There have been many cases where I needed a to use a Windows machine on internal tests but only had access to a Linux VM internally. Most of the time, I need a Windows VM the most when doing Active Directory testing and running into tooling issue on Linux. One option is to turn the Linux machine into a WireGuard VPN server and connect via a Windows VM. Once you have the connection, you can use the windows runas command to launch a PowerShell session as an authenticated domain user in the client environment.
Setup WireGuard VPN on Internal Network (Kali Linux)
Install WireGuard
sudo apt install wireguard resolvconf
Generate Keys
wg genkey | tee server-privatekey | wg pubkey > server-publickey
wg genkey | tee client-privatekey | wg pubkey > client-publickey
sudo wg-quick up wg0
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
The above assumes you are using eth0 as your primary network adaptor in the client environment.
Note that the above setup will not be persistent across reboots! In order to restart the VPN service, run sudo wg-quick up wg0 after a reboot. This is by design since I don’t want random VPNs active client devices. Make sure to reboot the Linux client device or shutdown the VPN once the test is complete.
