Kali Rolling and PowerShell Core

This is a post primarily so I don't forget what I did to make these two play nice together. Specifically, the current version of Microsoft PowerShell Core (i.e., 6.0.1-1 at time of writing) had dependency issues that prevented it from installing on Kali Rolling. Persistence pays off and these are the steps to get it working. Note that my current version of Kali is 2018.1.

1. Download the latest PowerShell Core

Visit https://github.com/PowerShell/PowerShell and grab the latest version. Try and install it first, as updates may have resolved the issue. Installation is simple, just type the following to install:

# dpkg -i powershell_6.0.1-1.ubuntu.16.04_amd64.deb

If this worked then congrats you win and move on to investigating cool things like Daniel Bohannon's Invoke-CradleCrafter project ;)

2. Otherwise, you get these errors...Oh Nooos

You may have gotten these errors, which scream of unmet dependencies.

Note that liblttng-ust0 is a current package within Kali's source repos, so you can install by typing:

# apt-get install liblttng-ust0

But the problems lies with libicu55, which is not found in the Kali repos. Rather, version libicu57 is the current binary available. I thought, no problem, I will just download and install libicu55 from a deb package. WARNING: DO NOT DO THAT. YOU WILL SEG FAULT. Instead...

3. Hex Edit the Deb build and repackage

The problem with the install is that the Debian control file contains references to both outdated versions of OpenSSL (may as well use the latest) and libicu55. Let's fix that.

Unpack the Debian package and edit

Firs,t create a powershell_tmp directory

# mkdir powershell_tmp

Next, move powershell_6.0.1-1.ubuntu.16.04_amd64.deb into the directory

# mv powershell_6.0.1-1.ubuntu.16.04_amd64.deb powershell_tmp/

Then, extract the archive contents so we can manipulate it

# ar x powershell_6.0.1-1.ubuntu.16.04_amd64.deb

Lastly, we unpack the control.tar.gz archive

# tar xzpf control.tar.gz

At this point your directory should have something similar to this:

# ls
control  control.tar.gz  data.tar.gz  debian-binary  md5sums  postinst  postrm

We need to modify the contents of the control, as I previously mentioned. Crack open your hex editor of choice. I typically use Bless, but whatever is clever. Examine the file and note the highlighted selection within the text column, right side:


Now make it look like this:

Save the file. It is time to repackage back into a usable Deb.

Repack the deb and install PowerShell Core

# tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control
# ar rcs powershell.deb debian-binary control.tar.gz data.tar.gz

If all went well you know have a file called powershell.deb. Install it just as you would any other deb package:

# dpkg -i powershell.deb

With it installed, we can test it out:

# pwsh
PS /root/Desktop/Tools/OpSec/Invoke-CradleCrafter> Invoke
Invoke-CradleCrafter.ps1   Invoke-History
Invoke-CradleCrafter.psd1  Invoke-Item
Invoke-Command             Invoke-OutCradle
Invoke-CradleCrafter       Invoke-RestMethod
Invoke-Expression          Invoke-WebRequest

Conclusion

This one was a brief trivial post but something that I fought with for a minute. As such, I figured I would share as I would imagine others may have or will run into this problem. Enjoy and always forward.