thingy thing on assignment

1. Assignment Report
Cloud Computing
Awais Shahid
21i-2764
Section CY-T
Submitted to:
Dr. Muddasar Aslam
Department of Computer Science BS(CS)
FAST-NUCES Islamabad

2. This report is on the first assignment where we are told to setup a VM on any cloud provider of
our choice. Add a custom firewall rule in the subnet's security list and then setup SSH keys in the
VMs network config. Finally, we host a basic html website using apache2. My cloud provider of
choice for this assignment is Google Cloud Platform (shortened to GCP for this report) as I used
this cloud provider for a personal project of mine back in semester 1.
Setting up Billing for a free trial
Luckily most, if not all, cloud providers give free credit for a trial. For our assignment, I
availed this resource by verifying my billing address using a Sadapay account. Pictures are not
included for privacy.
Create a VM
Now that I have 400$ worth of free credit for 3 months, I can set up a VM. For this GCP
provides what they call a SaaS module called Compute Engine which is similar to Amazon’s
EC2. This is an API so it had to be enabled to use it. After waiting for a minute or two I was able
to see a dashboard displaying all current instances, in my case, there were none that I could
manage. I
clicked on create a new instance and was greeted with the following screen.

3. I went for a slightly better CPU configuration just in case it was a bottleneck. I also set up the
basic firewall rules to allow HTTP & HTTPS traffic as well.
After this clicking on “Click” initialized my very own Debian VM. At the time of the
screenshot, I was not aware that the default Linux distro used is Debian. It is possible to use
Ubuntu which
would have a GUI and this, later on, came back to bite me. The current Debian Distro only had the
basic OS I believe since I almost had to install everything.
Generate SSH keys
Now with the VM setup, we are provided with an internal and external IP. The internal IP is
for communication b/w other VMs in the same subnet while the external IP is public and if I
had bought and assigned a domain to that IP then I can easily host my very own website but at
the time of writing the decision is to keep this report/blog private.

4. We can use this public IP to use ssh to get a secure shell on our terminal. I realized that since
SSH is involved I might as well use a Linux distro and the only one available at the moment
is Kali Linux so that's what I went with from this point on to SSH into the cloud VM.
Setting up SSH keys was easier than expected as Kali Linux had a command ‘ssh-keygen’
from openSSH that generates a public/private key pair for you. But the default settings did not
work and after some googling, I found out that we need an RSA key pair so that's what I did
using

5. ssh-keygen -t rsa -f /” key name”’.
I echoed the generated public key into the terminal and copied it into the cloud VM’s network
config using the GCP Console. Now I can use the private key with SSH and get a shell into my
kali terminal.

6. Using SSH to get a shell

7. SSH success. I was prompted to add the server to my list of known hosts which I did and since
my private key had no passphrase (Yes I am aware of how bad that is as a CySec Student) it
logged me into the VM
Add a custom firewall rule in the subnet's security list
Now, this part of the assignment was a little confusing since we are only working with one VM,
there is only one IP in the entire subnet, and on top of that google does not exactly specify
subnetting in its GCP so I believe I did it correctly. So I just took one random port and one
random IP and blocked it. I called the rule ‘DenyAll’ but in reality, it's just a bad naming
convention. Enabling RDP was not necessary as the rule for RDP access was already created on
initialization.

8. Default Rules are viewed on the VPC Network console.
Creating my own Firewall Rule

9. The new rule can now be seen at the bottom of the rules list.
Setting Up RDP (Remote Desktop Protocol)
I had used a remote desktop before but was not aware of a Linux version. A quick google search
shows that XRDP is a package that can be used for such a feature and I quickly installed it.
There was not much setup involved as the RDP port was already open and xrdp runs as a service
in the cloud VM

10. Now, this is where my choice of Linux distro came back to bite me. My cloud VM does not
support a GUI and so logging in using RDP would just give me either a blank screen or a
terminal console possibly. So here I started installing a commonly used GUI by the name of
XFCE4. I took the longer route of setting up an XFCE session as well just to avoid any internal
problems but on my second try at this assignment, I found out that installing XFCE4-goodies
does most of the setup for you. The only thing needed to do if you do face a problem is to stop
and

11. start the VM
Just to double-check if the RDP port was indeed open and for the sake of pinging Google
cloud. I ran a nmap scan to see what ports were open. In hindsight this was kind of a bad idea
since I was not able to use RDP to log into my VM for a while, my guess is some sort of CPU
bottleneck was caused by handling all those SYN packet pings.

12. The following image shows that both ports 80 and 443 are open for HTTP & HTTPS
connections. Port 22 is for SSH and Port 3389 is for RDP but for some reason, my scans returned
a TCP tunnel
For some reason, I did not know my login credentials, so I did the next best thing a
cybersecurity student would do and remove all passwords for all users including root and then
sign into the VM using RDP as i122764 without a password

13. Looking for default passwords
Image 20

14. Realizing i do not know the password and default passwords do not work

15. Image 22
RDP Success. I was able to log in using RDP and was greeted with an XFCE GUI. in hindsight
a GUI was not necessary at all as a command line is shown if I tried to rdp and did not have a
GUI installed.

16. Hosting a Web Server and my website
My web server of choice is usually apache2 since it's the first one I have used and have not
had any problems with so far. Installing it was pretty simple using the command ‘sudo apt
install apache2 -y’
The default page of the Apache Web Server is accessed using the
Public IP of the VM

17. Now that I know apache is working I can download a sample page and host it. But to avoid the
use of FTP or any other sort of file transfer I needed a web browser and to my dismay, the VM
distro does not come with a browser so I had to set up and install chrome through the terminal
after which I got a sample page.

18. A sample page I picked to use, this page was downloaded and the conf file in
/etc/apache2/sites-available was pointing to the extracted files in /var/www/test where the
index.html file was located
Accessing my public IP of the VM to confirm it is indeed hosting the website. As you can see
through, there are some issues with CSS elements that I later found out were somehow due to
inline CSS or CSS within the HTML.

19. Now that I can see that my sample page is hosted but with CSS being the problem I decided to
code a simple HTML-only page that would show my name. Albeit I was a bit hasty and deleted
the project with the CSS page on my first try. I managed to redo it all again pretty quickly and set
the HTML-only page. The conf file this time was the default conf file that was pointing to
/var/www/. I only modified the index.html file. You will see this if you try to access the Public IP
of the VM.

20. That is the end of the report. NOTE:: The VM is shut down so it is highly likely that the public
IP in these screenshots will not be static at the time of checking.
Report edit: I was done with the assignment but an idea struck me at night to convert the PDF
into the HTML and host that on apache2. I used the built in SSH-terminal to quickly send over
the converted PDF index.html which is the blog. After a quick server reload, the blog was up and
running.