.png)
4 years ago
209 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Friend,
I have been struggling and looking for an on the go setup of bug bounty hunting and penetration testing, but every time I ended messing things up. I have tried multiple ways to automate my work and make it a bit more on the go so that I can use anywhere and anytime on a device just which has a terminal installed on it.
Before I start I want you to know about how things work here.
What is the Cloud?
In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of your computer’s hard drive. The cloud is just a metaphor for the Internet… The cloud is also not about having dedicated network-attached storage (NAS) hardware or server in residence.
You can read about clouds here: https://www.cloudflare.com/learning/cloud/what-is-the-cloud/
Let’s start now…
Since I started bug hunting I always had a question in my mind that how can I hack on the go? I wanted something through which I can hunt bugs any time anywhere. So I decided to search for solutions on the internet.
After researching for many days I came to a conclusion for how to set up my own cloud, so I decided to share it with the community.
How to set up their own cloud?
You can use Digital Ocean or Linode or whatever service provider you want to use. I already have a Digital ocean account so I will be using that for this blog.
Here I will explain how I setup ubuntu through windows and how I have structured my folders, my tools and where I gather all my data.
So let’s get into it.
Let’s talk about how to set up your own to box for pen-testing and bug bounty hunting. So the first thing you want to do is you want to go over this link. This link will give you $100 for free when you first time you signup and I will get $25 for offering you. So if you want to do that you are most welcome, if you already have your own account don’t worry about it. I recommend you to use the referral to save a few bucks.
So now that we have all this setup, we’re going to go to Digital Ocean, set up our account. And once the account is set up, you want to create a new box.
Once you are logged in to your digital ocean follow the steps:
Click on create and then select DropletThis will bring up all the different options you have when it comes down to creating your own box. So I usually like to use ubuntu. You can use anything else you want, but for the purpose of this blog, I’m going to stick to ubuntu.
Then look at the plan that suits your work the best, I typically do the 40 dollar box just because it gives me enough resources and enough space to do all the things I want to do. But you don’t have to use this one particular. You can also use cheaper wants to get you started. And then once you are more comfortable with your work, you can start to scale it up as much as you want.
Choose the configurationI’ll take one, which gives us 3gb RAM, 1 C.P.U, and 60 Gb SSD with 3 TB of transfer So now that we have this selected want to go down.
Select a region that is closer to youThis doesn’t make a difference, but I’m going to choose New York. Rest all other options are the options you can skip them for now.
Choose a hostnameYou can choose any name, for this I named it as PENTEST
Click on create dropletIt will take a few minutes for it to set up the whole thing and it will then give you an IP address and it will email you a password where you can log onto your box.
All right. So now that the box is created, we can go in here and kind of see everything that is happening and we have different options. I’m not going to touch any of this. I want to just focus on how to set up this box as a pen tester or a bug bounty hunter. So we’re going to copy the IP address.
And when it comes down to using windows and going through an SSH to connect to your box, you have different options. The first one that I personally like to use as the preview terminal that comes with Windows,
But this also does rely on you having the Windows subsystems set up. So if you’re not familiar with Windows. This is how it works.
You can also download the ubuntu windows app from your Windows store and that will bring up this terminal that also allows you to do the same things as any other terminals.
If you don’t like any of these options then your other option is that you have to use something like putty. You can download it from it’s website.
Logging-in to the boxes
Now you can just log into these boxes by tapping a ssh root at the IP address that they’ve given you. And if you have chosen the password option, then you would get an email in your email address that you provided on your account you signed up, which has a root password for this box.
At first login you’ll need to change the root password, you can choose any password you like, this will get you to your box where we can start doing things.
Creating a New User
One thing that I recommend everyone doing the first time when they log in is to create a new user to kind of avoid logging in as root and only using sudo when you need to.
You can create a user by typing in the command adduser and giving it a username and then it’s going to ask you for a password. It is going to ask you a bunch of information. You have to fill that out or you can just press, enter and go all the way through.
For us to work, we want to make sure that this user is added to this sudo group. And we want to do that to make sure we have access to doing the same stuff that as a root user does in case we are doing something that requires a higher privilege.
You can add it to the sudo group by this command usermod -aG sudo “username”, now we can go back and login again in this user and check if it is working properly.
Installation of Required Tools
For now, I’ll use Nahamsec’s “Bug bounty hunting toolkit”. (You can create your own or use any other tools)
1. Goto Nahamsec’s Github: https://github.com/nahamsec/bbht
2. Follow these steps:
git clone https://github.com/nahamsec/bbht.gitcd bbhtchmod +x install.sh./install.sh3. Enjoy
All right. So it looks like everything has been set up. Now you can see that you have the majority of the tools that are required to be used for recon.
Closing note:
With this you can take your bug hunting/pentesting to next level. You can automate a lot of things in this box and save a lot more time in recon and stuff.
A big shout-out to Nahamsec for all his efforts towards the infosec community.
You can give me a follow on Twitter, Linkedin for more infosec stuff.
Thanks for reading :)
Bengali (Bangladesh) · 
English (United States) ·