Pages

Thursday, February 23, 2017

Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 2

In order to understand how adversaries compromise an entire domain and to learn what you have to hunt for, you have to create your own at home. In this post we will go over setting up a basic Windows Server 2012 and enabling the following server roles: DHCP, AD and DNS.

First of all, I would like to say that there is a great step by step series of articles that can also walk you through how to build a simple active directory lab covering everything I will show you in the next couple of posts, so if you want to also have a second option with great details and definitions, I would highly recommend reading the following article: Building and Active Directory Lab by Jared Haight.

In this post I will share how I installed my Windows 2012 server and enabled roles before promoting it to DC.



Requirements for this setup:


3 new VMs to install your Windows Server 2012 R2 and Windows 7 boxes.


  • Create/Register a new VM as shown in our previous post where we built our PfSense VM (Figure 8 -19)
  • Windows Server 2008 R2
    • Set it up to only one Network Adapter and leave it with its VM network port group for now (VM network)
    • Set your CD/DVD Drive to your Windows Server 2012 ISO
  • Windows 7 x64 Boxes
    • Set them up to only one Network Adapter and set it to your virtual LAN. That will get your boxes ready for when you set up your final DHCP server.
    • Set the CD/DVD Drive to the Windows 7 x64 ISO.
    • I wont be showing the installation of these boxes since they follow the same initial basic setup of the Windows Server 2012. Just keep them simple. We will be joining them to the domain in our next post.


ISO (Microsoft Imagine or Microsoft Eval-Center)

Make sure you still have your school e-mail if you choose to use Microsoft Imagine; Otherwise, you will have to use Microsoft Eval-Center.

  • An educational or evaluation version of Windows Server 2012 R2
  • An educational or evaluation version of Windows 7 x64


Setting up our Windows Server 2012 R2


Installing Software


If you have not obtained a copy of Windows Server 2012 R2 ISO yet, go to Microsoft Imagine, register and download a copy of it. Look for the following:



Figure 1. Software needed for our Windows Server 2012 R2 installation.




After creating/registering your new VM with the right settings and attaching your Windows Server 2012 R2 ISO to its CD/DVD drive, boot it up. Then, click next to accept the initial settings (this might be different depending on personal preferences or location)


Figure 2. Initial settings after booting up VM.




Figure 3. Install now option.




Your product key will be available when you request a copy of your ISO in Microsoft Imagine as shown in Figure 5.


Figure 4. Window to insert Product Key obtained from Microsoft Imagine.




Figure 5. Options in Microsoft Imagine to retrieve your product key.




Select the operating system you want to install (in this case we downloaded the 64-bit version so only 64-bit version is shown) and what flavor. I selected Server with GUI as shown in Figure 7.


Figure 6. Selecting Operating System and flavor.




Figure 7. Selecting Server with GUI installation.




Accept the License Terms and select "Install Windows Only" since we do not have a version of Windows already running on the computer


Figure 8. Accepting License terms.




Figure 9. Selecting "Custom: Install Windows Only".




Next, select where you want to install Windows (Default Virtual Drive assigned to your VM) and click Next.



Figure 10. Selecting Drive to install Windows.




Figure 11. Installing Windows.




Figure 12. Installing Windows.




Create a password for your Administrator account


Figure 13. Setting the Administrator's password.




Figure 14. Setting the Administrator's password.




Figure 15. Finalizing settings.





Figure 16. Windows Server 2012 R2 installed already.




Logon for the first time and accept the default network settings. After that, it would be a good time to take a fresh Install snapshot of your VM.


Figure 17. Fresh Windows Server 2012 R2 install.





Figure 18. Accepting default network settings.





Installing VMware Tools


Install Vmware tools on your VM by browsing to the option "Install VMware Tools" in your VM console.


Figure 19. Installing VMware Tools.




Check your Devices and Drivers. You will see that the VMware tools disc was mounted.


Figure 20. VMware Tools disc mounted and ready.




Double click on it, and go with the default options


Figure 21. Installing VMware tools.




Figure 22. Installing VMware Tools - accepting default options.




Figure 23. Installing VMware Tools - accepting default options.




Figure 24. Installing VMware Tools.




Figure 25. Finishing VMware tools installation.




Restart your computer and take a snapshot of your VM after rebooting.


Figure 26. Message to reboot computer after installing VMware Tools.




Figure 27. Windows Server 2012 R2 fresh install with VMware Tools installed..





Enabling Server Roles: AD DS, DHCP & DNS



Preparing our Windows Server


Before assigning any new roles to our server, it is important to make things easier for future configurations. Therefore, I always change the default name of the server since it always gets a long name that you might not remember.


  • First, click on the original computer's name. In the case of my server (WIN-6NBBJLURST was assigned) . It will open a new window named "System Properties".
  • Next, Click on "Change"
  • Under Computer Name, you will now be able to change your computer's name
  • Once you change the name of your server, you will be able to press "ok"


Figure 28. Original server name.




Figure 29. System Properties window to change server name.




Figure 30. Changing the server's name.




Figure 31. Changing the server's name.




Next, restart your computer to apply the new computer's name.


Figure 32. Restarting server after changing its name.




Figure 33. Restarting the server after changing its name.




Once your computer comes back up, click on the top right option named "Manage" and select "Add Roles and Features" in order to add "AD domain services, DHCP Server Roles, and DNS server roles"


Figure 34. Server Manager Dashboard.




Figure 35. Selecting "Add Roles and Features" option.




We will now get presented with the Add Roles and Features Wizard which will help us to add the roles we need for our server. Click Next to start.


Figure 36. Default initial screen of Add Roles and Features Wizard.




Select the installation type. Just leave the default role-based or feature based installation and click Next.


Figure 37. Default installation type.




Click next to select our server (the only one). Also, I wanted to mention that as you can see, my server has an IP address from my home network, and this is because it is still on my default port group "VM network". For now, this does not matter, but when we start setting up its DHCP server role, we will have to switch it to our virtual LAN and configure our PfSense to stop its DHCP services. You will want to move your server to your Virtual LAN when you configure its DHCP server role because you do not want it either to interfere with your home's router DHCP server. We want it running in our virtual LAN (our own domain). Ok lets keep going.


Figure 38. Selecting our own server from the server pool.




Now this is the part where we will start adding server roles.

Select the server role and click on its checkbox. This will prompt you with a new window with the option "Add Features" for you to click. Ignore the warning message for now. We will fix them in the future. Do all this for the following roles:


  • Active Directory Domain Services
  • DHCP Server
  • DNS Server

Figure 39. Initial roles window.




Figure 40. Selecting Active Directory Domain Services.




Figure 41. Adding Active Directory Domain Services features.




Figure 42. Selecting DHCP Server role.




Figure 43. Adding DHCP Server role features.




Figure 44. DHCP warning message because the server does not have a static IP address.




Figure 45. Selecting DNS server role.




Figure 46. Adding DNS server role features.




Figure 47. DNS server role warning message because the server does not have a static IP address.




Once you have selected all the server roles that we need for our lab, click next.


Figure 48. Server roles have been selected.




Leave the default features to be installed on the server and click next.


Figure 49. Default features to be installed on the server.




Read all the roles that you are adding if you can and click next on all of them.


Figure 50. Active Directory Domain Services definition and notes.




Figure 50. DHCP Server role definition and notes




Figure 51. DNS Server role definition and notes




Next, confirm the roles and features to be installed on the server, and click Install.


Figure 52. Confirming roles and features added to the server. 




Figure 53. Installation progress.




Figure 54. Installation progress.




If everything goes well, you will see that the installation succeeded. Now, I don't know if you notice, but once the installation finished, two options were made available for you:


  • Promote this server to a domain controller
  • Complete DHCP configuration

The next step would be promoting our server to a domain controller, and we will do it in our next post along with our DHCP configuration. Do NOT close the window if you are ready to continue.


Figure 55. Installation succeeded. Promoting server to DC and configuration of DHCP are the next steps.





I wanted to split this whole set up in 2 blog posts so that the number of steps and images are organized better. Jump to the next post in order to continue.


Feedback is greatly appreciated!  Thank you.




12 comments:

  1. Replies
    1. I got my already programmed and blanked ATM card to withdraw the maximum of $1,000 daily for a maximum of 20 days. I am so happy about this because i got mine last week and I have used it to get $20,000. Mike Fisher Hackers is giving out the card just to help the poor and needy though it is illegal but it is something nice and he is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from Mike Fisher Hackers today! *email cyberhackingcompany@gmail.com


      Delete
    2. What has your government done to help save you from your financial instability? you strive to survive and yet you hear stories of how your leaders have become terror in your entities... is time to make a different. for will have made money, and we have also come to help you out from your long time of financial suffering. clearing of credit card is made available, software for hacking ATM machines, bank to bank hacking and transfer, change your school grade and become something useful in the society. we also have other form of services such as Facebook hack, whats-app hack, twitter hack, i cloud hack, tracking of smart phones, hacking CCTV, installation of software on desktop and PC, snap-chat hack, Skype hack, wire wire, bitcoin account hack, erase your criminal record and be free for ever. database hack and many more. e-mail: cyberhackingcompany@gmail.com for your genuine hacking services and we shock we your findings.  

      Delete
  2. The environment of Monaco, its aspects, challenges and possible impact on business. http://www.confiduss.com/en/jurisdictions/monaco/environment/

    ReplyDelete
  3. This is so fun! What a great idea. Also I love how authentic you seem to check here
    .

    ReplyDelete
  4. I was searching for a loan to sort out my bills & debts, then I saw comments about Blank ATM Credit Cards that can be hacked to withdraw money from any ATM machines around you . I doubted this but decided to give it a try by contacting { officialblankatmservice@gmail.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000,000.00 so i requested for one & paid the delivery fee to obtain the card, after 24 hours later, i was shock to see the UPS agent in my resident with a parcel {card} i signed and went back inside to pick up my car key and drove to a nearest ATM machine to confirmed if the card really work to my greatest surprise it did.. This is no doubt because I have the card & have made use of the card. These hackers are UK based hackers set out to help people with financial freedom!! Contact them via email: officialblankatmservice@gmail.com or WhatsApp +447937001817 if you want to get rich.

    ReplyDelete
  5. We have specially programmed ATMs that can be used to withdraw money at ATMs, shops and points of sale. We sell these cards to all our customers and interested buyers all over the world, the cards have a withdrawal limit every week.The programmed ATM card withdraw money from each ATM but have a withdrawal limit every week, only your PIN code is in it, it is a high-tech card system. The PROGRAMMED ATM card works on all card-based ATMs, anywhere in the world.
    -hack into any kind of phone
    _Increase Credit Scores
    _western union, bitcoin and money gram hacking
    _criminal records deletion_BLANK ATM/CREDIT CARDS
    _Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
    _Security system hacking...and so much more. Contact us now and get whatever you want at
    Email:creditcards.creditscoreupgrade@gmail.com
    whatsapp:+1785 279 3047

    ReplyDelete






  6. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com




    ReplyDelete
  7. I’m Elizabeth from New Jersey, United States. I lost my job a few months back after my divorce with my husband. I tried everything positive to make sure I took good care of my kids but all failed, and I was in debt which makes everything worse. I was kicked out of my home and I had to live with my neighbor after pleading with her to allow me to stay with her for some days while I figured out how to get a home which she agreed to, but no one was willing to help anymore. I bumped into this page from google and I was excited about this, then I contacted the hackersBill Dean. I had just $200, so I pleaded with them to help me because of my condition but they never accepted. I believed in this, so I managed to pawn a few things and got $500. I ordered the $10,000 card and I got my card delivered to me by Ups 4 days later. I never believed my eyes! I was excited and upset as well, I managed to withdraw $2000 on the ATM and $2500 the second day. I went to Walmart and a grocery store and bought a couple of things for $3000. I’m so happy, I have started all over again and have a good apartment with my kids you can contact him through is via email (officialhackingcompany@gmail.com)

    ReplyDelete