Build your own Pentesting labs on Amazon AWS

This guide help penetration tester build pentesting Lab on amazon AWS, in case, you don’t have direct access to targets penetration testing vulnerable lab environment. My next topic will go through analyses different exploitation techniques utilizing Metasploit, scanning, vulnerability assessment using multiple tools withing kali.

Architecture of our lab base on setting up linux VM and windows VM putting on same network or VPC.

Setting your environment

Building our environment will teach you how to install and configure aws instances, add resources to them and connect to them.

  • Create an account on Amazon AWS

Before starting the implementation, we have to create a free tiers account on Amazon AWS.

Open your browser, or follows this links to create free tier account:

  • Setting up Ec2 instances

Elastic Cloud Computing (Ec2) is a service provide by amazon for compute capacity in the cloud. It is essentially replace the need for hardware to provide web-scale computing. Thinks like ec2 is a hardware without operation system. Keep in mind, this computer is for someone else computer that you are renting and you will need to place an operating system on it.

let’s look at how elastic cloud computing instances, will be create.

We will create three different ec2 instances or images such as: kali, centos and windows. Noticed that all tree operating system will be on same networks or vpc.

Once you login to your account, you will be in the aws management console.

From the main console, you will see EC2 under the world compute by clicking on services.

After clicking on it, you will see the button labeled launch instances. Click on Launch instances to start building your first ec2 instance.

  • Attacker setup — setting up kali operation system

We will go through the very first step of setting up a virtual penetration testing machine on the cloud. Kali linux is a popular operating system use by several security professionals.

AWS provides a rapid deployment of virtual machine on amazon cloud call Amazon machine images (AMI).

  1. After choosing launch instance button, you will be on the first step for choose an amazon machine image. Put on the search bar a word kali and go to aws marketplace.

2. Second step is to choose an instance type. make sure to choose t2.micro type which use for free tiers to avoid charges from amazon aws.

3. After that, we will choose a default VPC (Virtual Private Cloud) networks or create a new VPC. The VPC act as a network that alllows secure communication between one or more amazon machine image. Notices is also allow communication between different images through VPN(Virtual Private Network). We are going to use a default vpc or default network with all three instances.

4. Next, is about storage capacity. Size of your storage will be less than 30 Gb to avoid additional charge.

5. Now, we will configure router to reach our instance or operation system. Router are going to allow or disallow remote connection to and from the host on certain port number. In this labs, we are authorize only port number 22 for ssh connection, port number 0–65535 for tcp and udp connection.

The following screenshot highlight the security group configuration

6. Create a key pair that you can use to connect to your instance.

we have now setup our first kali linux instance. with the same process, setting up windows and centos machine.

  • Setting up — centos instances
  1. Go to your ec2 instance dashboard, click on launch instances and then search for centos on aws marketplace.

2. Follows the same process describe for kali linux installation. Make sure to choose default vpc, size of storage will be less than 30Gb and create new key for centos instances.

  • Setting up — Windows machine

This session is going to discuss how to set up a windowns machine on top of amazon aws. we will use same process to set up kali and centos with few differences.

  1. Go to your amazon management console, ec2 services and select launch instances.
  2. Choose Windows server 2012 R2 base.

Make sure you select default vpc as before to conform all three host are on same network.

3. In step 6: configure security group option, make sure RDP port is open on the host. Port number 3389 is a port associated with RPD .

4. review and launch windows ec2 instance

Congratulation, we have sucessfully set up all three host.

Next, we will look at how to connect to kali and centos instances

  • Remote connection with Putty

Putty is a tools that allows user to connect to a host from various location. Putty gives an interface that allows users to interact with their house by connect through terminal. Putty is a common resource use to connect to ec2 instances.

We can use Putty or SSH to connect with linux instance we set up in this lab.

  1. Ensure that putty is install in your computer.

you can use this link for download it:

2. Start the program call putty gen. click on load and choose the private keys to your instance in to generator. the private key have an extension .pem. Once you choose the private key with .pem extension, we will generate a different key with an extension .ppk by clicking on save private key.

3. Now we can use a .ppk file for authentication. Start putty, go to connection->ssh->Auth and load .ppk file .

4. In your ec2 services dashboard, select one instance and click to connect->ssh client

copy username@public_dns, and paste it in hostname or (IP address) in your putty session.

Warning: for kali linux connection used username equal kali and for centos used centos as username.

After validation, you will be successful connect to your ec2 instances

💥 💥 congratulation, we have successfully set up our pentesting labs 😍 💛 💙




Cloud / Cybersecurity enthusiast. CehV10, RHCSA, RHCE, Comptia Sec +, ITF +, AWS Architect

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cyber Security Starts with Physical Security

{UPDATE} Dumberman - Bomberman Reloaded Hack Free Resources Generator

SQL injection for developers

Photo by Sara Bakhshi on Unsplash

How to Bypass School Firewall and Unblock Social Media Sites for Free in 2020

How RedRocket works?

Will “Identity based perimeter” provide better security posture ?

LINEAR ALGEBRA — HILL CIPHER Biweekly Updates (Jul 26 — Aug 08)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Komlan Florient dogbe

Komlan Florient dogbe

Cloud / Cybersecurity enthusiast. CehV10, RHCSA, RHCE, Comptia Sec +, ITF +, AWS Architect

More from Medium

Researching OffSec Recruitment: The Sock Account

How To Use Project Management Skills In Cyber Security?

Creating and analyzing Debian based T-POT honeypot on AWS

How To Connect Cisco Switch Using Console Cable & Putty Software