Building PenTest Framework in AWS

Building your Command & Control environment from the cloud not only allows easy management of instances, but also provides scaling as needed.  This guide will show how to build a ubuntu server in AWS, and then download and install the PenTest Framework.

Create an AWS account.

Under Instances -> Select Launch Instance

Within the Quick Start options choose Ubuntu Server 16.x (Free tier eligible)

Select t2.micro -> Next: Configure Instance Details

On the Configure Instance Details page select Create new VPC

Fill out the Create VPC template

Go back to Configure Instance Details tab and refresh the Network VPC options.  Select the newly created VPC.  Now select the Create new subnet option.

Fill out the Create Subnet template (VPC created should be available in the VPC dropdown)

Back on the Configure Instance Details tab select refresh next to Create new VPC.  This will populate the new subnet created. Click Add Storage.

Increase the size to at least 20GB. Select Step 5: Add Tags

 

Tagging will help manage all your resources in AWS. Next: Configure Security Group

Security groups work as the firewall for AWS.  We need to change the Source to My IP for now, however when C&C traffic is needed from a victim, you will need to open the needed port here.  More details later. Review and Launch. Launch

When Launch is selected you will be prompted to create a new key pair. Download Key Pair. Launch Instances.

Before we connect to the Instance lets issue an elastic IP.  Select Elastic IP’s on the left pane. Allocate new address.

Left Click new address and select Associate address.  Fill out Associate address template.

I am connecting to the instance with Windows so I will be converting the .pem to .ppk using PuttyGen,  Run Putty Key Generator,  Get a copy here.

Load the .pem, Save private key(Create password if desired)

Now we need to load the .ppk into Putty. SSH -> Auth -> Browse for the new .ppk

Click back to Session enter the elastic IP associated. Open.  Login with ubuntu

Lets update the server: apt-get update

Ensure Python is installed: apt-get install python (Yes)

Pull the download from github: git clone https://github.com/trustedsec/ptf /opt/ptf

Change to the /opt/ptf directory and run ptf: cd /opt/ptf && ./ptf

Now we will update the modules by entering the following commands:

ptf>use modules/exploitation/install_update_all

ptf>use modules/intelligence-gathering/install_update_all

ptf>use modules/post-exploitation/install_update_all

ptf>use modules/powershell/install_update_all

ptf>use modules/vulnerability-analysis/install_update_all

During the installations there are a few simple human interactions needed.

Check all the available modules in the /pentest directory.  cd /pentest

The setup is complete and ready to be used!

Be sure to power down the instance when not in use.  You are charged for up-time.

TIP: Empire does not work due to some missing imports.  I wrote a quick script to fix the issue.

Enter the following command:

git clone https://github.com/trenchesofit/ptfempirereqfix.git /opt/empirefix && /opt/empirefix/ptfempirereqfix.py

 

Until next time, Stay safe in the Trenches of IT!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Leave a Reply