Create a private VPS for group penetration testing

Old No Comments on Create a private VPS for group penetration testing 324

You can create a VPS with restricted network access to a single IP address for penetration testing or setting up a development environment.  Connecting to the VPS would be done through another VPS acting as a proxy server, with relevant hacking tools installed.  The restricted VPS would be able to run vulnerable services and websites without risk of exploitation, which would happen, probably by bots.  In this environment, you could install known vulnerable versions of web applications and attempt exploitation with the other users of the server.

You can use this script to install Apache, MySQL, set the hostname, and the firewall.  You should also create a separate firewall script for each time you restart the server.  Be sure to change the domain and IP address to the relevant servers that you use.

https://gist.github.com/Pavelovich/febe0177a53ce154e2b9

Digital Ocean provides virtual servers for only five dollars per month.

The advantage of using a fully network restricted VPS for simulated attacks is that all parts of the server can run services that you can try to attack.  Instead of just trying to find vulnerabilities in websites, you can try to exploit various other services.  You can also make your own services and then test them for vulnerabilities before deploying them to a public server.  By deploying the target server to a VPS host rather than just setting up local virtual machines, anyone else can access it from anywhere, without needing to get everyone into the same place.

You could also use the same server to test website applications and extensions that you are developing that might not be secure.  If you do it would be a good idea to keep very frequent backups of it in case it gets deleted in a simulated attack.  This could be ineffective if the server sees a lot of use, since the attacks might disrupt the functioning of the website.

You could use this with a group of friends, or as part of an activity at a university.

Author

Sasha Pavelovich

Assistant sysadmin for Lexipedium

Related Articles

Leave a comment

Back to Top