Isn't it going to be nice if you can reach your
pen-testing lab from all over the world? As we all know, this is a digital age
that makes life easier than our expectations, thus anyone can access their
information/data from the cloud. Similarly, a Pentester can design its pen-testing
environment for vulnerable machine on cloud that can be accessible from
anywhere. AWS is probably the most popular cloud service available in todays
date, with most companies taking a cloud or hybrid approach towards their
infrastructure.
This article is about setting up a vulnerable lab for
web penetration in Amazon Web Services (AWS) to perform pen-testing on.
Table of
Content
Prerequisite
Setup & Configuration of AWS Instance
Deployment & Connectivity
Install Dependencies
·
Apache
·
MySql - server
·
PHP
·
Configuring MySql
·
Phpmyadmin
Lab Setup
·
DVWA
·
Sql Injection - Dhakkan
·
OWASP Mutillidae II
Prerequisite
To setup your own pen-testing environment, you must have
AWS account or if not then create an AWS account and login your account.
Setup &
Configuration of AWS Instance
Let’s walk through the process of setting up the lab, we
will be making an EC2 instance with Ubuntu Server 18.04 LTS on it. An EC2
instance is refer as virtual server in Amazon’s Elastic Compute Cloud (EC2) for
running applications on the AWS infrastructure. The good thing is that this
will not cost you anything to build as AWS has options to setup instances
within a certain computing level that are not charged for.
1.
Open the EC2 console in AWS.
2.
Navigate to “Launch Instance” and click on
“Launch Instance”.
3.
Choose the Amazon machine image (AMI),
this is basically similar to finding the iso file of the OS that you want on
your instance. AWS has you covered with most of the popular OS’s available in
its inventory.
4.
Here we looked for ubuntu.
5.
Now that we see the OS that we want running on
our instance, we need to choose the “64-bit (x86)”.
6.
We now need choose our instance type, to
basically define the amount of hardware this instance will have, we choose the
“t2.micro”. This gives us I virtual CPU and 1 GB of RAM.
For most general-purpose workloads, T2 Unlimited instances
will provide ample performance without any additional charges.
Features:
·
High frequency Intel Xeon processors
·
Burstable CPU, governed by CPU Credits, and
consistent baseline performance
·
Lowest-cost general purpose instance type, and
Free Tier eligible*
·
Balance of compute, memory, and network
resources
Read more from here
7.
Once we click on “Review and Launch”, the rest
of the options are left as they are, and we click on “launch”.
8.
Now let’s launch the instance which will create
a key pair to your instance and complete the launch process.
This is a very important step, this is what makes it
possible for you to connect to your instance over SSH, the key pair.
9.
Choose “Create a new key pair”, give it a name,
them download and save the .pem file somewhere where you can keep it
safely.
AWS gives you the launch status, tells you the about the
launch process and shows you that your instance is now launching.
10.
Now click on “View Instances” to see what’s
happing with our Ubuntu server. Note that it takes a few minutes for the server
to be fully deployed, so be patient. Now we see under “Status check” that we
have our 2/2 checks, this essentially means that our instance is fully deployed
and ready for us to connect to.
Deployment & Connectivity
This is the good part, where we get to deploy and connect to
our instance in AWS.
1.
We choose our instance and click on “Connect”,
this takes us to a page with options that defines how we want to connect to out
instance, and we choose to connect using a standalone SSH client.
2.
Enter the name for your Instance ID, so that you
can easily identify the instance ID from its name.
AWS is very helpful in giving us the particulars for our
connection, like the commands to use.
There are many applications you can choose from to connect
to the instance, we are connecting to it from Kali Linux.
3.
We first make sure that the .pem file
that we saved has the right permissions assigned to it, in this case it needs
to be only ‘read’. Once that is done, we put in the SSH particulars provided by
AWS.
Syntax: ssh -I “key.pem” AMIuser@instance-Public-DNS
4.
The .pem file is defined so that the SSH
operation knows where the keys are located and that’s it, we are in!!. We
connect and get to root.
Install Dependencies required for Pentest-lab
Ubuntu is up and running now, lets start it for our pentest
purposes, in order to do that we need to have the basic dependencies installed
so that we can access web application like DVWA, etc.
Apache
First, we will install the Apache. Apache is the most
commonly used Web server on Linux Systems. Web servers are used to serve web
pages requested by the client computers.
1.
So, let’s first install Apache in the ubuntu by
the following command.
apt install apache2
We have successfully installed apache2, by default apache
runs on port 80
For Apache to function properly we need to open port 80, so
let’s get to it. We need to edit the security group in order for the Apache
service to work. Ports are closed by default in AWS, so we can define what we
want open.
2.
Go to your instance and launch the security
groups wizard-1.
3.
Edit the inbound rules and add HTTP, using TCP
protocol over port 80.
4.
The rule has been added, now click on save.
5.
Now to validate that Apache is running on our
Ubuntu server, we access the IP of the instance in a browser.
MySql - Server
The next step is to install MySql-server. This is fairly
simple, just type in the command and let Ubuntu do the rest.
apt install mysql-server
PHP
Installing php 7.2, simply type the following command.
apt install php7.2
Configuring MySql
Let’s configure MySql so we have the right kind of
credentials for our setup. After it gets logged in you will grant all the
privileges to the user of Ubuntu as in our case we have given all the
privileges to user raj which will be identified with the password of ubuntu
which is 123 in our case and after which we will reset all the previous
privileges so that it can start the service with the new changes. For this, the
commands are the following.
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'raj'@'%' IDENTIFIED BY
'123' WITH GRANT OPTION;
flush privileges;
Phpmyadmin
We need to install phpMyAdmin as well, here is how you do
it.
apt install phpmyadmin
Phpmyadmin needs to be configured, it needs to know that we
want to use apache2 as our web server.
Next, we need to give it the password that we kept while
setting up mysql.
Lab Setup
We are done with installing all the dependencies for out
setup and are now ready to install our pentest labs.
DVWA
let’s navigate to the “html” folder to download and install
DVWA. Once that is done, we need to move the config.inc.php.dist file for
further configurations.
cd /var/www/html
git clone https://github.com/ethicalhack3r/DVWA
cd /dvwa/config
mv config.inc.php.dist config.inc.php
Open the config.inc.php file in a text editor and put
in the database credentials that we had set up earlier. We only need to modify
2 fields: db_user and db_password.
Now we open DVWA in our web browser and click on
“Create/Reset Database”.
Time, to login to our DVWA!
Sql Injection - Dhakkan
Our vulnerable web app is up and running, now we want to
install a lab for SQL injections, we will be using the Dhakkan sqli lab.
Here’s how to set it up. We download it into the html folder
to host it, next we move the “sqlilabs” folder to the “sqli”. Next, we need to
edit the datagbase credentials so that the lab can function properly. Open the
db-creds.inc file in a text editor.
cd Sqli_Edited_Version/
ls
mv sqlilabs/ ../sqli
cd sqli
cd sql-connections/
Now that the file is open, we put in the username and
password.
Now browse this web application from through this Public-DNS/sqli
and click on Setup/reset Databases for labs. Now the sqli lab is ready to use.
Success! Sqli is up and running.
OWASP Mutillidae II
Last but not least, we will install OWASP Mutillidae II and
that will conclude our setup for now.
So, lets start by navigating to the “html” folder and
downloading Mutillidae. Once downloaded, we navigate to the “includes” folder.
git clone https://github.com/webpwnized/mutillidae
cd mutillidae
cd includes
ls
nano database-config.inc
Once in, modify the database access file to prove the
credentials we had set up earlier.
Now we will open this our local browser by the following
URL: Public-DNS/mutillidae where we will find an option of reset database. Just
click on it to reset the database. Let’s launch Mutillidae using our browser.
Voila!! Your Ubuntu instance is ready for you to start your
AWS pentest journey. You have your connectivity, dependencies and labs all
configured and ready to go.
We at Hacking Articles always try to bring you the most
industry relevant content. Since cloud is now the thing most companies are
moving towards and raising curiosity about ways to keep the cloud secure, this
is article is just to get you ready for our new articles on cloud penetration
testing, so stay tuned.
Have fun and stay ethical.
0 comments:
Post a Comment