Configuring Kali Linux on Amazon AWS Cloud for FREE

June 7, 2017 | Irfan Shakeel
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Kali Linux is the most desired pentesting distribution. There are number of tutorials for Kali Linux available on the Internet. Having said that, people constantly complain about not getting the public IP (WAN). They also complain that they can only use it within their local network. We can resolve this problem by opening a Linux computer to the internet, which involves configuring the router and port forwarding as well. However, this is not suggested because it will attract unwanted traffic and intruders that might recruit your machine into a global network of botnets.

The best possible way to accomplish your objective is to host Kali Linux in the cloud, where the vendor manages the network and server, so you can focus on your pentesting. Plus it's FREE!

In this article, we will talk about the steps to configure Kali Linux on Amazon AWS cloud for free.

In the first step, you’ll require Amazon AWS account. So, create an Amazon AWS account, or if already have one, log in to your account. After successful login, provide your payment details (note, you will not be billed until you exceed the free tier limitation).

After providing your payment details, let Amazon confirm your identity using the call verification process. Once verified, select the basic plan and move on to the next step.

In the next step, you’ll need SSH key pairs to access Kali Linux from your host computer. So, to generate SSH key pairs, go to your Amazon AWS console, click on the key pairs (under the network & security navigation), select the Create Key Pair option and give your selected pair a name.

creating kali linux key pair is first step

The private key will be automatically downloaded to your device; keep it secure because you will not be able to get it again if you don’t have it.

Now, from your Amazon AWS Marketplace, locate the Kali Linux instance.

Before proceeding with the instance, make sure that the suitable region is selected. You can confirm the region from your AWS console account as shown in the figure below:

confirm region from AWS console account

Click on the “Launch with 1-click” button to launch the recently configured instance. You can also view the status of your machine from the Amazon AWS console.

The process of configuring the Kali Linux in the cloud is now completed; let’s discuss the steps to access it from your Windows OS. You need the following tools:

  • PuTTY
  • PuTTygen

Download and install the tools from the official website then open PuTTygen and load the previously downloaded private key file. The purpose is to convert it into the PuTTY supported format:

Open PuTTYgen and load private key file

Save the private key and close the PuTTYgen program. Open the PuTTY program to connect it with your Kali Linux and load the private key in the Auth tab under the SSH navigation:

load private key into PuTTY program

NOTE, in the session, use the username (ec2-user) and the public DNS detail of the Kali Linux machine:

[email protected]

use the username ec2-user to configure kali linux

Click “Open”, and you are ready.

Kali Linux in AWS cloud for free

Your Kali from the cloud is here. As this is the minimal installation, you might not be able to access all the tools. However, you can get all the tools by running the following command:

apt-get install kali-linux-full

Alternatively; run “apt-get install kali-linux-top10″ to get the top 10 security tools. Note, you should not go over the usage limit, or your card will be charged.

Top 10 security tools on Kali Linux

For Linux Users:

You can access the Kali AWS from your Linux machine also. For that, set the permissions and connect the server using SSH, then hit the following:

chmod 400 key_pairs.pem

ls -lah | grep key_pairs

ssh -i key_pairs.pem [email protected]

access your AWS Kali Linux in cloud from Linux box

Run the sudo su command, to get the root access to your Kali machine.

VNC over SSH Tunneling to get the GUI Access of Kali Linux in AWS Cloud

Let’s move on to the steps to get the GUI access of the recently installed and configured Kali Linux machine. The infrastructure used:

  • Ubuntu (Local Linux machine to access Kali)
  • Kali Linux (configured in the AWS cloud)
  • Windows with PuTTy (just to access the local and hosted Linux machine) - Note, this is not necessary, you can do all the functions with your local Linux too.

Now, update the packages and install the TightVNC on your host Linux machine:

sudo apt-get update

sudo apt-get install xfce4 xfce4-goodies tightvncserver

update packages and install TightVNC on host linux machine

The existing newly installed Kali Linux is the command-based OS, but we can get the GUI-based OS by running the following command in the newly created Kali Linux machine:

apt-get install gnome-core kali-defaults kali-root-login desktop-base

After installation of the GUI, set up the VNC server by changing the resolution. As you will be using the VNC for the first time, it will ask you to create a password.

# tightvncserver –geometry 1024×768

Kali:1 shows that it is listening on port 5900+1 =5901

Now set up the SSH tunnel; this should be done on your host Linux as an alternative to Kali (cloud).

# ssh -L 5901:localhost:5901 -N -f [email protected] -i key_pairs.pem

# netstat -anop | grep 590

set up ssh tunnel

You can see the listening port. In the command above:

-N represents the SSH port forwarding

-f runs the SSH commands in the background

The SSH tunnel has been created. Now we will be connecting the local host using the TightVNC viewer, but you can use the Ubuntu default viewer as well.

connect local host using TightVNC viewer, can also use Ubuntu

And here is the connectivity:

connectivity of Kali Linux in cloud to your linux box

So, Kali Linux is ready, and being hosted in the cloud with public IP won't cost you anything. However, you need to take note of Amazon’s abuse policy; they do not allow you to scan the third party premises. In addition, to conduct pentesting you need to complete the Penetration testing request form.

Irfan Shakeel

About the Author: Irfan Shakeel, EH Academy
Irfan Shakeel is the founder of ehacking.net and creates future cyber security professionals by offering quality cyber security education at EH Academy. You can connect with him on Twitter (@irfaanshakeel) and LinkedIn.
Read more posts from Irfan Shakeel ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL CHAT