Build your own Pentesting labs on Amazon AWS
This guide help penetration tester build pentesting Lab on amazon AWS, in case, you don’t have direct access to targets penetration testing vulnerable lab environment. My next topic will go through analyses different exploitation techniques utilizing Metasploit, scanning, vulnerability assessment using multiple tools withing kali.
Architecture of our lab base on setting up linux VM and windows VM putting on same network or VPC.
Setting your environment
Building our environment will teach you how to install and configure aws instances, add resources to them and connect to them.
- Create an account on Amazon AWS
Before starting the implementation, we have to create a free tiers account on Amazon AWS.
Open your browser, or follows this links to create free tier account:
Create and activate an AWS account
I'm getting started with AWS. How do I create and activate a new AWS account? Open the Amazon Web Services home page…
- Setting up Ec2 instances
Elastic Cloud Computing (Ec2) is a service provide by amazon for compute capacity in the cloud. It is essentially replace the need for hardware to provide web-scale computing. Thinks like ec2 is a hardware without operation system. Keep in mind, this computer is for someone else computer that you are renting and you will need to place an operating system on it.
let’s look at how elastic cloud computing instances, will be create.
We will create three different ec2 instances or images such as: kali, centos and windows. Noticed that all tree operating system will be on same networks or vpc.
Once you login to your account, you will be in the aws management console.
From the main console, you will see EC2 under the world compute by clicking on services.
After clicking on it, you will see the button labeled launch instances. Click on Launch instances to start building your first ec2 instance.
- Attacker setup — setting up kali operation system
We will go through the very first step of setting up a virtual penetration testing machine on the cloud. Kali linux is a popular operating system use by several security professionals.
AWS provides a rapid deployment of virtual machine on amazon cloud call Amazon machine images (AMI).
- After choosing launch instance button, you will be on the first step for choose an amazon machine image. Put on the search bar a word kali and go to aws marketplace.
2. Second step is to choose an instance type. make sure to choose t2.micro type which use for free tiers to avoid charges from amazon aws.
3. After that, we will choose a default VPC (Virtual Private Cloud) networks or create a new VPC. The VPC act as a network that alllows secure communication between one or more amazon machine image. Notices is also allow communication between different images through VPN(Virtual Private Network). We are going to use a default vpc or default network with all three instances.
4. Next, is about storage capacity. Size of your storage will be less than 30 Gb to avoid additional charge.
5. Now, we will configure router to reach our instance or operation system. Router are going to allow or disallow remote connection to and from the host on certain port number. In this labs, we are authorize only port number 22 for ssh connection, port number 0–65535 for tcp and udp connection.
The following screenshot highlight the security group configuration
6. Create a key pair that you can use to connect to your instance.
we have now setup our first kali linux instance. with the same process, setting up windows and centos machine.
- Setting up — centos instances
- Go to your ec2 instance dashboard, click on launch instances and then search for centos on aws marketplace.
2. Follows the same process describe for kali linux installation. Make sure to choose default vpc, size of storage will be less than 30Gb and create new key for centos instances.
- Setting up — Windows machine
This session is going to discuss how to set up a windowns machine on top of amazon aws. we will use same process to set up kali and centos with few differences.
- Go to your amazon management console, ec2 services and select launch instances.
- Choose Windows server 2012 R2 base.
Make sure you select default vpc as before to conform all three host are on same network.
3. In step 6: configure security group option, make sure RDP port is open on the host. Port number 3389 is a port associated with RPD .
4. review and launch windows ec2 instance
Congratulation, we have sucessfully set up all three host.
Next, we will look at how to connect to kali and centos instances
- Remote connection with Putty
Putty is a tools that allows user to connect to a host from various location. Putty gives an interface that allows users to interact with their house by connect through terminal. Putty is a common resource use to connect to ec2 instances.
We can use Putty or SSH to connect with linux instance we set up in this lab.
- Ensure that putty is install in your computer.
you can use this link for download it:
2. Start the program call putty gen. click on load and choose the private keys to your instance in to generator. the private key have an extension .pem. Once you choose the private key with .pem extension, we will generate a different key with an extension .ppk by clicking on save private key.
3. Now we can use a .ppk file for authentication. Start putty, go to connection->ssh->Auth and load .ppk file .
4. In your ec2 services dashboard, select one instance and click to connect->ssh client
copy username@public_dns, and paste it in hostname or (IP address) in your putty session.
Warning: for kali linux connection used username equal kali and for centos used centos as username.
After validation, you will be successful connect to your ec2 instances
💥 💥 congratulation, we have successfully set up our pentesting labs 😍 💛 💙