 instance and start over with a new one. Ensure the 1st thing you do after bringing up the instance is to install the kali metapackage:

    Code:
    apt-get update
    apt-get install kali-linux-full
    Then install X and your desktop (below would be for xfce):

    Code:
    apt-get install xorg xfce4 xfce4-places-plugin xfce4-goodies
    Check to see if tightvncserver is installed:

    Code:
    dpkg --get-selections |grep tightvncserver
    If package is missing:

    Code:
    apt-get install tightvncserver
    Start vncserver (it will ask you to set the password):

    Code:
    vncserver :1
    Stop vncserver

    Code:
    vncserver -kill :1
    Edit .vnc/xstartup based on your X desktop (below is for xfce):

    Code:
    #!/bin/sh
    
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    #x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    #x-window-manager &
    # Fix to make GNOME work
    export XKL_XMODMAP_DISABLE=1
    #/etc/X11/Xsession
    /usr/bin/xfce4-session
    Hope this helps...

  7. #7
    Join Date
    2014-Jul
    Posts
    30
    @dio1911

    Thanks very much indeed for your response, much appreciated. Unfortunately despite following your suggestions to a T, its still a no go.

    Can I ask how you shell into your AMI - this maybe where I have been going wrong:

    I use the following code to shell into my AMI

    ssh -i MyKeyPair.pem kali@ec2-xx-xx-xx-xx.ap-southeast-1.compute.amazonaws.com
    then type startx.

    I suspect that's not the right way go about it. What is it that you do to start your AMI Kali desktop?

    Is there something that I need to install on my local machine?

    I have been looking at this from 2012 relating to remote Ubuntu GUIs on EC2 which implies I need a client needs be installed on my local machine. What would that be?
    Last edited by factgasm; 2014-07-23 at 00:51. Reason: Additional question

  8. #8
    Join Date
    2014-Feb
    Posts
    11
    Do not start the Xserver (startx). Just run vncserver (that will start Xvnc which acts as the Xserver and provides a virtual display) using the example I provided. Then connect to it using vncviewer. You may want to try it without the ssh encryption to ensure you have it working 1st then add the ssh tunnel. Let me know how it works out...

  9. #9
    Join Date
    2014-Jul
    Posts
    30
    OK installed vncclient on my laptop.

    When I type vncclient at the CLI, I get a tiny window pop-up prompting me for a VNCServer, like the one shown here.

    I assumed it was prompting me for my AMI's public DNS or public IP address followed by a colon and port number.

    I have tried various educated guesses as to what these might be but without success. There seems to be very scant information on the net about this.
    Last edited by factgasm; 2014-07-23 at 12:13.

  10. #10
    Join Date
    2014-Feb
    Posts
    11
    This is correct. You ssh into the EC2 instance as you described and start the vncserver:

    Code:
    vncserver :1
    Just in case, make sure the service is running and verify the port (should be 5901 but grep for 590 in case it is 590x):

    Code:
    netstat -an |grep 590
    You should get the following results:
    tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN

    Now you know the vncserver is running. Connect to the server using your vnc client over port 5901 (ensure the instance is configured to allow inbound connections on port 5901). You may also have a local firewall that you need to setup to allow 5901 out. This will be the case, especially if you are behind an ISP (Verizon, Comcast, etc.). You need to configure your SOHO router or similar device to allow 5901. Either that or you can change the port of the vncserver to something standard (port 80) just for testing. Otherwise you will be forced to tunnel over ssh, which should be the long term goal anyway. Send private message for additional details.

  11. #11
    Join Date
    2014-Jul
    Posts
    30
    dio1911

    Success!

    I cannot thank you enough for the help you have given me. Genuinely appreciated.
    Last edited by factgasm; 2014-07-26 at 02:54.

  12. #12
    Join Date
    2013-Mar
    Posts
    31
    Quote Originally Posted by dio1911 View Post
    I'm not sure what desktop configuration you are using (xfce, kde, gnome, etc.). You probably need to review the .vnc/xstartup file and ensure you have the correct configuration for the respective desktop you are using (or try removing and re-installing tightvncserver).

    The missing hostname problem is another issue altogether. Not sure what you may have going on there but you may want to consider deleting that EC2 instance and start over with a new one. Ensure the 1st thing you do after bringing up the instance is to install the kali metapackage:

    Code:
    apt-get update
    apt-get install kali-linux-full
    Then install X and your desktop (below would be for xfce):

    Code:
    apt-get install xorg xfce4 xfce4-places-plugin xfce4-goodies
    Check to see if tightvncserver is installed:

    Code:
    dpkg --get-selections |grep tightvncserver
    If package is missing:

    Code:
    apt-get install tightvncserver
    Start vncserver (it will ask you to set the password):

    Code:
    vncserver :1
    Stop vncserver

    Code:
    vncserver -kill :1
    Edit .vnc/xstartup based on your X desktop (below is for xfce):

    Code:
    #!/bin/sh
    
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    #x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    #x-window-manager &
    # Fix to make GNOME work
    export XKL_XMODMAP_DISABLE=1
    #/etc/X11/Xsession
    /usr/bin/xfce4-session
    Hope this helps...

    Thank you. It worked like a charm.

  13. #13
    Join Date
    2014-Jul
    Posts
    30
    Note to noobies like me reading this:

    In essence, to view your AWS EC2 machine's desktop on your local machine you will need two things:

    (1) VNCserver running on your AWS EC2 machine (dio's earlier post covers setting that up)
    (2) VNCviewer running on your local machine.

    To achieve this, we need to install and configure the appropriate software on both the local machine and the AWS EC2 machine so hat they can connect.

    dio's earlier post explains setting up the VNCserver very well, however do note that if you are happy using Kali's default (Gnome) desktop then the following stage is entirely optional, so miss it out if you want to:

    #!/bin/sh

    xrdb $HOME/.Xresources
    xsetroot -solid grey
    #x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    #x-window-manager &
    # Fix to make GNOME work
    export XKL_XMODMAP_DISABLE=1
    #/etc/X11/Xsession
    /usr/bin/xfce4-session


    OK, so how about setting up the VNCViewer set up on your local machine?

    Firstly you will need to go to http://www.tightvnc.com/download.php and download the TightVNC Java Viewer JAR in a ZIP archive. At the time of writing it was version number 2.7.2.

    In order to run TightVNC Java Viewer on our local machine, we will need to have Java SE version 1.6 or later installed first. So the question is: Do we have an appropriate version of Java already installed? You can easily get the answer by typing

    java -version [ENTER].

    If you need to upgrade to a more upto date version of Java, then this post will tell you everything you need to do: https://forums.kali.org/showthread.p...-on-Kali-Linux.

    Ok, so assuming your local machine has an appropriate version of Java installed, we can now proceed to installing vncviewer. The TightVNC Java Viewer file that we downloaded is a zip file, so first thing to do is unzip it. Kali has an unzip function built in, so there's no need to fret about going to Winzip and purchasing a subscription. To unzip the TightVNC Java Viewer file, open a terminal and type

    unzip [filename] [ENTER]

    At this point I am going to assume that you have already followed dio's instructions and started vncserver on your AWS EC2 machine. If so, then on your local machine, open a terminal and type vncviewer followed by the DNS for you AWS EC2 machine. For example:

    vncviewer ec2-54-170-227-9.ap-southeast-1.compute.amazonaws.com::5901 [ENTER]

    Hopefully you will now see you AWS EC2 machine's desktop open on you local machine's desktop. However, if you get a timeout error, it's either down to the settings in your AWS EC2 Security Groups or down to the firewall settings on your local machine:

    (1) Changing your AWS EC2 Security Groups - make sure you know what you're doing.

    (2) On your local machine you can install a firewall manager 'gufw' by opening a terminal and type

    apt-get install gufw [ENTER]

    For help on configuring gufw please refer to *REMOVED*.

    Provided the Security Group settings on your AWS EC2 machine have now been set correctly and the gufw firewall settings on your local machine have also now been set correctly you should now be able to connect to your AWS EC2 machine's desktop by typing the vncviewer command on your local machine's terminal.



    Edit:
    Youtube Rule
    Last edited by g0tmi1k; 2015-02-06 at 08:47. Reason: Youtube RUle

Similar Threads

  1. Replies: 1
    Last Post: 2016-01-08, 19:27
  2. Replies: 0
    Last Post: 2015-08-21, 06:28

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •