🖥 How to Build a Hacking VPS 🏹

I’ll show you how to set up a Kali Linux virtual private sever(VPS) on Digital Ocean for ethical hacking, how to use a browser though your VPS, get a free domain name for your VPS, make a local backup and more!

When doing ethical hacking challenges or on pen-testing lab platforms like Hack the Box(HTB), Try Hack Me(THM) or Cyber Sec Labs(CSL), you’re likely hacking from a virtual machine. This works great but I’ve found setting up a VPS to launch my ethical hacking endeavors from has a few important benefits.

First off, you have persistence in your hacking session. I jump between a few different laptops in my day to day activities. Rather than working on a different virtual machine individually, with its own files, on each laptop, I can log into a VPS from any computer and picked up from where I left off on another computer. This point is extremely handy if you work between multiple computers. You can also log in to the VPS though you phone with SSH apps too.

Second, it takes the load off of your local machine in terms of RAM and CPU usage during your hacking actives. Most virtual machines are usually pretty slow to deal with as well. Using SSH on your VPS is much faster and more responsive than using a virtual machine. If you’re sick of laggy VM’s, hop on to a VPS.

Third, you aren’t limited by your local network. I currently live on a college campus, and the firewall here blocks my reverse shell connections when I’m trying to hack something on HTB or CSL. This is a very big problem to have. Logging in to a VPS, away from you local network, fixes this. If you happen to be on a restrictive network, a hacking VPS is for you!

Lets get started on how to build a hacking VPS!

Building a Kali Linux image for Digital Ocean

You could build your own Kali Linux image from the standard ISO up. Offensive Security’s documentation is pretty good on this, the website even has a dark mode!

Or you could launch a standard Debian VPS from the Digital Ocean web GUI and modify it to be a Kali Linux equivelant. This is a faster route than building your own image:

The fastest route is you can use the Kali Linux image that I’ve already built for you! Download it here:

Once you downloaded and unziped the file:

  1. Click on “Images” in your Digital Ocean control panel.
  2. Then click “Custom Images”
  3. Then “Upload Image” and find the .vmdk you downloaded to upload.

The image is pretty large, even though it’s a minimalist and headless installation of Kali Linux. It may take some time to upload. Once it’s done, click “More” then “Start a droplet” to begin the process of spawning the VPS.

SSH Keys

If you want to connect to your Hacking VPS from multiple computers, here is a great article on how to distribute your SSH key:

Using Burp Suite with Proxy

  1. Install the Burp Suite CA certificate:

2. Install Foxy-Proxy to your browser:

3. Configure SOCKS proxy in Burp Suite under “User Options”:

4. Set a Foxy Proxy to HTTP port 8080 on local host to start sending traffic though the burp suite SOCK proxy:

5. Whenever you want to browse though your VPS, set foxy-proxy to your burp suite VPS browsing configuration:

Tmux for persistence

To installing Tmux:

apt install tmux

There are hundreds of guides on how to use it you can find on your favorite search engine. Tmux out of the box is a bit hard to use, so I recommend following this article to make some important configurations:

Copy pasting in Tmux

Creating Local Backup of your VPS image

  1. Figure out the name of your disk:

fdisk -l

Then download the image of that disk with SSH and DD:

ssh root@123.456.789 "dd if=/dev/vda | gzip -1 -" | dd of=kali_digital_ocean_image.gz

Creating a cool domain name

  1. Create an Account:

2. Once logged in, click “Subdomains” then “add”:

3. Pick a subdomain, pick a domain, set your VPS’s IP address, do the human verification challenge then click “Save!”:

You now have a registered domain.

4. You should now be able to ssh into your machine using this slick domain name rather than an ugly IP address.

That’s the gist of my personal setup. If you have any ideas to add to it, spot any flaws in my post or have an criticism of my writing, please email me at robertscocca@protonmail.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store