Getting a Kali Linux instance up and running has become so convenient, one doesn’t need a computer!
Unrestricted File upload challenges in CTFs are very common these days. A file containing executable code is uploaded to achieve remote code execution (RCE). If a reverse shell is uploaded, how does one handle the callback?
If your attacking machine is in the same network as the challenge server, it would be very straightforward: configure the reverse shell to callback the attack box's IP. But what if you're accessing the challenge server via the internet? Configuring your reverse shell to callback your private IP won't work.
The easiest solution is to deploy a virtual machine in the cloud, since it has a public IP. But what if we could take it a step further?
I don't mean hacking mobile devices, but hacking with a mobile device. How is that even possible? By exploiting cloud providers and some SSH.
I recommend Microsoft Azure. It provides a ready to deploy Kali Linux instance and free $100 credit if you are eligible for Azure for Students. I'll be using that $100.
Select “Virtual machines”. Create a new virtual machine and call it whatever you want. I’ll put “kali”. For the image, select “Browse all public and private images” and search for “Kali Linux”.
Decide on the size of this machine. Size simply means performance specs. Larger sizes (better specs) cost more. I chose “Standard_B1ls” which is the cheapest. You can change to a larger size if you feel it’s too slow.
Now configure the Administrator account. I’ll choose password based authentication for the sake of this demonstration.
Tap next till you reach “Review + Create”. The virtual machine will be created once validation has passed. A short while later, you should receive this notification. Tap “Go to resource”.
Select “Quick Connect” and enter your username and your public IP in the following format:
firstname.lastname@example.org. Then enter your password when prompted.
Enjoy your new instance :)
In retrospect, there are many benefits to launching a virtual machine in the cloud other than a public IP. Running virtual machines is a very resource intensive task. Enough RAM is crucial and so is a fast CPU. Not to mention, storage becomes an issue as virtual machines grow in size. Good hardware costs money. On top of that, there are configuration issues, stability issues… I could go on. But that's for another post.