Isn’t it going to be nice if you can reach your pen-testing lab from all over the world? As we all know, this is a digital age that makes life easier than our expectations, thus anyone can access their information/data from the cloud. Similarly, a Pentester can design its pen-testing environment for the vulnerable machine on the cloud that can be accessed from anywhere. AWS is probably the most popular cloud service available in today’s date, with most companies taking a cloud or hybrid approach towards their infrastructure.
This article is about setting up a vulnerable lab for web penetration in Amazon Web Services (AWS) to perform pen-testing on.
Table of Content
- Setup & Configuration of AWS Instance
- Deployment & Connectivity
- Install Dependencies
- MySql – server
- Configuring MySql
- Lab Setup
- SQL Injection – Dhakkan
- OWASP Mutillidae II
To set up your own pen-testing environment, you must have AWS account or if not then create an AWS account and login your account.
Setup & Configuration of AWS Instance
Let’s walk through the process of setting up the lab, we will be making an EC2 instance with Ubuntu Server 18.04 LTS on it. An EC2 instance is referred to as a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on the AWS infrastructure. The good thing is that this will not cost you anything to build as AWS has options to setup instances within a certain computing level that are not charged for.
- Open the EC2 console in AWS.
2. Navigate to “Launch Instance” and click on “Launch Instance”.
- Choose the Amazon machine image (AMI), this is basically similar to finding the iso file of the OS that you want on your instance. AWS has you covered with most of the popular OS’s available in its inventory.
- Here we looked for ubuntu.
- Now that we see the OS that we want running on our instance, we need to choose the “64-bit (x86)”.
- We now need to choose our instance type, to basically define the amount of hardware this instance will have, we choose the “t2.micro”. This gives us I virtual CPU and 1 GB of RAM.
For most general-purpose workloads, T2 Unlimited instances will provide ample performance without any additional charges.
- High-frequency Intel Xeon processors
- Burstable CPU, governed by CPU Credits, and consistent baseline performance
- Lowest-cost general purpose instance type, and Free Tier eligible*
- Balance of compute, memory, and network resources
Read more from here
- Once we click on “Review and Launch”, the rest of the options are left as they are, and we click on “launch”.
8. Now let’s launch the instance which will create a key pair to your instance and complete the launch process.
This is a very important step, this is what makes it possible for you to connect to your instance over SSH, the key pair.
- Choose “Create a new key pair”, give it a name, them download and save the .pem file somewhere where you can keep it safe.
AWS gives you the launch status, tells you about the launch process and shows you that your instance is now launching.
- Now click on “View Instances” to see what’s happing with our Ubuntu server. Note that it takes a few minutes for the server to be fully deployed, so be patient. Now we see under “Status check” that we have our 2/2 checks, this essentially means that our instance is fully deployed and ready for us to connect to.
Deployment & Connectivity
This is the good part, where we get to deploy and connect to our instance in AWS.
- We choose our instance and click on “Connect”, this takes us to a page with options that defines how we want to connect to our instance, and we choose to connect using a standalone SSH client.
- Enter the name for your Instance ID, so that you can easily identify the instance ID from its name.
AWS is very helpful in giving us the particulars for our connection, like the commands to use.
There are many applications you can choose from to connect to the instance, we are connecting to it from Kali Linux.
- We first make sure that the .pem file that we saved has the right permissions assigned to it, in this case, it needs to be only ‘read’. Once that is done, we put in the SSH particulars provided by AWS.
Syntax: ssh –I “key.pem” AMIuser@instance–Public–DNS
- The .pem file is defined so that the SSH operation knows where the keys are located and that’s it, we are in!!. We connect and get to root.
Install Dependencies required for Pentest-lab
Ubuntu is up and running now, let’s start it for our pentest purposes, in order to do that we need to have the basic dependencies installed so that we can access web application like DVWA, etc.
First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems. Web servers are used to serve web pages requested by the client computers.
- So, let’s first install Apache in the ubuntu by the following command.
apt install apache2
We have successfully installed apache2, by default apache runs on port 80
For Apache to function properly we need to open port 80, so let’s get to it. We need to edit the security group in order for the Apache service to work. Ports are closed by default in AWS, so we can define what we want open.
- Go to your instance and launch the security groups wizard-1.
- Edit the inbound rules and add HTTP, using TCP protocol over port 80.
- The rule has been added, now click on save.
- Now to validate that Apache is running on our Ubuntu server, we access the IP of the instance in a browser.
MySQL – Server
The next step is to install MySql-server. This is fairly simple, just type in the command and let Ubuntu do the rest.
apt install mysql–server
Installing PHP 7.2, simply type the following command.
apt install php7.2
Let’s configure MySQL so we have the right kind of credentials for our setup. After it gets logged in you will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to user raj which will be identified with the password of ubuntu which is 123 in our case and after which we will reset all the previous privileges so that it can start the service with the new changes. For this, the commands are the following.
mysql –u root –p
GRANT ALL PRIVILEGES ON *.* TO ‘raj’@‘%’ IDENTIFIED BY ‘123’ WITH GRANT OPTION;
We need to install phpMyAdmin as well, here is how you do it.
apt install phpmyadmin
Phpmyadmin needs to be configured, it needs to know that we want to use apache2 as our web server.
Next, we need to give it the password that we kept while setting up MySQL.
We are done with installing all the dependencies for our setup and are now ready to install our pentest labs.
let’s navigate to the “html” folder to download and install DVWA. Once that is done, we need to move the config.inc.php.dist file for further configurations.
git clone https://github.com/ethicalhack3r/DVWA
mv config.inc.php.dist config.inc.php
Open the config.inc.php file in a text editor and put in the database credentials that we had set up earlier. We only need to modify 2 fields: db_user and db_password.
Now we open DVWA in our web browser and click on “Create/Reset Database”.
Time, to login to our DVWA!
SQL Injection – Dhakkan
Our vulnerable web app is up and running, now we want to install a lab for SQL injections, we will be using the Dhakkan sqli lab.
Here’s how to set it up. We download it into the html folder to host it, next we move the “sqlilabs” folder to the “sqli”. Next, we need to edit the database credentials so that the lab can function properly. Open the db-creds.inc file in a text editor.
git clone http://github.com/Rinkish/Sqli_Edited_Version
mv sqlilabs/ ../sqli
Now that the file is open, we put in the username and password.
Now browse this web application from through this Public-DNS/sqli and click on Setup/reset Databases for labs. Now the sqli lab is ready to use.
Success! Sqli is up and running.
OWASP Mutillidae II
Last but not least, we will install OWASP Mutillidae II and that will conclude our setup for now.
So, let’s start by navigating to the “html” folder and downloading Mutillidae. Once downloaded, we navigate to the “includes” folder.
git clone https://github.com/webpwnized/mutillidae
Once in, modify the database access file to prove the credentials we had set up earlier.
Now we will open this our local browser by the following URL: Public-DNS/mutillidae where we will find an option of reset database. Just click on it to reset the database. Let’s launch Mutillidae using our browser.
Voila!! Your Ubuntu instance is ready for you to start your AWS pentest journey. You have your connectivity, dependencies and labs all configured and ready to go.
We at Hacking Articles always try to bring you the most industry-relevant content. Since the cloud is now the thing most companies are moving towards and raising curiosity about ways to keep the cloud secure, this is article is just to get you ready for our new articles on cloud penetration testing, so stay tuned.
Have fun and stay ethical.
About The Author
Abhimanyu Dev is a Certified Ethical Hacker, penetration tester, information security analyst and researcher. Connect with him here