"Security isn’t something you buy, it’s something you do, and it takes talented people to do it right."
You can find a detailed video demonstrating these steps on our official YouTube channel at Penetration Testing Lab Setup on Digital Ocean. Note that this blog is best understood when viewed along with the aforementioned accompanying video.
Introduction
Digital Ocean provides free credits worth $200, an excellent option for creating penetration testing labs. Follow the instructions provided in the video to set up the pentest lab. Sign up and create your Digital Oceans account using the URL https://m.do.co/c/e6a1317eb1d0 and obtain free credits of $200.
Below is a basic flow of what must be done to create your pentest lab.
Please create a user on the Digital Ocean platform and configure it to work over SSH.
Install essential services such as docker.
Install and set up the needed vulnerable services such as DVWA etc.
Setup
Create a user account on the Digital Ocean's platform using the link: https://m.do.co/c/e6a1317eb1d0
Sign-up
Login into your newly created digital ocean account using the login page on digital ocean's website. It should look something like this:

Create a new project (if one doesn't exist already) in the UI post-login, and it should look something like this:

Create a new "Droplet" under your newly created project and in the submenu, choose the Ubuntu version you wish to create while configuring the various options per your machine's requirements.
Please refer to the linked video at the top of this blog to view our recommended configuration, or click here. Once ready, make sure to enable the SSH configurations on your machine ( it's recommended to use the "SSH Keys" instead of "Passwords")
If you are not sure how to create and use "SSH Keys," please refer to this link.
Login into your digital ocean account as the root (sudo) user. Please refer to this video if you face any issues logging in.
Create a new user and add sudo privileges.
adduser user
usermod -aG sudo user
Login as "user" using:
su user
Install docker in the machine using
sudo apt-get update
sudo apt-get install docker.io
sudo systemctl enable docker
sudo systemctl start docker
Installing vulnerable images
(Optional) Install the DVWA container from https://hub.docker.com/r/vulnerables/web-dvwa via
sudo docker pull vulnerables/web-dvwa
sudo docker run --name web-dvwa -d -p 8080:80 --restart always vulnerables/web-dvwa
(Optional) Install OWASP Juice-shop: https://hub.docker.com/r/bkimminich/juice-shop using
sudo docker pull bkimminich/juice-shop
sudo docker run --name juice-shop -d -p 8081:3000 --restart always bkimminich/juice-shop
Installing Other Services
(Optional) Install SMTP Server using the following links:
https://www.acorel.nl/2022/03/fake-smtp-servers-for-testing/ and https://linuxize.com/post/how-to-use-linux-screen/ screen
screen
sudo docker run --name=mailhog -p 2525:1025 -p 8025:8025 --restart always mailhog/mailhog
Press "ctrl+a" and press d to exit the screen.
(Optional) Install SNMP - https://github.com/tandrup/docker-snmpsim
screen
sudo docker run -v /somewhere/with/snmpwalks:/usr/local/snmpsim/data -p 161:161/udp --restart always tandrup/snmpsim
Press "ctrl+a" and press d to exit the screen.
(Optional) Install FTP - https://github.com/garethflowers/docker-ftp-server
sudo docker run --detach --env FTP_PASS=123 --env FTP_USER=user --name my-ftp-server --publish 20-21:20-21/tcp --publish 40000-40009:40000-40009/tcp --restart always --volume /data:/home/user garethflowers/ftp-server
Connecting to Services
Now you can connect to the services you created and execute penetration tests.
Create SSH key pair for the account user created above and configure the SSH login for the account user. If you are unsure how to create and use "SSH Keys," please refer to this link.
On your Kali terminal, run the below ssh port forwarding commands. Make sure to replace the <sshprivatekey> with your private key and <yourdropletip> with your droplet public IP.
ssh -L 80:127.0.0.1:8080 -i <sshprivatekey> user@<yourdropletip> -fN
ssh -L 81:127.0.0.1:8081 -i <sshprivatekey> user@<yourdropletip> -fN
ssh -L 25:127.0.0.1:2525 -i <sshprivatekey> user@<yourdropletip> -fN
ssh -L 21:127.0.0.1:21 -i <sshprivatekey> user@<yourdropletip> -fN
The services are now reachable on your localhost 127.0.0.1 for testing.
Example: DVWA can be accessed by using the URL http://127.0.0.1:80
Register for instructor-led online courses today!
Check out our self-paced courses!
Contact us with your custom pen testing needs at: info@darkrelay.com  or WhatsApp.
Comments