Skip to main content

Penetration Testing from the Cloud

In this article we will be looking at an alternative for installing Kali Linux on a dedicated machine or a local Virtual Machine: Kali Linux in the Cloud. Cloud based computing has become increasingly popular over the last years, also in the field of penetration testing. Instead of installing Kali Linux on local resources, it can be deployed on a VPS almost instantly and saves the time and trouble from installation. The Kali Linux desktop in the cloud can be accessed remotely over remote desktop software such as VNC, web based interfaces or No Machine. You can choose to buy a VPS and install your favourite penetration testing distribution or you can buy a pre-installed, fully configured and optimized Kali Linux VPS from a dedicated hosting provider. In this article we will be testing and comparing different options starting with a hosting provider offering the pre-configured VPS machines.

OneHost Cloud & Security

At the time of writing there’s only a handful of companies that provide Kali Linux VPS services and one of them is OneHost Cloud & Security. OneHost offers VPS’s deployed with popular penetration testing distributions such as Kali Linux, Parrot OS and BackBox. For this article we have had the chance to test a VPS that is running Kali Linux 2016.

Kali Linux VPS

After ordering a Kali Linux VPS from OneHost the system is provisioned in less than 120 seconds and you will have access to a fully functional pentesting vps with all the tools that you’ll ever need. A complete list of tools that are included with Kali Linux can be found here. After deployment the server can be managed from the administration panel in the client area on the website. The administration panel includes functionality to control the VM, create and restore machine back-up’s and to rebuild the machine. There’s also an option to access the desktop using the console tool that uses a VNC connection. This option can be useful in some cases but for heavy interaction with the Kali Linux desktop we definitely recommend to use No Machine Remote Desktop client instead.
Penetration Testing from the Cloud 1

Accessing your Kali Linux VPS

There are a few ways to access the Kali Linux VPS, both via the command line using SSH and with remote desktop software. As we already mentioned you can access the desktop from the console tool in the client area, but for daily use it is recommended to use No Machine for better performance. No Machine is a Remote Desktop application that supports full screen desktop access and offers fast and secure remote desktop support. The No Machine software is a propriety application and comes pre-installed with every Kali Linux VPS offered by OneHost. Personally I think that this piece of software is a great benefit and adds true value to the services offered by Onehost if you plan to use the Kali Linux graphical user interface.
No Machine
No Machine connections.
Benefits to using NoMachine with your Kali Linux VPS:
  • Full Screen Remote Desktop
  • Provides a console with access to local PC hardware
  • Share Files between local and remote
  • Highly compressed bandwidth for performance increases
  • Access via any device even Smart phones
  • Multiple Authentication methods
When you prefer to use the command line instead of a GUI you can also access your VPS over SSH.

Support

An additional advantage of OneHost is that they provide comprehensive customer support over live chat, support tickets, phone and additional resources such as a knowledge base and a support forum. If you have dealt with multiple hosting providers before you probably found out that a hosting provider is as good as its customer support. Personally I always recommend to consider customer support as one of the main selection criteria when you are looking for a new hosting provider. Nothing is more annoying than issues with a VPS that require customer support and having to wait for hours (or even days) for a reply on your support ticket. OneHost offers 24/7 customer support and has a very fast response time, usually a couple minutes.
If you are curious about what OneHost customers have to say, you can find user reviews on Host Advice:
OneHost Cloud & Security: Support response times vary from 3 minutes to 12 mins as looking at the report for last month the longest response time was 12 mins which is better than most of the big providers.

Pricing

Prices for a Kali Linux VPS start from $14,99 per month for unlimited bandwidth, 50 GB SSD storage, 1GB RAM and 1 vCPU. The ultimate machine is priced at $69,99 per month and contains 100GB SSD storage, 4 GB RAM and 4 virtual CPU’s.
Virtual Hacking Labs - Penetration testing lab

Conclusion

Personally I think that the following adds value to the Kali Linux VPS services offered by OneHost:
  • The NoMachine remote desktop software. It’s fast, easy to use and the client supports all commonly used platforms.
  • The 24/7 Unlimited Support included with every VPS.
  • 120 seconds deployment allows you to access your VPS within minutes from ordering.
  • Great value for money! The $14,99 per month for the starter machine is not expensive considering the No Machine software and regular VPS pricing for memory, vCPU’s and SSD storage.
Soon we will start testing cloud based Kali Linux VPS’s from popular cloud providers such as Microsoft Azure and the Amazon AWS marketplace.

Comments

Post a Comment

Popular posts from this blog

Top 20 Tools for hacking 2018

What are Hacking Tools? Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution. In this list we highlight the top 20 tools for Ethical Hacking of web applications, servers and networks 1)  Netsparker Netsparker  is an easy to use web application security scanner that can automatically find SQL Injection, XSS and other vulnerabilities in your web applications and web services. It is available as on-premises and SAAS solution. Features Dead accurate vulnerability detection with the unique Proof-Based Scanning Technology. Minimal configuration required. Scanner automatically detects URL rewrite rules, custom 404 error pages. REST API for seamless integration with the SDLC, bug tracking systems etc. Fully scalable solution.
Post a Comment
Read more

Wifi Post Exploitation on Remote PC

Hello readers! Today you will be learning about different ways to get basic service sets information of remote user’s Wi-Fi as well as current network connection information, and how to extract saved Wireless LAN profiles of remote pc after that you will be disconnecting target user’s Wi-Fi too. First Hack the Victim PC Using Metasploit ( tutorial how to hack remote pc ) after that get admin access through Bypassuac ( click here ), once you have victim’s meterpreter session run given below post exploit  one-by-one.  Get BSS information of a remote user’s Wi-Fi connection This module gathers information about the wireless Basic Service Sets available to the victim machine. e.g. this will give you SSID and other important  information regarding wireless connection. msf > use post/windows/wlan/wlan_bss_list msf post( wlan_bss_list ) > set session 5 msf post( wlan_bss_list ) > exploit From given below image you can observe that here it has found “5 networks” suc
Post a Comment
Read more

EMBEDDED BACKDOOR WITH IMAGE USING FAKE IMAGE EXPLOITER

In this article we are introducing a newly launched hacking tool “ Fake Image Exploiter ”. It is design so that it becomes easier for attackers to perform phishing or social engineering attacks by generating a fake image with hidden malicious .bat/.exe file inside it. Let’s start! Open the terminal inside your kali Linux and type following command to download it from github. Git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git Once it gets downloaded then opens the folder and selects the file “ settings ” for configuration before running the program as shown the given screenshot. Now made some changes inside setting file as shown the screenshot: Here you have to declare the type of payload extension you will use to hide it inside the image. You can set any exetension among these four : ps1, bat, txt, exe.  I had set  PAYLOAD_EXETNSION=bat  similarly set  BYPASS_RH=NO   and scroll down for next configration. In same way set these two values also as show
Post a Comment
Read more