In this series, we'll be walking through how to create a cloud-based virtual attack environment. For those new to AWS, we’ll begin by setting up a free-tier account, launching and ultimately connecting to our new EC2 (Elastic Compute Cloud) instance.
Amazon Web Services (AWS) is a cloud-computing services provider with operations all across the globe. We’ll use their EC2 resources to set up our attack environment.
To get started, sign up for an AWS account, found here. For new AWS accounts, you are eligible for a year of free computing resources. Free-tier eligible accounts can use up to 750 hours of t2.micro-sized Linux and Windows computing instances. Be careful though, auxiliary services, such as an elastic IP address, instance monitoring, and increased storage will add additional costs.
Once your account has been created, we recommend setting up Multi-Factor Authentication (MFA). This can be done by clicking on your Account Name -> Security Credentials -> MFA.
Using the search bar, type in “EC2”, and navigate to the EC2 services page. Before you begin, make sure you have selected the most appropriate region for your service. For latency’s sake, we recommend selecting the region closest to your physical location. For example, we’ve selected Ohio and will launch our EC2 instance there. After confirming your location, select Launch Instance.
For our EC2 instance, we’ll use the Kali Linux distribution developed and maintained by Offensive Security. You can read more about Kali here. In the search bar, type “Kali Linux”. Navigate to “AWS Marketplace”, and you should find a free-tier eligible version of Kali Linux.
Select the t2.micro size for your instance. This size is free-tier eligible. Click “Next: Configure Instance Details”
Step 3 is primarily concerned with instance configuration. If you have specific networking and instance settings you would like to change, edit them here. If not, the default settings will work fine, Click “Next: Add Storage”
In Step 4, you will have the option to add additional storage. 12gb of SSD storage is adequate for this exercise, so we will leave the default and select “Next: Add Tags”
For Step 5, we will add a Tag to our instance and set a name. For the Key, type “Name” and type the name of your instance in the value field. We’ll call ours Kali GoPhish, as we will be using it to build a phishing server later on. Click “Next: Configure Security Group”
In Step 6, we will want to lockdown our instance security settings. If you have a pre-configured security group, you can utilize it here. If not, we’ll create a new one. By default, we’ll need Port 22 open in order to access the EC2 instance over SSH. Instead of opening 22 to the world, we’ll lock it down and whitelist only our source IP Address. Click “Review and Launch”
Note: You will not be able to access your EC2 instance from outside the IP Address listed. If you need to additional IPs, you can create another SSH rule.
Review your instance details, and select “Launch”. In the pop-up window, we’ll need to configure a key pair. We’ll use this key pair to SSH into our EC2 instance. Select “Create a new key pair”, RSA, and then name your key pair. Next, download your key pair to a secure location. Once again, we need this key pair to access our instance. If its lost, it cannot be re-created and you will be locked out of the instance.
Once the key pair is downloaded, select “Launch Instance”. If you select “Instances” on your EC2 dashboard, you should see your newly created instance up and running.
To access our instance, we’ll need to SSH into it. Before we do that, we’ll need to set the permissions on our file key pair pem file.
For Linux and MacOS: In a terminal window, navigate to your downloaded key pair, and run the following command, where keyname is the name of your key pair.
chmod 500 keyname.pem
Now we’re ready to access our instance. Navigate back to the Instances menu on your EC2 dashboard. Select our EC2 instance, and copy the public IP address that is listed.
In a terminal window, navigate to the folder with your pem file, and run the following command with your EC2 isntance’s public IP address.
ssh -i keyname.pem kali@<your public ip address>
If successful, you should enter receive a shell similar found below. Congratulations! You have created your first AWS EC2 Instance. We’ll use this instance for future installments of this series.