Guacamole's default configuration directory is /etc/guacamole. It requires a file called guacamole.properties to be properly created to function. There are some other directories that we might want to place within the configuration directory, but they won't be needed for the current setup.
- The Guacamole properties file should contain information about the address of the guacamole proxy:
# Hostname and port of guacamole proxy guacd-hostname: localhost guacd-port: 4822
- In addition to this, we also need another file called user-mapping.xml in the same directory, containing a list of usernames and passwords that Guacamole will authenticate with:
<user-mapping> <authorize username="USERNAME" password="PASSWORD">
<connection name="RDP Connection"> <protocol>rdp</protocol> <param name="hostname">localhost</param> <param name="port">3389</param>
</connection>
<connection name="SSH Connection"> <protocol>ssh</protocol> <param name="hostname">localhost</param> <param name="port">22</param>
</connection> </authorize>
</user-mapping>
- Once completed, it is time to deploy the war file that we downloaded earlier. We need to move it into the tomcat8/webapps folder so that it gets auto-deployed:
mv guacamole-0.9.14.war /var/lib/tomcat8/webapps/guacamole.war
- Now, we just have to restart both the guacd and tomcat8 services to get Apache Guacamole up and running! To do that, use the following command:
sudo service guacd restart
sudo service tomcat8 restart
- There's one last configuration step that is required—copying the authentication information into the Guacamole client directory. This is done by executing the following code:
mkdir /usr/share/tomcat8/.guacamole
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat8/.guacamole
- Now, if we point our browser to ipaddr:55555/guacamole, we will be able to access Guacamole! We are greeted with the following screen:
- We have to log in with the same credentials that we set up in the user-mapping.xml file.
- Once we have successfully logged in, it's a simple matter of selecting the technique through which we want to access the server:
Congratulations, you have successfully set up your Kali PentestBox on the cloud and can access it remotely from anywhere using your browser!