Skip to main content

Get Free Kali Linux On AWS With Public IP – Real Time Penetration Testing



As you all knows, Kali Linux is one of the most popular penetration testing OS with more than 1000s of hacking tools pre-installed in it like Metasploit Framework, Air-crack Package for Wireless Cracking, various Network Scanning Tools, Web Application Scanning Tools like wpscan, joomscan etc.
In this article, you’ll learn a complete installation of Kali Linux machine on AWS Server with free public IP. There are so many tutorials on internet to learn Kali Linux but all are with Virtual Machine where you can’t get any public IP and you can’t do anything outside the local network. So the best method is to run Kali Linux on cloud i.e. on AWS (Amazon Web Server). 
Let’s start it by creating a free account on AWS by clicking this link

The Amazon Web Services (AWS) Free Tier is designed to enable you to get hands-on experience with AWS Cloud Services. The AWS Free Tier includes services with a free tier available for 12 months following your AWS sign-up date, as well as additional service offers that do not automatically expire at the end of your 12 month AWS Free Tier term.




After filling correct email, it will ask further payment details where they will charge around 2 INR which is around 0.03$ USD. After filling all correct details, they will also ask for mobile verification which doesn’t take so much time to verify.





Immediately, they will activate your account and you’ll get instant email confirmation regarding your account setup.





By signing into AWS, just click on LAUNCH A VIRTUAL MACHINE with EC2 (First option).






Here you have two options, one is Quick Launch an EC2 Instance and second is Advanced EC2 Launch instance wizard.
·         For Ubuntu or Windows – Go with Quick Launch.
·         For Kali Linux – Go with Advanced EC2 Launch.



Here we selected QUICK Launch an EC2 Instance.



Just fill out the instance name and select an OS which you need, here we selected  UBUNTU 14.04 LTS.



Further you need to select the instance type, which is t2.micro because this is the only instance which is eligible for FREE TIER but you can also look out for other instances by clicking on EDIT link shown on right side.




Within 1-2 minute, you instance will be ready with UBUNTU Machine along with free public IP.






For Kali Linux, you need to click on “Advanced EC2 Launch Instance Wizard“.




In next screen, go to AWS Marketplace, and search KALI LIUX (By offensive Security). This AMI (Amazon Machine Image) is free tier eligible for 12 months.




 
In second step, choose an Instance Type, there are so many free tier instances are there, so we selected t2.micro instance which includes 1GB RAM. If you need  more RAM and more storage, you can select those too but they will definitely charge for higher configuration.


Just click on “Review and Launch” in next step.




In next, you can even generate new key pair for logging into AWS CONSOLE or you can also go with existing key pair which we generate while configuring UBUNTU Machine.



Within 2-3 minutes, your Kali Linux VM Machine will be ready and you can see your all instances in your dashboard link. Now the next step is to login into this AWS machine with the help of SSH.
So you are done configuring with Kali Linux. Now you need two tools for logging into console:-
1.      PuTTygen (For converting AWS Private Key into PuTTY format)
2.      PuTTy (SSH Client)
Although PuTTy doesn’t support AWS generated Key Pair so you have to convert this AWS key pair into PuTTy format with the help of PuTTygen Tool which you can download from this link.
Open  PuTTygen Tool and load the downloaded private key file and select the RSA as generation method and click on “SAVE PRIVATE KEY“. You can also generate private key with extra layer security by putting KEY PASSPHRASE.




Now open PuTTy tool, and load that newly generated private key under Auth Category and open the SSH Console with user “ec2-user





Here you can see the most awaiting terminal with KALI LINUX with root user


Please note, this is the minimal version of KALI LINUX with less tools, to use it further or update it to latest version, you’ve to follow these steps further,
sudo su –
cat << EOF > /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
EOF
apt-key adv — keyserver hkp://keys.gnupg.net — recv-keys 7D8D0BF6
apt-get update
apt-get dist-upgrade
Explanation –
1.      sudo -s will elevate you to root
2.      cat << EOF > /etc/apt/sources.lst will update package repository list
3.      apt-key will add an updated package signing key to the apt keyring.
4.      apt-get update and apt-get dist-upgrade will update package list and upgrade the kali distro to version 2.
Now you have two options, either you can install kali linux full tools by typing this command “apt-get install kali-linux-full” or you can also install top 10 tools by typing this command “apt-get install kali-linux-top10“.
In next article, we’ll discuss about getting VNC over SSH so that you’ll get graphical access of your Kali Linux VM Machine. For GUI access, you need to install some packages into your Kali Linux with PuTTy tool.
[#] sudo apt-get install xfce4 xfce4-goodies tightvncserver
[#] apt-get install gnome-core kali-defaults kali-root-login desktop-base
To run Metasploit, you need to initialize a Metasploit Database and then start the metasploit console by typing these commands:
sudo /etc/init.d/postgresql start
sudo msfdb init
sudo msfconsole
For more info about Metasploit Framework, please follow this tutorial.

Comments

Popular posts from this blog

Spring Security with JWT for REST API

Spring is considered a trusted framework in the Java ecosystem and is widely used. It’s no longer valid to refer to Spring as a framework, as it’s more of an umbrella term that covers various frameworks. One of these frameworks is Spring Security , which is a powerful and customizable authentication and authorization framework. It is considered the de facto standard for securing Spring-based applications. Despite its popularity, I must admit that when it comes to single-page applications , it’s not simple and straightforward to configure. I suspect the reason is that it started more as an MVC application -oriented framework, where webpage rendering happens on the server-side and communication is session-based. If the back end is based on Java and Spring, it makes sense to use Spring Security for authentication/authorization and configure it for stateless communication. While there are a lot of articles explaining how this is done, for me, it was still frustrating to set it up for the f...

Java Functional Interfaces

  The term   Java functional interface   was introduced in Java 8. A   functional interface   in Java is an interface that contains only a single abstract (unimplemented) method. A functional interface can contain default and static methods which do have an implementation, in addition to the single unimplemented method. Here is a Java functional interface example: public interface MyFunctionalInterface { public void execute(); } The above counts as a functional interface in Java because it only contains a single method, and that method has no implementation. Normally a Java interface does not contain implementations of the methods it declares, but it can contain implementations in default methods, or in static methods. Below is another example of a Java functional interface, with implementations of some of the methods: public interface MyFunctionalInterface2{ public void execute(); public default void print(String text) { System.out.println(t...

Java Logger

In Java, logging is an important feature that helps developers to trace out the errors. Java is the programming language that comes with the logging approach. It provides a Logging API that was introduced in Java 1.4 version. It provides the ability to capture the log file. In this section, we are going to deep dive into the Java Logger API. Also, we will cover logging level, components, Logging handlers or appenders, logging formatters or layouts, Java Logger class, What is logging in Java? In Java, Logging is an API that provides the ability to trace out the errors of the applications. When an application generates the logging call, the Logger records the event in the LogRecord. After that, it sends to the corresponding handlers or appenders. Before sending it to the console or file, the appenders format that log record by using the formatter or layouts. Need for Logging It provides the complete tracing information of the application. It records the critical failure if any occur in ...