Oracle Logo

Cloud Computers for Hacking

Cloud computing has been around for a while now. There are offerings from many big tech companies and it's very cheap, sometimes free, to get a cloud server up and running. In this article, we’ll look at the uses of these servers in the world of cybersecurity.

You can also find this article and others for free on my website!

Hosts

But before we begin let's review some of the free cloud offerings. Starting with Amazon AWS, you get a free “ec2” model for one year (750 hours) when you sign up. This is pretty good but what if we want more than just a year? Google Cloud offers its “e2-micro” model for free forever, which is great for a permanent server, but the e2-micro shares a CPU with other instances, and its power is limited to short bursts. The e2-micro is also only allotted one gigabyte of RAM, which may be an issue for heavier workloads. Finally, we come to Oracle Cloud. Oracle Cloud has by far the most generous free tier. Although their x86 offering, also an “e2-micro”, is similar to Google’s, you get 2 of them for free. Besides their x86 instances, Oracle also gives you a 4-core arm instance with up to 24 gigabytes of RAM! However, Oracle has stated that they will remove/reclaim idle instances, which may be an issue in the future.

Note: I am not sponsored by any of these hosting services!

Uses

C2

Starkiller Logo (Empire GUI)

During red teaming, a cloud server is great for a C2 server. It's exposed to the public internet, making it easy for victims to establish reverse connections. Some good examples are the Empire framework or Hak5’s C2 software for their devices.

VPN

WireGuard Logo (and motto?)

Apart from C2 servers, you can use it as a self-hosted VPN to mask your identity. Self-hosted VPNs are great as they don’t log or scan your traffic. Not only that, you can quickly remove and add an instance to change your IP address, preventing tracking. However, there is still a risk as everything is still running on the hosting company’s server, so they may be able to see what you’re doing.

MITM

Bettercap Logo

By turning the instance into a proxy server you can use it for MITM attacks. Tools like Bettercap or Wireshark will let you modify and capture the data being sent through. Even better is a SOCKS proxy or a VPN as they allow you to capture data being sent from other ports, such as 445 for SMB or 21 for FTP.

Phishing/XSS

BeEF Logo

A common use for these servers is hosting phishing or scam websites. This is very self-explanatory, the servers are free and the scammers probably have a lot of stolen credit cards. It's also possible to get a free website certificate with Let’s Encrypt and a free domain with the multiple DDNS services out there. Apart from phishing websites, attackers can install BeEF on their servers and websites, using it for XSS attacks.

Conclusion

Cloud servers are great for all sorts of cyber attacks thanks to their exposure to the internet and relative disposability. However, they are not completely anonymous as the hosting company can still track them. It’s up to you what you want to do with them, but as for me, I’m using mine to host my new website, m5kro.freeddns.org (phishing, XSS, and ad free)!

Happy Hacking~!