Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VPS/Dedi that allow penetration testing?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VPS/Dedi that allow penetration testing?

Just curious if there are any companies that allow penetration testing outgoing from their network. I am currently doing a penetration testing / vulnerabilities finding course based on Kali Linux and at some rate I might need a test environment :P

Comments

  • Are you looking to test from the dedicated, or use the dedicated as a victim machine and your own machine as the attacker?

    It doesnt seem like there's any reason to not just run local vm's and keep the vulnerable systems off the internet.
    Unless ofcourse you're running low on resources.

  • @eastonch said:
    Are you looking to test from the dedicated, or use the dedicated as a victim machine and your own machine as the attacker?

    It doesnt seem like there's any reason to not just run local vm's and keep the vulnerable systems off the internet.
    Unless ofcourse you're running low on resources.

    Basicly looking for both. So youd have the recommended taking own machine as victim (using e.g. virtualbox) and other vps/dedi as attacker?

  • emgemg Veteran

    I agree with @eastonch - why not run everything on virtual machines on your personal computer?

    If you must do your course on the public Internet (why?), then ask first.

    Many VPS providers have restrictions on pen testing or even port scanning. I have found that if you contact the provider and explain your situation, they will often grant you an exception. Be sure to mention that you own and control both the attacker and target systems, and give them the IP addresses of both. Explain that the work is limited to the two systems only, and you will not be doing any general scans of random IP addresses.

    Some providers may object. It doesn't hurt to ask.

    Thanked by 1Ympker
  • linuxthefishlinuxthefish Member
    edited April 2016

    In a dedicated environment where you own both endpoints you should be free to do what you like and your provider won't be any the wiser. But still best to ask.

    Virtual environments will be stricter, and have stuff like netflow monitoring or a bored sysadmin watching tcpdump....

    Thanked by 1Ympker
  • lootloot Member

    Don't do it if you don't ultimately have complete control over the logistical aspects of the exercise - meaning your machines, your locations, and hopefully your pipes if it's something that involves that. But pentesting covers such a wide array of attacks that you need to be more specific - you can spearphish with just 50-100 emails and most of the damage there would be replaced cheaply push comes to shove, but if you want to replicate a Sony style attack you better own 2 Sonys. If you guys have issues with password auditing, that's more related to the attacker's CPU and GPU but ultimately, well, the strength of your passwords. Most vulnerabilities still take a huge amount of human error to work.

    Ultimately though, if you have enough money you can choose either using other people's system and paying for it or buying your own and paying for it.

    Thanked by 1Ympker
  • Thanks for all the answers guys and I have messaged a few providers I have used for a long time to be granted explicit permission. Let's wait for the replies^^

Sign In or Register to comment.