itu ethical hacking lab setup guide
TRANSCRIPT
ITU Ethical Hacking Lab Setup Guide Use this setup guide to prepare your lab environment for the Ethical Hacking course activities.
Host Hardware Checklist Your computer can be a laptop or desktop. It should meet the following minimum requirements:
Intel Core i5 3.2 GHz 64-bit CPU or better (multiple cores is preferred)
16 GB RAM (32 GB or more is recommended)
200 GB free disk space, 7200 RPM or faster drive (SSD is preferred)
DVD drive
1 Ethernet network adapter
17” LC monitor
Mouse, sound card
Internet access
Wireless network adapter (built-in or USB)
Operating System Checklist You will use the following operating systems:
Kali 2018.3 VM 64 Bit 7z
o https://images.offensive-security.com/virtual-images/kali-linux-2018.3-vm-amd64.7z
Windows Server 2016 ISO (licensed or evaluation)
o https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016
Windows Server 2012 R2 ISO (licensed or evaluation)
o https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2
Windows 8.1 64-bit ISO - be SURE to select 64-bit!
o https://www.microsoft.com/en-us/software-download/windows8ISO
Ubuntu 16.04.3 Desktop 64bit ISO
o http://old-releases.ubuntu.com/releases/16.04.3/ubuntu-16.04.3-desktop-amd64.iso
Metasploitable 2
o https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Support Tools: You will need the following support software:
VMWare Workstation 15 Player for Windows (alternatively, VMWare Workstation Pro or Oracle
Virtual Box)
o https://www.vmware.com/products/workstation-player/workstation-player-
evaluation.html
7zip for 64-bit Windows
o https://www.7-zip.org/a/7z1805-x64.exe
Opera Browser for Windows
o https://www.opera.com/computer/thanks?ni=stable&os=windows
A PDF reader such as Adobe Acrobat Reader or Foxit PDF Reader
o https://www.foxitsoftware.com/downloads/#Foxit-Reader/
o https://get.adobe.com/reader/
Mozilla Thunderbird for Windows
o https://www.thunderbird.net/en-US/
MailEnable Standard Edition (Free) Email Server
o http://www.mailenable.com/standard_edition.asp
Hacking Tools You will need to download and organize a number of hacking tools on your host. You will drag and drop
these tools as needed to your Windows guests during the activities.
1. On your host computer, create the folder C:\Hacking Tools.
2. In your antivirus program, make permanent exemption for C:\Hacking Tools.
3. While downloading and organizing the tools, temporarily shut off your antivirus program.
4. Inside of C:\Hacking Tools, create the following subfolders to organize your downloaded
hacking tools. (Note: some modules either do not have activities or do not need additional
software, so they do not need folders):
C:\HackingTools\
Module 2-Footprinting Reconnaissance
Module 3-Network Scanning
Module 4-Enumeration
Module 5-Vulnerability Analysis
Module 6-Malware Threats
Module 7-Sniffing
Module 9-Denial of Service
Module 11-Hacking Web Servers
Module 15-System Hacking
Module 17-Evading IDS Firewalls Honeypots
5. Download and place each of the following tools in their respective folders:
Note: Make sure your antivirus (realtime protection) is shut off. Additionally, Chrome and
Internet Explorer browsers may still refuse to download some of the tools, especially the denial-
of-service applications. Consider using Opera instead.
Module 2-Footprinting Reconnaissance
Web Data Extractor v8.3 or later
o http://www.webextractor.com/download.htm
HTTrack Web Site Copier v3.49 x64
o http://www.httrack.com/page/2/en
o http://download.httrack.com/cserv.php3?File=httrack_x64.exe
eMailTrackerPro
o http://www.emailtrackerpro.com/download.html
SmartWhois
o https://www.tamos.com/download/main/
FOCA 3.0 Free
o https://elevenpaths.com/labstools/foca/indexhtml
Module 3-Network Scanning
Angry IP Scanner
o https://github.com/angryip/ipscan/releases/download/3.5.3/ipscan-3.5.3-
setup.exe
MegaPing
o http://www.magnetosoft.com
Colasoft Packet Builder
o http://www.colasoft.com/download/products/download_packet_builder.p
hp
Wireshark 2.6.4 (Stable Release) or later for Windows
o https://www.wireshark.org/download.html
Module 4-Enumeration
SuperScan 4
o https://en.softonic.com/download/superscan/windows/post-download
Hyena x64 v12.5 or later
o https://www.systemtools.com/cgi-bin/download.pl?Hyena_en_x64
NetBIOS Enumerator
o http://prdownloads.sourceforge.net/nbtenum/nbt_enum_offr_bin2003.03.
01-14_22.zip?download
SoftPerfect Network Scanner
o https://www.softperfect.com/download/files/netscan_setup.exe
Module 5-Vulnerability Analysis
Nessus 8.0 (Nessus-8.0.0-x64.msi)
o https://www.tenable.com/downloads/nessus#download
Module 6-Malware Threats
ProRAT Trojan Building v1.9
o https://prorat.software.informer.com/download/
Module 7-Sniffing
Wireshark for Windows (already installed in Module 3)
Cain & Abel v4.9.56
o http://www.oxid.it/downloads/ca_setup.exe
Module 9-Denial of Service
Low Orbit Ion Cannon (LOIC)
o https://sourceforge.net/projects/loic/files/latest/download
High Orbit Ion Cannon (HOIC)
o https://sourceforge.net/projects/high-orbit-ion-
cannon/files/latest/download
Module 11-Hacking Web Servers
IDServe
o https://www.grc.com/id/idserve.htm
Module 15-System Hacking
tables-vista-free.zip
o http://sourceforge.net/projects/ophcrack/files/tables/Vista%20free/tables_
vista_free.zip/download
Pwdump7x
o http://www.tarasco.org/security/pwdump_7/pwdump7.zip
L0phtCrack 7
o http://www.l0phtcrack.com/download.html
Ophcrack 3.8.0 or later for Windows
o https://sourceforge.net/projects/ophcrack/files/ophcrack/3.8.0/ophcrack-3.8.0-
bin.zip/download
Spytech Spy Agent 10.x or later Standard Edition Free Trial
o https://www.majorgeeks.com/mg/get/spytech_spyagent,1.html
SNOW
o http://www.darkside.com.au/snow/snow.zip
QuickStego 1.2.1
o https://www.majorgeeks.com/mg/getmirror/quickstego,1.html
Module 17-Evading IDS Firewalls Honeypots
KFSensor Professional Free Trial
o http://www.keyfocus.net/kfsensor/free-trial/
Additional Hardware The following additional hardware is required for some of the activities. If you don’t have this hardware,
you can watch the respective activity videos without performing the tasks yourself.
Older Android phone, version 4.4 (KitKat) to 6.0.1 (Marshmallow). The phone does NOT need a
SIM card or cellular plan. It just needs to be Wi-Fi capable.
Wi-Fi capable mobile device such as a phone, tablet, or laptop. The Android phone (above) can
also be used.
Wi-Fi router such as a Linksys WRT54-G or similar. Must support both WEP and WPA.
External Wi-Fi network adapter such as an Alfa AWUS036NHA Wireless B/G/N USB (or similar).
Device must be capable of running Aircrack-ng suite in promiscuous mode on Kali Linux.
USB thumb drive, formatted with the FAT32 file system, with at least 50 KB of free space.
Prepare the Host Machine Use these steps to prepare your host computer.
Install Software 1. Perform a default installation of the following:
VMware Workstation 15 Player for Windows
Opera
PDF Reader
7zip
Note: Alternatively, you can use a different virtualization product such as VMWare Workstation
Professional or Oracle Virtual Box. If you
IP Adressing
Depending on your virtualization product, the subnet ID for your lab network might be
different from what is used in the video demonstrations.
The default subnet ID for VMware Workstation 15 Player is 192.168.75.0/24.
If yours is different, make a note of it and accommodate for the difference as you perform
the activities.
Alternatively, you can edit the configuration in the virtualization product to conform to this
setup guide. Please see your virtualization product manufacturer’s guide for the procedure.
Mouse trapped in VMware
If your mouse gets trapped in a VMware virtual machine, press Ctrl+Alt to release it
Uninstall Hyper-V IF you have Hyper-V installed, you will need to uninstall it.
1. Click StartControl Panel.
2. Under Programs, click Uninstall a program.
3. On the left, click Turn Windows features on or off.
4. Scroll down and locate Hyper-V.
5. Ensure that its checkbox is completely clear. You may have to expand it to uncheck its
subfeatures.
6. Click OK.
7. Reboot.
8. Log back into your host.
9. Click Start.
10. Search for Command Prompt.
11. Right-click Command PromptRun as Administrator.
12. In the Command Prompte, enter:
bcdedit /set hypervisorlaunchtype off
13. Reboot.
Create Windows Server 2016 VM WARNING: If possible, create all virtual machines on the C: drive. Creating them on an external hard
drive can result in poor performance.
End Result You have a Windows Server 2016 Standard (Desktop Experience) guest VM installed with these features:
60 GB HD (dynamically allocated)
2048 MB (2 GB) RAM
User = Administrator
Password = Pa$$w0rd
Name = Server2016
Ethernet0 IP Address = 192.168.75.16 (Your subnet ID might be different)
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.75.2 (Your subnet ID might be different)
Preferred DNS = 8.8.8.8
IE Enhanced Security Configuration = Off
Roles and Features:
o SNMP Service (including SNMP WMI Provider)
READ ONLY
Community string = public
Accept SNMP packets from any host
o Web Server IIS
o FTP Server (including FTP Service)
Installed Software:
o Chrome Browser
o MailEnable Email Server with two mailboxes
o Thunderbird Email client that uses MailEnable as its server
o VMware Tools
Firewall off
Password Policy:
o No password complexity
o No maximum password age (set to 0)
o No minimum password length (set to 0)
o No password history
User accounts / passwords:
o Bwalya / letmein
o Joe / apple
o Moo / password
Install the Operating System 1. Locate the ISO you downloaded. A downloaded evaluation ISO will be named something like
Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO.
2. Open VMware Workstation 15 Player.
3. Click Create a New Virtual Machine.
4. On the Welcome to the New Virtual Machine Wizard page, click the I will install the operating
system later radio button and click Next.
5. On the Select a Guest Operating System page, ensure that the Microsoft Windows radio button
is selected, and that Windows Server 2016 is selected from the dropdown list, then click Next.
6. On the Name the Virtual Machine page, ensure that the Virtual machine name is Windows
Server 2016. Accept the Location default and click Next.
7. On the Specify Disk Capacity page, accept the Maximum disk size default and select the Store
virtual disk as a single file radio button. Click Next.
8. Click Finish.
9. Click Edit virtual machine settings.
10. On the Hardware tab, select CD/DVD (SATA).
11. In the Connection settings, click the Use ISO image file: radio button.
12. Click the Browse button.
13. Browse to and select the ISO, then click Open.
14. Click OK.
15. Click Play virtual machine.
16. If a popup dialog box regarding Removable Devices appears, click OK.
17. When prompted to press any key to boot from CD or DVD, quickly click inside the window and
then press the spacebar. If you miss it and see an “unsuccessful” message, press Ctrl+Alt to
release your mouse, then at the top of the VM window press the Ctrl+Alt+Del button and
try again.
18. On the Windows Setup page, accept the default and click Next.
19. Click Install Now.
20. On the Select the operating system you want to install page, select Windows Server 2016
Standard Evaluation (Desktop Experience) and click Next.
21. On the license page, click the I accept the license terms checkbox and click Next.
22. On the Which type of installation do you want? page, click Custom: Install Windows only
(advanced).
23. Click Next. Allow the install to proceed.
24. On the Customize settings page, ensure that Administrator is entered for User name, then enter
and re-enter Pa$$w0rd (that’s a zero, not a capital O) for the password and click Finish.
25. When you see the login screen, at the top of the VM click the button.
26. At the Administrator login prompt, enter Pa$$w0rd and press Enter.
27. Verify that you can log in, and that after a moment the Server Manager Dashboard opens.
Change the Computer Name 1. Ensure that you are logged in as administrator with the password Pa$$w0rd. Don’t forget to
use the Ctrl+Alt+Del button at the top left of the VM window.
2. If necessary, open Server Manager by clicking its launcher button .
3. If you are prompted by a Networks pane to allow your PC to be discoverable, click Yes.
4. In Server Manager, on the left pane, click Local Server.
5. In the PROPERTIES pane, click the computer name. It will be something like WIN-3Q6BQNTI04G.
6. In the System Properties dialog box, on the Computer Name tab, click the Change… button.
7. In the Computer name: text box, enter Server2016 then click OK.
8. Click OK.
9. Click Close.
10. When prompted to restart, click Restart Now.
Hard-Code the IP Address 1. If necessary, log in as administrator with the password of Pa$$w0rd.
2. Navigate to the Server Manager Local Server page again.
3. In the PROPERTIES section, next to Ethernet0, click the IPv4 address assignment by DHCP link.
4. In the Network Connections page, double-click Ethernet0 (Note: your Ethernet interface name
might be different).
5. In the Ethernet0 Status page, click the Details… button.
6. Locate and record the subnet ID (first three octets) of the IPv4 Address. In a default installation
of VMware Workstation 15 Player, it is likely to be 192.168.75. Similarly, make note of the IPv4
Subnet Mask and IPv4 Default Gateway.
7. Click Close.
8. Click Properties.
9. Select Internet Protocol Version 4 (TCP/IPv4) (be sure to select the name, NOT the checkbox)
and click Properties.
10. Configure the IP settings as seen below. Note: If your subnet ID, Subnet Mask, and Default
Gateway are different, use those values instead. Just make sure the host ID (last octet of the IP
Address) is 16.
11. Click OK.
12. Click Close.
13. Click Close again.
Configure IE Enhanced Security 1. Open Server ManagerLocal Server.
2. In the Properties section, locate IE Enhanced Security Configuration.
3. Change the setting to Off for both administrators and users and click OK.
Add Windows Roles and Features 1. In Server Manager, switch to Dashboard.
2. Click Add roles and features.
3. Click Next.
4. Ensure that Role-based or feature-based installation is selected, and click Next.
5. Click Next again.
6. On the Select server roles page, check the Web Server (IIS) checkbox, click Next, click Add
Features, then click Next again.
7. On the Select features page, check the following checkboxes (you will have to scroll down to see
all of them):
SNMP Service
SNMP WMI Provider
8. Click Next.
9. On the Select role services page, scroll down and also check the following checkboxex:
FTP Server
FTP Service
10. Click Next.
11. Click Install.
12. When the installation is complete, click Close and restart Server 2016.
Install Chrome Browser 1. Download and install the Chrome browser.
Install MailEnable Email Server Note: To avoid any possible confusion with real email addresses on the Internet, you will set up an email
server for example.com, which is a domain that is not used on the Internet.
1. Locate the MailEnable installer you downloaded. It will be named something like
standard1019.exe.
2. Double-click the installer.
3. Click OK.
4. Click Next.
5. On the Get Installation Settings page, in the Name: text box enter your name. In the Company:
text box, enter example.com.
6. Click Next UNTIL you reach the Get Postoffice Details page (about 6 times).
7. On the Get Postoffice Details page, in the Post Office Name: text box change the text to
example.com, in the Password: text box, change the default to 1Password and click Next.
8. Click Next.
9. On the SMTP Connector Configuration page, in the Domain Name: text box enter
example.com, accept the other defaults, and click Next.
10. Click Next and allow the installation to continue.
11. On the Select WebMail Web Root page, ensure that the Configure web mail as an IIS Virtual
Directory checkbox is selected, and that the Web Server: dropdown box shows (Default Web
site) Default Web Site and then click Next.
12. Click Next again.
13. Click Finish.
14. If a browser page opens, close it.
Set Up Mailboxes 1. On Server 2016, click Start.
2. Locate the M section, and expand MailEnable.
3. Click MailEnable.
4. In the MailEnableAdmin console, on the left pane, under MailEnable Management, expand
Messaging Manager Messaging Manager Post Offices example.com
5. Double-click Mailboxes.
6. Verify that you see the Postmaster mailbox.
7. Right-click Mailboxes New Mailbox.
8. In the Mailbox Name: text field enter your first name.
9. In the Password: text field enter 1Password.
10. Check the Show Password checkbox.
11. In the Mailbox Type: dropdown box, select ADMIN.
12. Click OK
13. Verify that you now see your mailbox.
14. Using the same steps, create another mailbox for another person. Make that mailbox type a
USER.
15. Verify that you see both mailboxes.
16. On the left pane, expland ServersServices and Connections.
17. Right-click IMAP Properties Settings.
18. Check the Allow clients to login using PLAIN authentication checkbox.
19. Click OK.
20. Minimize MailEnableAdmin. Leave it running.
Install Thunderbird Email Client You will eventually install Thunderbird on Server 2016, Kali, and Ubuntu.
1. Locate and launch the Thunderbird installer that you downloaded. It will be named something
like Thunderbird Setup 60.3.0.exe.
2. If prompted by User Account Control, click Yes.
3. If prompted to install the file, click Run.
4. On the Welcome page click Next.
5. Click Next again.
6. Click Install.
7. Click Finish.
8. If you see a System Integration popup dialog box, click Skip Integration.
9. If applicable, on the Welcome to Thunderbird page, select Skip this and use my existing email
button. (NOTE: Not all versions of Thunderbird include this page)
10. On the Mail Account Setup page, enter your name, the email address you created in
MailEnable, and the password you set for the mailbox in MailEnable.
11. Click Continue.
12. In the Authentication Required popup dialog box, click Cancel.
13. In the Set Up an Existing Email Account dialog box, enter information to look like the following.
In the Server hostname section, enter the IP address of Server 2016.
Note: Your IP addresses may be very different.
14. Click Done.
15. If a Warning page appears, check the I understand the risks checkbox and click Done.
16. In the Thunderbird application, in the upper left on the toolbar, click Write.
17. Create and send a test email to both of the email accounts you created. Notice that each
recipient is listed on its own line.
18. Ensure that you can receive and read the email you sent to yourself.
19. In Thunderbird, on the left pane, select your account.
20. In the middle pane, under Accounts, under Set up an account, click Email.
21. Using the steps you just learned, set up an account for your second user.
22. Verify that you can see both users in Thunderbird, and that they can send email to each other.
Disable the Firewall, Windows Updates, and Windows Defender Realtime Protection 1. Click the Start button and enter Command Prompt.
2. Right-click Command Prompt Run as administrator. When prompted by User Account
Control, click Yes.
3. Type these two commands. Press Enter after each:
netsh advfirewall set allprofiles state off
powershell Set-MpPreference -DisableRealtimeMonitoring $true
4. Enter sconfig
5. Enter 5
6. Enter M
7. When the Update Settings popup window appears, click OK.
8. Close the command prompt.
Set Password Policy 1. In the Server Manager Dashboard, in the upper right, click ToolsLocal Security Policy
2. In the Local Security Policy window, expand Security SettingsAccount PoliciesPassword
Policy
3. Configure the following settings. Note that “0” means “none”. Click OK as you set each setting.
4. Right-click Security Settings Reload.
5. Close the Local Security Policy window.
Add Local Users 1. In Server Manager, in the upper-right, click ToolsComputer Management.
2. Under Computer Management (Local), expand System ToolsLocal Users and Groups.
3. Double-click Users. Observe that default users that exist.
4. Right-click UsersNew User…
5. In the New User dialog box, in the User name: field, enter Bwalya
6. In the Password: and Confirm password: fields, enter letmein
7. Clear the User must change password at next logon checkbox.
8. Click Create.
9. Using the same method, create two more users / passwords (NOTE: You can substitute your
own names as desired, but keep the same passwords).
joe / apple
moo / password
Configure SNMP 1. In Computer Management, on the left pane, expand Services and Applications.
2. Select Services.
3. In the middle pane, scroll down to find SNMP Service and double-click it.
4. Click the Security tab.
5. Under Accepted community names, click the Add… button.
6. In the Community Name: text field, enter public and click Add.
7. Click the Accept SNMP packets from any host radio button.
8. Click OK.
9. Close Computer Management.
Install Vmware Tools on the Guest 1. Ensure that you are logged into Server 2016.
2. In Vmware Player, click Player ManageInstall Vmware Tools.
3. In Server 2016, on the taskbar on the left, click File Explorer (folder icon)
4. Verify that you see DVD Drive (D:) Vmware Tools, and double-click it
5. When the Vmware Tools Setup wizard appears, click Next, Next, Install.
6. When the wizard is through, click Finish.
7. When prompted to restart, click Yes.
Shut Down Server 2016 1. At the desktop, click the Start button.
2. Click the Power iconShutdownContinue.
Create the Windows Server 2012 R2 VM
End Result You have a Windows Server 2012 R2 Standard Guest VM installed with these features:
Disk = Default size
2048MB (2 GB) RAM
Name = Server2012R2
User = Administrator
Password = P@ssw0rd
Ethernet0 IP Address = 192.168.75.12 (Your subnet ID might be different)
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.75.2
Preferred DNS = 192.168.75.12 (Same as the IP address)
Roles and Features Installed:
o Active Directory Domain Services
o SMTP Server
o SNMP Service (including SNMP WMI Provider)
Community string = public
READ ONLY
Accept SNMP packets from any host
o Web Server IIS with Basic Authentication
o Group Policy Management
o FTP Server (including FTP Service)
Active Directory Domain Example.com created
Additional DNS records created
Default Domain Policy set to:
o No password history (set to 0)
o No maximum password age (set to 0)
o No minimum password age (set to 0)
o No minimum password length (set to 0)
o Disable password complexity
Domain users created:
o Joe / qwerty / administrators
o Sue / test /administrators
o Sally / apple /administrators
Firewall off
Windows Updates disabled
RDP enabled, allowing connections from any host (not Network Level Authentication)
VMware Tools installed
Install the Operating System 1. Create a Server 2012 R2 VM using the same method you used to install Server 2016. Be sure to
select/configure:
Windows Server 2012 as the guest operating system version
Windows Server 2012 R2 Standard (Server with a GUI) x64 as the operating system you
want to install
Administrator password is P@ssw0rd
Change the Computer Name 1. Log into the server as Administrator with the password of P@ssw0rd
2. If necessary, launch Server Manager by clicking its icon in the lower left.
3. Using the same method you used when setting up Server 2016, change the Computer name to
Server2012R2
Hard-Code the IP Address 1. Using the same method you used when changing the IP address for Server 2016, change the IP
settings to the following. (Your subnet ID might be different):
a. Address = 192.168.75.12
b. Subnet Mask = 255.255.255.0
c. Default Gateway = 192.168.75.2
d. DNS = 192.168.75.12
Add Windows Roles and Features Add Active Directory Domain Services, DHCP, DNS, IIS, and other services and features.
1. If necessary, launch Server Manager.
2. Switch to Dashboard
3. Click Add roles and features
4. Click Next
5. Ensure that Role-based or feature-based installation is selected, and click Next
6. Click Next again
7. On the Select destination server page, click Next again.
8. On the Select server roles page, check the Active Directory Domain Services checkbox.
9. On the Add features that are required for Active Directory Domain Services? popup dialog box,
click Add Features.
10. Similarly, add the DNS Server and DHCP Server roles.
11. Scroll down a bit to find and check the Web Server (IIS) checkbox, click Next, click Add Features,
then click Next again.
12. On the Select features page, check the following checkboxes (you will have to scroll down to see
all of them):
Group Policy Management
SMTP Server
SNMP Service
SNMP WMI Provider
13. Click Next
14. Continue the installation. On the Select role services page, scroll down and also check the
following checkboxes:
FTP Server
FTP Service
15. Click Next 4 times.
16. Click Install.
17. When the installation is complete, click Close. If required, restart the server.
Configure Active Directory 1. If necessary, log into Server 2012 as administrator with the password of P@ssw0rd.
2. In Server Manager, on the left side navigation pane, click AD DS.
3. On the Menu bar at the top right, locate the Notifications (flag) icon and click the yellow
notification triangle next to it.
4. In the popup dialog box, locate and click Promote this server to a domain controller.
5. On the Deployment Configuration page, click the Add a new forest radio button.
6. In the Root domain name: text box, enter example.com
7. Click Next.
8. On the Domain Controller Options page, in the Password: and Confirm password: text boxes,
enter P@ssw0rd
9. Click Next four times, ignoring any warnings, then click Install
10. Allow the installation to complete. The server will reboot automatically.
11. Log into Server2012R2 as EXAMPLE\Administrator with the password of P@ssw0rd
Configure the Default Domain Policy 1. Switch to Server Manager.
2. On the Menu bar at the top right, click ToolsGroup Policy Management.
3. In the left pane, expand Forest: example.com until you see the Default Domain Policy
4. Right-click Default Domain PolicyEdit
5. In the Group Policy Management Editor, expand Computer ConfigurationPoliciesWindows
SettingsSecurity SettingsAccount PoliciesPassword Policies.
6. In the Policy pane on the right, double-click Enforce password history.
7. In the Do not keep password history field, change the setting to 0 and click OK.
8. Similarly, set the Maximum and Minimum password age to 0.
9. Set the Minimum password length to 4 characters.
10. Set the Password must meet complexity requirements to Disabled.
11. Set the Store passwords using reversible encryption to Enabled.
12. Close the Group Policy Management Editor.
Add Domain Users 1. Return to Server Manager.
2. In Server Manager Dashboard, on the left side navigation pane, click AD DS.
3. In the SERVERS middle pane, right-click SERVER2012R2 Active Directory Users and
Computers.
4. Expand example.com, then right-click UsersNewUser.
5. Create a user named Joe Smith, with a user logon name of joe.
6. Click Next.
7. On the next page, set Joe’s password to Pa22word
8. Unckeck the User must change password at next logon checkbox
9. Click Next.
10. Click Finish.
11. In the Users container, verify that you see Joe Smith.
12. Similarly, create the following users and passwords . Make sure that they do NOT need to
change their password at next logon:
Sally Storm / apple
Moo Dharma / password
Sue Waters / letmein
Bwalya Banda / hello
Mannie Nsofwa / Password!
Add Joe, Sally, and Moo to the Domain Admins and Administrators Groups 1. In Active Directory Users and Computers, in the Users container, locate and right-click Domain
AdminsProperties.
2. In the Domain Admins Properites sheet, click the Members tab.
3. In the Members tab, click the Add button.
4. In the Enter the object names to select text box, enter Joe and click OK.
5. Ensure that you see Joe Smith as a member.
6. Similarly, add Sally and Moo.
7. Verify that you see Joe, Moo, and Sally in the Members tab.
8. Click OK.
9. In the left pane under example.com, locate and click the Builtin container.
10. Locate and double-click the Administrators group.
11. Using the technique you just learned, add Joe, Moo, and Sally to Members.
12. Close Active Directory Users and Computers.
Add DNS Records 1. Return to Server Manager Dashboard.
2. On the left pane, locate and click DNS.
3. In the Servers middle pane, right-click SERVER2012R2DNS Manager.
4. Expand Server2012R2.example.comForward Lookup Zonesexample.com.
5. Right-click example.comNew Host (A or AAAA).
6. In the New Host popup dialog box, in the Name field, enter www
7. In the IP address field, enter the IP address of Server 2012.
8. Click Add Host.
9. Click OK.
10. Similarly, add an A record for mail with the IP address 192.168.75.250.
11. Click Done.
12. Right-click example.comNew Alias (CNAME).
13. In the Alias name field, enter ftp
14. In the Fully qualified domain name (FQDN) for target host: field, enter www.example.com
15. Click OK.
16. Verify that your example.com DNS records look similar to this:
17. Close DNS Manager.
Configure WWW to Require Basic Authentication 1. In Server Manager, at the top right, click ToolsInternet Information Services (IIS) Manager.
2. In the IIS manager popup window, under Start Page, expand SERVER2012R2 (local computer). If
prompted by a popup window, click No.
3. Expand Sites.
4. Click Default Web Site.
5. In the Default Web Site Home, scroll down and in the IIS section locate and double-click
Authentication.
6. Right-click Anonymous AuthenticationDisable.
7. Right-click Basic AuthenticationEnable.
8. In the Actions pane on the right, under Manage Server, click Restart.
9. Close IIS Manager.
Disable the Firewall and Windows Updates 1. Click the Start button and enter Command Prompt.
2. Right-click Command Prompt Run as administrator. When prompted by User Account
Control, click Yes.
3. Type this command and press enter:
netsh advfirewall set allprofiles state off
4. Enter sconfig
5. Enter 5
6. Enter M
7. When the Update Settings popup window appears, click OK.
8. Close the command prompt.
Configure SNMP 1. At the Desktop, in the lower left corner, click Start.
2. On the Start page, click the Administrative tools tile.
3. In Administrative Tools, scroll down and double-click Services.
4. In Services, scroll down, locate, and double-click SNMP Service.
5. In SNMP Service Properties, click the Security tab.
6. In the Security tab, under Accepted community names, click Add.
7. Change the Community rights: dropdown list to READ WRITE.
8. In the Community Name field, enter public and click Add.
9. In the Security tab, click the Accept SNMP packets from any host radio button.
10. Ensure that your settings look like the following and click OK.
11. Close Services.
12. Close Administrative Tools.
Enable Remote Desktop Connections 1. At the desktop, if necessary launch Server Manager.
2. On the left pane, click Local Server.
3. In the PROPERTIES middle pane, ensure that Remote Desktop is set to Enabled.
4. Close Server Manager.
Install Vmware Tools on the Guest Use a similar method that you used with Server 2016, install the VMware tools on Server 2012.
1. Ensure that you are logged into Server 2012.
2. In Vmware Player, click Player ManageInstall Vmware Tools.
3. In Server 2012, on the taskbar on the left, click File Explorer (folder icon)
4. Verify that you see DVD Drive (D:) Vmware Tools, and double-click it
5. When the Vmware Tools Setup wizard appears, click Next, Next, Install.
6. When the wizard is through, click Finish.
7. When prompted to restart, click Yes.
Shut Down Server 2012 R2 1. Make sure you are logged in as Example\administrator with the password of P@ssw0rd
2. At the desktop, move your mouse into the far lowest right corner until the Charms Bar appears.
3. Click Settings (gear icon).
4. Click PowerShut DownContinue.
Create the Windows 8.1 VM
End Result You have a Windows 8.1 x64 Guest VM with the following features:
Disk = Default size
2048 MB (2 GB) RAM
Name = Windows8
User = Admin
Password = Pa$$w0rd
Ethernet0 IP Address = 192.168.75.8 (Your subnet ID might be different)
Subnet Mask = 255.255.255.0
Default Gateway =192.168.75.2
Preferred DNS = 8.8.8.8
Installed software:
o Google Chrome browser
Windows Firewall off
Windows Update off
VMware Tools installed
Install the Operating System 1. Create a Windows 8.1 VM using the same method you used to install the other Windows VMs.
Be sure to configure:
a. Windows 8.x x64 as the guest operating system
b. PC name = Windows8
c. Express Settings
d. Sign in without a Microsoft account
e. Local account
f. User name = admin
g. Password = Pa$$w0rd
h. Password hint = standard lab password
2. When the installation is complete, click the Desktop tile
Change the Computer Name You should not need to change the computer name in Windows8, but in case you wish to, use these
steps:
1. On the desktop, move your mouse to the lowest left corner of the task bar to display and click
the Start thumbnail
2. On the Start page (with the app tiles), start typing Control Panel
3. When the Control Panel app appears, click it
4. Click System and Security
5. Under System, click See the name of this computer
6. Under Computer name, domain, and workgroup settings, click Change settings
7. In the System Properties dialog box, on the Computer Name tab, click the Change… button
8. Change the computer name to Windows8, click OK twice, and when prompted restart the VM.
Hard-Code the IP Address 1. Locate and right-click the network icon in the lower right on the task bar Open Network and
Sharing Center
2. Click Change adapter settings
3. Using the same method that you used for Windows 10 and the servers, change the IP settings
to:
a. Address = 192.168.75.8
b. Subnet Mask = 255.255.255.0
c. Default Gateway = 192.168.75.2
d. DNS = 8.8.8.8, 8.8.4.4
Install Google Chrome Browser 1. Download and install the Google Chrome Browser.
Turn off Windows Firewall 1. On the desktop, move your mouse down to the far lower left corner to reveal the Start tile.
2. Click the Start tile.
3. On the Start page, start typing Control Panel (you do not have to click anything).
4. When Control Panel appears, click it.
5. Click System and Security.
6. Click Windows Firewall.
7. Click Turn Windows Firewall on or off.
8. Under Customize settings for each type of network, click the Turn off Windows Firewall (not
recommended) radio button for both Private network settings and Public network settings.
9. Click OK.
10. On the breadcrumb trail at the top of the window, click System and Security.
Disable Windows Update 1. In the Control PanelSystem and Security, under Windows Update, click Turn automatic
updating on or off.
2. Under Choose your Windows Update settings, under Important updates, click the dropdown
list and select Never check for updates (not recommended).
3. Click OK.
4. Close the Control Panel.
Install Vmware Tools on the Guest 1. Using a similar method that you used with the servers, install the VMware tools on Windows
8.1.
Shut Down Windows 8.1 1. At the desktop, move your mouse into the farthest lower right corner until the Charms Bar
appears.
2. Click Settings (gear icon).
3. Click Power->Shutdown.
Open the Kali Linux 2018.3 VM
End Result You will have a Kali Linux 2018.3 Guest VM with the following features:
Default disk size
2048 MB (2 GB) RAM
Hostname = Kali
Username = root
Password = toor
Software installed:
o Thunderbird Email Client
Open the Virtual Machine 1. Locate the downloaded zipped virtual machine file.
2. Use 7-zip to unzip the VM to a folder called “Kali”.
3. Double-click the VMware Workstation 15 Player launcher.
4. Click Open a Virtual Machine.
5. Browse into the Kali folder.
6. Select Kali-Linux-2018.3-vm-amd64.vmx and click Open.
7. Start the Kali VM.
8. When the splash screen appears, click anwhere inside it and then press the spacebar on your
keyboard. Alternatively, click and drag the bottom of the screen up. The splash screen should
lift, revealing the login page.
9. At the login page, log in as root with the password of toor
Install Thunderbird 1. Ensure that Server2016 is running, as this is the email server.
2. Ensure that you know the IP address of Server2016.
3. Open an terminal and enter:
apt install thunderbird
4. If prompted during install, press Y
5. Launch Thunderbird. At the top left, above the Desktop, click ApplicationsUsual
ApplicationsInternetThunderbird.
Alternatively, on the left pane Favorites Launcher bar, click the terminal icon to open a
terminal, type thunderbird and press Enter. (Note: if you use this method, do not close the
terminal window until you are ready to close Thunderbird!)
6. Set up Thunderbird for the user Moo using the same method you used in Server2016.
Shut Down Kali 1. Make sure you are logged in as root / toor.
2. In the upper right corner above the desktop, click the power button icon.
3. In the dropdown box, click the power button icon again.
4. When prompted, select Power Off.
Open the Metasploitable Virtual Machine
Open the Virtual Machine 1. Locate the downloaded zipped virtual machine file. It will be named something like
metasploitable-linux-2.0.0.zip.
2. Unzip the zip file to a folder called “Metasploitable”.
3. Double-click the VMware Workstation 15 Player launcher.
4. Click Open a Virtual Machine.
5. Browse into the Metasploitable folder.
6. Select Metasploitable.vmx and click Open.
7. Start the Metasploitable VM.
8. Log on as msfadmin with the password of msfadmin
9. There will be no GUI. You will not perform any configuration. To find out your DHCP-provided IP
address, enter ifconfig
Shut Down Metasploitable 1. Make sure you are logged in as msfadmin / msfadmin
2. Enter sudo init 0
3. When prompted, enter the password msfadmin
4. All the shutdown to proceed. When the last message says “System halted”, press Ctrl+Alt to
release your mouse.
5. In VMware Player, click PlayerPowerShut Down Guest.
6. When prompted, click Yes.
Create the Ubuntu 16.04.5 VM
End Result You have an Ubuntu 16.04.5 LTS 64-bit Desktop Guest VM installed with the following features:
Disk size 20 GB
2048 MB (2 GB) RAM
Hostname = Ubuntu
Username = ubuntu
Password = toor
Installed software:
o Thunderbird Email Client
Install the Operating System 1. If necessary, launch VMware Workstation 15 Player.
2. Click Create a New Virtual Machine.
3. Select Installer disc image file (iso), browse to and select the Ubuntu ISO, and click Open.
4. Click Next.
5. Select the Linux radio button, and ensure that in the Version dropdown box, Ubuntu 64-bit is
selected.
6. Click Next.
7. On the Easy Install Information page, enter the following:
Full name: Student
User name: ubuntu
Password: toor
Confirm: toor
8. Click Next twice.
9. Select Store virtual disk as a single file, and click Next.
10. Click Finish.
11. Allow the installation to finish.
Test the Installation 1. Log into Ubuntu as the user ubuntu with the password toor
2. On the desktop, in the upper left corner, click the Search your computer icon and
type terminal
3. When the terminal icon appears, click it.
4. In the terminal window, enter ifconfig
5. Identify the name of the Ethernet interface. It is probably ens33 or something similar.
6. Identify the IP address assigned to the Ethernet interface.
Install Thunderbird 1. Using the same procedure that you used in Kali, open and terminal and install and configure the
Thunderbird email client for the user Moo.
Shut Down Ubuntu 1. Make sure you are logged in as ubuntu / toor.
2. In the upper right corner above the desktop, click the gear icon.
3. In the dropdown menu, click Shut Down…
4. When prompted, click Shut Down.
Make Backup Copies of All Virtual Machines 1. If necessary, log into and shut down all of the virtual machines.
2. Locate the folder on your host where the VMs have been installed. If you performed a default
installation, they are likely to be in this location:
C:\Users\<your user name>\Documents\Virtual Machines\
3. Copy all of the VMs to a disk with sufficient space, such as an external hard drive. If you have
enough space on your C: drive, that would be preferred.
Troubleshooting Here are some troubleshooting steps you can use if you encounter specific difficulties during setup.
Mouse trapped in VMware If your mouse gets trapped in a VMware virtual machine, press Ctrl+Alt to release it
Chrome and Internet Explorer Refuse to Download Hacking Tools Even with your antivirus program turned off, Google Chrome and Microsoft Internet Explorer may refuse
to download some of these hacking tools, especially LOIC and HOIC. If this happens, use Opera.
Uninstalling Hyper-V Microsoft Hyper-V is not compatible with other virtualization products such as VMware or VirtualBox.
Additionally, when you uninstall Hyper-V, it will still leave an artifact of itself in the computer’s boot
record which you will need to remove manually.
If you uninstall Hyper-V and you still get an error message when you try to launch VMware Workstation
Player, perform this task:
1. Open a command prompt in administrator mode
2. Enter the following command:
bcdedit /set hypervisorlaunchtype off
3. Reboot the computer.
Specifying the Alternate Source Path When Installing Windows Roles Although Windows loads most source files onto the hard drive during installation, to save space some
are left on the source DVD. When installing some of the less popular features, such as .NET 3.5, you
might have to point to that DVD as an alternate source during installation.
1. As you specify roles and features, if you are prompted “Do you need to specify an alternate
path?...” click the Specify an alternate source path link at the bottom of the page.
2. Leave the installation windows open. Temporarily navigate to the Task Bar and click the File
Explorer icon at the bottom. In the This PC popup window, identify the drive letter for the DVD
Drive. It is most likely D: Ensure that the ISO you connected to the VM (to install the server)
appears as a DVD.
3. Return to the Add Roles and Features window.
4. In the Path: text box, enter D:\Sources\sxs\
5. Note: If your DVD is some other drive letter, substitute D with that letter.
6. Click OK, Next, or Install as prompted
Drag and Drop Between Host and Guests Does Not Work If you installed VMware tools on your Guest VMs, you should be able to drag and drop between your
host and the Guest (at least Windows guests). If this does not work, then use any of these alternate
methods to move the files:
Use a USB Removable Drive to Move the Files 1. Plug a USB removable drive into your host.
2. If a popup message appears asking you to choose where you would like to connect the disk,
select Connect to the host and click OK.
3. Copy the necessary files for that activity from C:\Hacking onto the USB drive. If you have enough
space, copy the entire folder to the drive.
4. Switch to VMware Player for whichever VM needs the tools.
5. Click PlayerRemovable Devices<name of the disk>Connect (disconnect from host).
6. Click OK.
7. In the guest VM, in the File Explorer, check to make sure the drive appears.
8. Proceed to copy the files to the guest desktop.
Share the C:\Hacking Tools Folder 1. On your host, navigate to C:
2. Right-click Hacking ToolsProperties
3. Click the Sharing tab
4. Click the Advanced Sharing button
5. In the Advanced Sharing dialog box, click the Share this folder checkbox.
6. Click the Permissions button
7. In the Group or user names box, ensure that Everyone appears and is selected.
8. In the Allow column, click the Full Control checkbox.
9. Click OK twice.
10. Click the Security tab
11. Click the Edit button
12. Click the Add button
13. In the Enter the object names to select text box, type everyone and press Enter.
14. Back in the Security tab, ensure that Everyone is selected.
15. In the Allow column, click Full control.
16. Click OK.
17. Click Close.
18. Open a command prompt and enter ipconfig
19. Scroll through the results and look for the Ethernet adapter VMware Network Adapter Vmnet8.
This is the interface the host uses to connect with the guests. Make note of the IP address.
20. Switch to the VM that needs the tools and log in.
21. Click StartRun
22. At the Run line, enter the IP address you discovered in Step 19 Precede it with \\. For example:
\\192.168.75.1
23. Click OK.
24. In the Windows Security popup dialog box, enter the username and password for your HOST.
25. Locate Hacking Tools share and double click it to open it.
26. Copy the tools to the guest.
Create an ISO from C:\Hacking and Use the ISO to Move the Files 1. On your host, download a copy of Folder2Iso from here:
http://www.trustfm.net/software/utilities/Folder2Iso.php?page=Download
Note: You will have to choose a site from which to actually download it. I chose Google Drive.
The direct link is:
https://drive.google.com/file/d/0B7nKMWPhyfl-SlVoWXprWkhHR2c/view
2. Double-click the installer. It is actually just a self-extracting archive that, by default, will unzip
the folder to wherever you downloaded the installer to.
3. Locate the Folder2iso folder, and double-click Folder2iso.exe
4. Click Select folder, then browse to and select C:\Hacking Tools.
5. Click Select Output, browse to your desktop, and name the ISO Hacking Tools and click Save.
6. Click Generate ISO. When finished, it will say “ISO Generated” at the bottom left.
7. Switch to VMware Player for the VM that needs the tools.
8. Click PlayerManageVirtual Machine Settings.
9. On the Hardware tab, click CD/DVD (SATA).
10. On the right side, under Connection, click Use ISO image file:
11. Click Browse…
12. Browse to and select Hacking Tools.iso and click Open.
13. Click OK.
14. In the VM, browse to ComputerDVD Drive (D:)
15. Open up the D: drive and copy the files to the VM desktop.
Congratulations! Your Ethical Hacking lab is set up and ready for use.