Setting Up A Virtual Network For Pentesting
Learning how to hack into systems and networks requires knowledge and understanding of how systems work in the first place, the best way to learn is by setting up your own private network with systems on it.
This is the way I have learned and have found it the most effective way of grasping concepts and thinking about ways of exploitation. We will be covering the following topics:
- Installing Operating Systems
- Configuring Network Settings (For Intercommunication)
- Setting Up Windows Server 2008 (Domain Controller Roles)
- Adding User Accounts In Active Directory
- Joining Windows Instances to the Domain
- Virtual Box Found Here
- Kali Linux 1.0 Found Here
- Copy Of Windows XP SP3 Found Here
- Copy Of Windows 7 64bit or 32bit
- Copy Of Server 2008 Found Here I recommend using Enterprise Edition.
Virtual Box from Oracle is free for personal use.
Windows XP – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
Windows 7 – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
Server 2008 – Ensure you have the proper product key needed to activate Windows (Or Use Trial)
The first thing we need to do is install our operating systems, we are going to be installing Windows 7, Windows XP (SP3), Kali Linux, and Server 2008. Installation is pretty simple and straight forward in Virtual Box.
For demo purposes we are going to install Windows 7 first step by step, once you get a handle on the installation of Windows 7 it’s the same for all the other operating systems we are going to install.
I. Installing The Operating Systems
Step One: In Virtual Box click on the “New’ button to start the process of installing a new operating system. For this blog we are going to be installing XP, the process is the same for each OS. (Shown Below)
Step Two: Enter a name for the operating system, we are going to use Windows XP Pro SP3, make sure the Type is Microsoft Windows and the Version is Windows XP. After that click next (Shown Below)
Step Three: We are ready to select the size of memory we would like to allocate to this instance, set it to 512MB to be on the safe side and click next (Shown Below)
*512MB Should be okay for each OS, Kali Linux can get by on 256MB this is on a 4GB Core i5 Laptop
Step Four: We are ready to select the type of hard drive we are going to be using on this machine, I just leave it as the default “Create a virtual hard drive now” and press Create. (Shown Below)
Step Five: The type of virtual hard drive we are going to select is the default “VDI (VirtualBox Disk Image) select that and click Next (Shown Below)
Step Six: Select the directory in which you would like to save the virtual machine instance and also select the size of the virtual hard drive, since this is Windows XP 10GB should be sufficient. When installing Windows 7 or Server 2008 I recommend at least 25GB to each operating system. (Shown Below)
Step Seven: Now that we have pre configured Virtual Box for Windows XP, it is time point Virtual Box to our ISO file and boot it up so that we can initialize the Windows XP setup wizard. Highlight the new instance created and select Settings. (Shown Below)
Step Eight: Within the settings page, select “Storage” on the left hand side and then select the disc with the green plus sign in front of it (Shown Below)
Step Nine: Select Choose disk and browse to the Windows XP SP3 ISO image, it is now mounted as our CD-ROM device in Virtual Box. Now all we need to do is Start the instance and we will begin the Windows XP Setup wizard.
Repeat this process for all other operating systems you would like to run, these steps are the same for Windows 7, Windows Server 2008, Kali Linux etc etc…
II. Network Configuration
We want our operating systems to communicate with one another in our virtualized lab this can be done by configuring a few settings both within Virtual Box and the operating systems themselves.
Right click the instance and select settings from there go to network. Make sure Enable Network Adapter is checked off, next we want to select the drop down menu next to Attached to: and use Internal Network, we also want to specify a name for our virtual network (Shown Below)
Do this the same for all of our instances this will ensure that all of our different systems can talk to one another on the network just to make things easy for the time being.
III. Setting Up Server 2008 Server Roles
I am going to assume you know you how to setup a default 2008 server system we are going to cover installing and configuring the Roles, this includes Active Directory Services and DHCP services, it’s going to be our domains authentication / security / IP handling server.
*Make sure you remember your administrator credentials you set while installing 2008 Server Enterprise, you will need them later to join our hosts to the domain.
Step One: Click start and select Server Manager, inside the server manager right click on Roles and then select “Add Roles” You will then get an Add Roles window select Active Directory Domain Services (Shown Below)
Only Active Directory can be installed by itself so do not try and install DHCP along with it, it won’t let you proceed past this point. Click next, next and then install (Shown Below)
Once complete Server 2008 will reboot and Active Directory will be installed now we need to repeat the same process and install DHCP this time around. DHCP will allow our other OS instances to get IP addresses from our Server 2008 machine. (Shown Below)
You will get a message about the server not detecting a static IP being assigned, ignore this for now and continue we will assign a static IP address afterwards. It will ask us to provide a top level domain, name this whatever you’d like your domain name to be. Also provide it will the DNS IP address 10.1.10.1 we will assign our server this IP address statically so it never changes. (Shown Below)
Next you will be asked if anything is using WINS on the network choose No, and click next. We then will need to provide our DHCP scope for our lab we are going to set our scope from 10.0.0.1 – 10.255.255.254 with a subnet mask of 255.0.0.0 This is a standard Class A network that most enterprise class Cisco routers use.
It will ask you about IPv6 Stateless mode, make sure to DISABLE it as we will not have any IPv6 clients right now. Once finished we will have a summary screen and it should look something like this (Shown Below)
IV. Assigning Static IP Addresses
It’s important to assign static IP addresses because if we are going to be using this server as a Domain Controller all the hosts that authenticate to the domain will always need to be able to communicate with this server. Assigning a static IP address does just that.
Step One: Go to control panel and into Network Connections from there select your network interface card and right click it and select Properties (Shown Below)
Step Two: Select Internet Protocal in the window and select Properties, in there we need to configure a few settings. Make sure “Use The Following IP” is selected and plug in the settings shown below.
Click Ok and reboot the server, as you can see we are assigning an IP address of 10.0.0.1 with a Subnet mask of 255.0.0.0 and DNS pointed at 10.0.0.1. That’s it for assigning static IP addresses this is the same in Windows 7 and in Windows XP.
V. Running DC Promo & Configuring AD
We need to promote our 2008 Server into an actual domain controller ready to authenticate our users and computers to the domain. The first thing we need to do is click Start and type “dcpromo” without quotes and press enter. This will begin the wizard for setting up our Active Directory structure.
Click next until you get to a window asking if you want to join an existing domain or create a new one, select create a new domain in a new forest and press next (Shown Below)
Next the wizard is going to ask at what fuctioning level do we want this DC to operate at. We don’t have any legacy domain controller or software so we can just use Windows Server 2008 and click next (Shown Below)
Click next through the menus and then set a Recovery Mode password incase there is a disaster in the future. (Shown Below)
One last reboot will be required, but now we have a brand new domain controller and our very own virtual domain to fuxx with! Now we need to add user accounts so our hosts can authenticate to the domain.
VI. Adding Snap-Ins / Adding User Accounts To Active Directory
We need to customize our Microsoft Management Console this is the console used to navigate to different services running on the server and make changes if necessary.
Click Start and type “mmc” without quotes and press enter. This will open up the Microsoft Management Console. Once inside select File at the top and select “Add Snap-Ins” (Shown Below)
We are going to add 3 Snap Ins, Active Directory Users And Computers, DHCP, and DNS. highlight them and click Add they will then be added to the right column. Click Ok(Shown Below)
Your MMC console should look like the one shown below, we are going to be adding users now.
Click the plus sign next to Active Directory Users and Computers, then click the plus sign next to our domain nullsetcomputerco.com in our case. After that go down to Users and right click hover over “new” and then select User. (Shown Below)
Add the name of the user, and the login credentials you want them to use to authenticate to the domain. We are going to use Tom Hanks as an example of this (Shown Below)
Click next and then set a password for the new user, we haven’t specified password strength policy for our DC so it doesn’t have to be complex. Make sure to uncheck User has to change password.(Shown Below)
Again click next, now are user is setup on the domain and we are now ready to join our other instances to the domain controller.
VI. Joining Windows Instances To The Domain
We are finally ready to add our computers to the domain. Let’s go over to Windows XP instance and join it to the domain (The Domain Controller Instance Must Be Running!)
The first thing we want to do is make sure that our Windows XP instance has communication with our domain controller on the network. open up a command prompt and ping 10.0.0.1 that is the IP address we statically assigned to our server we are getting replies from the server so that is a good sign. (Shown Below)
After we have verified we have connectivity between the two operating systems we can proceed to the next step. Right click on My Computer and go to properties, once open navigate to the Computer Name tab click Change and enter the domain name that you setup in Server 2008 nullsetcomputerco.com for this example. Enter the Administrator username and password for the Domain Controller not the local machine. (Shown Below)
Once you have entered the correct credentials you will be greeted and welcomed to the domain. (Shown Below)
That’s it! Now just repeat the same steps for your Windows 7 instance so that it can login to the domain. (You can add users to the Domain Controller for Windows 7)
Note: We can also download distributions of firewalls like PFSense to install and configure on our network if we want to make it more authentic, we could also setup an Apache web server or SQL server to exploit for the future.
Thanks for reading don’t be evil!