New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Are you looking to test from the dedicated, or use the dedicated as a victim machine and your own machine as the attacker?
It doesnt seem like there's any reason to not just run local vm's and keep the vulnerable systems off the internet.
Unless ofcourse you're running low on resources.
Basicly looking for both. So youd have the recommended taking own machine as victim (using e.g. virtualbox) and other vps/dedi as attacker?
I agree with @eastonch - why not run everything on virtual machines on your personal computer?
If you must do your course on the public Internet (why?), then ask first.
Many VPS providers have restrictions on pen testing or even port scanning. I have found that if you contact the provider and explain your situation, they will often grant you an exception. Be sure to mention that you own and control both the attacker and target systems, and give them the IP addresses of both. Explain that the work is limited to the two systems only, and you will not be doing any general scans of random IP addresses.
Some providers may object. It doesn't hurt to ask.
In a dedicated environment where you own both endpoints you should be free to do what you like and your provider won't be any the wiser. But still best to ask.
Virtual environments will be stricter, and have stuff like netflow monitoring or a bored sysadmin watching tcpdump....
Don't do it if you don't ultimately have complete control over the logistical aspects of the exercise - meaning your machines, your locations, and hopefully your pipes if it's something that involves that. But pentesting covers such a wide array of attacks that you need to be more specific - you can spearphish with just 50-100 emails and most of the damage there would be replaced cheaply push comes to shove, but if you want to replicate a Sony style attack you better own 2 Sonys. If you guys have issues with password auditing, that's more related to the attacker's CPU and GPU but ultimately, well, the strength of your passwords. Most vulnerabilities still take a huge amount of human error to work.
Ultimately though, if you have enough money you can choose either using other people's system and paying for it or buying your own and paying for it.
Thanks for all the answers guys and I have messaged a few providers I have used for a long time to be granted explicit permission. Let's wait for the replies^^