Spawning an Parrot Attack Machine on the Cloud

Aug 17, 2021

It is sometimes convenient to have a second attack machine somewhere else not connected to the same network. Your local machine at home may experience slow network connection to the internet, or we might also inadvertently blacklist our home ip address by sending too many requests to a target or account. In cases like these, it is handy to have a second attack machine that can get around these minor inconveniences. We also bump into some minor errors and other problems while setting this up that we will need to resolve and troubleshoot as we are setting up and configuring our machine.

In this post, I’m going to spin up a Debian droplet on Digital Ocean, one of the many cloud service providers offering PaaS packages. Digital Ocean allows us to essentially ‘rent’ a computer system from a selection of regions around the world. One of the key differences between Cloud Providers and their earlier ‘legacy’ Hosting Providers, is that Cloud Providers are more flexible as it is possible to ‘rent’ out their machines on a per hour or a per use basis as opposed to the traditional Hosting Providers which usually only rent out their machines on a per month basis. This has great advantages to the economics of businesses and industry where they might only have certain ‘peak’ usage times and thus are able to only pay for the time that they are using the resource. I’ve elected to use Digital Ocean as my Cloud Provider, but any similar Cloud Providers such as AWS, Azure, or Alibaba Cloud would work as well.

We’ll be installing an instance of ParrotSec, a Debian-based Linux Operating System distribution geared towards security professionals and comes with a sleuth of tools tailored towards pentesting, forensics, and other security activities. In a way, it is the slightly lesser known cousin of the widely popular Kali Linux security distribution.

Signing into my Digital Ocean dashboard, we create a new droplet.

We will then select the configuration that our spawned droplet will have.

We will spawn a Debian 10 machine with a general purpose dedicated CPU

Our machine will be located in Singapore

We will add our public ssh key for public key authentication

After creating out droplet, we are now able to ssh into the machine as root at the ip address provided by Digital ocean

We inspect the parrot documentation page for the repository locations. These are links and locations that affect what software packages are available for download and what versions, and contain details of who packages the software. In this case, we are interested in the software packaged by Parrot.

Finding the Parrot software repositories

We need to add these entries to our sources.list file so our machine knows which repositories to look at for software updates and installation.

The sources.list file on our Debian machine

Now that we have the needed Parrot entries in our sources.list file, we should perform an ‘apt update‘ to download package information from our newly added Parrot sources and see which software we need to install.

However, when I ran the ‘apt update’, I got a GPG no public key found error

GPG is a public key crytographic algorithm that is used, in this case, as a digital signature to verify that the repository we are downloading packages from really are authored and belong to the Parrot team. (See digital signatures)

Doing some Google-fu, I found a solution here and here to add the required public keys and verify the authenticity of the Parrot sources.

Now that we have added Parrot’s public GPG key, we rerun our ‘apt update’, then search for the correct Parrot package we want to install.

apt update (Note that we have 274 packages that can be upgraded. Best practise is to update these packages before installing Parrot.)

Scrolling down, we find the Parrot we are looking for.

We then enter ‘apt install parrot-meta-all -y’ to begin installation

Another stumbling block we find is during the installation, we are returning a number of 404 errors.

Eventually the installation process ends with a number of failures

If we ran a whois lookup on that offending IP address, we see that it is registered to the Singaporean branch of OVH , a French webhosting and cloud provider.

My guess of what is happening is that our Parrot entries we added to our sources.list file is being resolved to a server hosting the Parrot packages in Singapore that, as of this writting is down for whatever reason (Software packages are usually hosted on a number of servers around the world for redundancy as well as performance).

With this in mind, we go back to the Parrot documentation and look for the list of known mirrors (locations of other servers hosting the Parrot packages)

Seeing that our machine is spawned in Singapore, let’s select a mirror that is fairly close to that region of the globe. We copy and paste the entry for Taiwan’s NCHC’s Free Software Lab into our sources.list file.

Adding the Taiwanese mirror to our sources.list file

With this done, let’s do another ‘apt update’ to download package data from our newly added sources.

Updating our package information from our newly added sources

Then let’s try reinstall the parrot-meta-all package again

This time, the installation completes with no failures. We then update the distribution, and remove any unneeded packages before restarting the machine.

Give the system a few minutes to reboot, and when we ssh into it again, we see that Parrot OS is installed and we now have access to all our favourite hacker tools!

I also followed up this installation with setting up vnc using this guide so I could also have access to a GUI (I prefer to use tools like BurpSuite and Wireshark via their GUI and it’s always nice to have the option to get access to a GUI Desktop).

The Beginnings of a personal website