Penetration testing

Penetration Testing from Amazon Cloud

Warlock
January 30, 2017 by
Warlock

In this article, we are going to see how we will deploy a Windows and Linux system on an Amazon cloud server for penetration testing purposes. What is the difference if we perform penetration test from cloud server or our own system? Here are few benefits of a cloud server:

  • When we are running port scanning against hundreds of IP addresses, it takes a long time to complete. If we are running nmap from a cloud server, we do not have to keep our system running 24x7.
  • Internet stability keeps the scan running smoothly.
  • We get static IPs for the cloud server, which makes our work easier regarding notifying the client that we will be running scans from this IP so need to blacklist the IP.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

So Amazon provides a free one-year license for a microserver which has a minimum configuration with 30 GB of hard disk and 1 GB of RAM. After use, if you like the service you can upgrade it to a better configuration with a paid service.

Deploying Windows Server: First, we need to register with Amazon. During registration, it will ask for your credit/debit card details for identity verification, and it will charge only Rs.2 later which will be refunded to your account.

Once we register, select EC2 from the AWS service homepage.

After that, select Launch Instance from Create Instance section:

In next step, it will ask you to select your Operating System. You can select any machine.

In this case, we are selecting Windows Server 2008 32-bit version

In this instance, type selection. Make sure that free tier eligible system is selected and then click next.

In the configure instance section, do not make any changes and select next add storage.

We can add up to 30 GB of hard disk space in the free tier system.

After adding hard disk space click on next tag and add any name you want.

Then click on next for configuring security group. As can be seen below, RDP is open on port 3389 from which we will remotely login into our server, in source section, we have given source IP is anywhere because we do not have static IP if we would have static IP for our internet, then we can define the IP over there.

After configuring the security group, select next, and it will show the instance details. If everything looks fine, then we can launch our system by selecting Launch button.

It will ask to create a private key file which will help to login into the server, give a key name as Windows and download the key from this key we will get the Windows account credentials.

Next, it will show the launch status we can view the status by clicking View Instances button.


As can be seen, our system is up and running, and all system details can be seen in below section.

It is time to connect into our windows system so select Connect, and it will show you the details to connect from where we can download the RDP shortcut file and click on get password for getting the system password.

Now browse the private key pem file and select Decrypt Password.

The username and password can be view in plain text.

Now login from RDP file.

Moreover, we are done now we can install our PT tools on this system.

Deploying Linux Server: We will be deploying Debian based server, and we will convert it to Kali system. The process will be the same only on operating system selection time we have just select Debian OS.

In the security group configure section, make sure that SSH on port 22 is added to the policy. After launching the system, it will show the connection guide how to connect with the Linux system. In this case, if we are using Linux host for accessing our cloud Linux then it is very simple, and the example is given in instruction.

If we are using a Windows-based host, then we have to first use puttygen tool for converting the pem file to ppk file because putty does not accept pem file for login connection. Open puttygen and click load then browse for the pem file,

Keep everything default on puttygen and select Save private key option and it will ask to save the ppk file.

Now open putty adds Linux system's public DNS with as admin user on port 22.

Then go to Connection > SSH > Auth and browsed the saved ppk file and then click open.

We are logged in into the system as admin user which don't have root permission, so type in sudo -i and it will give root user access.

Now for adding all tools of Kali Linux we have to add the kali repo in the etc/apt/sources.list file

After adding the repo run the following commands to get the list of Kali Linux metapackages:

apt-get update && apt-cache search kali-linux

apt-get install kali-linux-full

It will take some time to download and install all the packages when it is done our system is ready to go.

References: http://www.primalsecurity.net/pentesting-in-the-cloud/

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Warlock
Warlock

Warlock works as a Information Security Professional. He has quite a few global certifications to his name such as CEH, CHFI, OSCP and ISO 27001 Lead Implementer. He has experience in penetration testing, social engineering, password cracking and malware obfuscation. He is also involved with various organizations to help them in strengthening the security of their applications and infrastructure.