Why use onehostcloud for your kali install?


#1

Why shift from my powerful VM to onehostcloud?

  1. It’s offloaded: when I start even a vpn test such as for hackthebox.eu, I can do it confidently. Before, if it was 3pm I wouldn’t start anything too intensive because I’d only have to shut it down at 5pm to go home. Now I can set it off, shutdown my laptop at 5pm then resume the session at 7:30pm when I get home and view all the progress made when I’ve been stuck on a bus!

  2. External IP: (This is very important and probably the reason you’re here) searching for sql and xss vulnerabilities is great for a bug bounty, and on a vpn you can easily show your reverse webshell proofs, but when your VM is behind a nat network, which is then behind either your home router (solvable with port forwarding but that’s annoying) or behind your work firewall (good luck!) then you’ve no chance of providing a valid LHOST. onehostcloud will give you an externally viewable IP address so you always have an LHOST to try out your metasploit attempts or your remote file inclusions.

  3. The offset effort: Too many times I’ve had an online game or just a friday night hacking session scheduled and my machine is bogged down, the CPU usage high and fans whirring enough to take off because of some scans I set off an hour ago. Now I can be playing an online game using my full power while my Kali instance is powering through some scans and my laptop is free and easy and cool as a cucumber, Even with the NoMachine instance there for me to check on with a machine away off somewhere else doing all the dogsbody work!

  4. The peace of mind: This is just for me personally since I can get so anxious, I only do whitehat work; usually picking my targets through either hackerone or something like a google search of

    site:.co.uk “responsible disclosure”

    But if penetration testing is my job I don’t want to be the target of an overly-paranoid sysadmin since a black mark means no more work EVER! so it’s nice to do my work on here, even if I’m going to be using my identifiable email address to submit my findings

  5. The ease of install; The rest of these points would apply to any VPS but onehostcloud is the only one I’ve found that has a dedicated kali install already available without the need for legal forms like AWS (which is “fine” (read:severely restrictive even for internal pre-alpha tests) for a contracted engagement, useless for equally-legal bug bounties)


#2

Hello and thank you for your detailed run down.

You are correct about the no NAT issues as to be honest years ago we used to have it using NAT but after many complaints we then completely rebuilt the network and to the delight of customers we no use IPv4 direct in the VPS interface as this is much easier for reverse shells and others.

Many customers also benefit from the fact that they can leave scripts running without needing to shutdown or worry about issues with power and other problems that may experienced with a local install.

While many I am sure use it for black hat work we have many actual Cyber Security companies that use our services for the mere convience of being able to be on the road and at customers sites and having access to a fast and reliable Kali VPS.

Additionally it is also great to have a remote IP to be able to test against your own network.

Yes while AWS has Kali they do not have instant provisioning and also Remote Desktop already setup and installed for easy remote desktop access and I am sure AWS will terminate any VPS that receives a complaint or even at the hint of impropriety whereas we are very relaxed about this however we do ask that customers be mindful that we do receive many automated responses from networks and this is why we ask customers to use a proxy or VPN in order to hide our IP.

Thank you for your post I am sure others will benefit from your hands on experience of our Kali machines.


#3

We may look at adding a US server as performance is not that great from the United States however we dislike running servers in the US and if there is more customers in the US that require more performance then we may look at convincing management to add at least one server there.

This is a great post above and certainly gives new potential customers an insight to your experience with our Kali Linux Hosting.


#4

I forgot to add that, indeed permissions within our network are different to those outside so when I want to test externally I’ve usually no choice but to work over the weekend otherwise. Quite a few issues came about because the administrators had thought something sensitive simply wasn’t accessible externally but it hadn’t been configured correctly!


#5

@JohnH Ill be moving the new template to the servers soon once I have made some new performance changes. IN addition there will be new efsprogs that are required so expect some downtime however this will not affect current machines only new once being provisioned.