Scribd
Upload
720 views

Active Directory Lab For Penetration Testing PDF

The document provides step-by-step instructions for setting up an Active Directory lab for penetration testing purposes. It describes how to install VirtualBox and Windows Server 2019 and Windows 10 virtual machines. It then explains how to configure a separate virtual network for the lab and set static IP addresses. Finally, it outlines how to install and configure the Windows Server 2019 VM as an Active Directory domain controller to complete the lab environment.

Uploaded by

Derek Lewinson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
720 views

Active Directory Lab For Penetration Testing PDF

The document provides step-by-step instructions for setting up an Active Directory lab for penetration testing purposes. It describes how to install VirtualBox and Windows Server 2019 and Windows 10 virtual machines. It then explains how to configure a separate virtual network for the lab and set static IP addresses. Finally, it outlines how to install and configure the Windows Server 2019 VM as an Active Directory domain controller to complete the lab environment.

Uploaded by

Derek Lewinson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 84

Active Directory Lab for Penetration Testing https://www.printfriendly.

com/p/g/sAgrZq

medium.com/@browninfosecguy/active-directory-lab-for-penetration-testing-5d7ac393c0c4

June 16, 2020

I have been asked by few peeps on how to setup an Active Directory lab for penetration
testing. In this post I will go through step by step procedure to build an Active Directory lab
for testing purposes. Moreover I will be going through steps to perform to turn off Microsoft
Defender so that our techniques and tools are not blocked by Defender. This is not a long

1
1 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

read but contains number of Screen caps to make job easier for someone building their first
lab.

I perfected the correct way to create AD lab for testing after going through Heath Adams
course on “Practical Ethical Hacking”.

Hi everyone! My name is Heath Adams, but I also go by "The Cyber


Mentor" on social media. I am the founder and CEO of…

www.udemy.com
The lab I will be creating is build on a Laptop with 32 Gig RAM running Windows 10 as Host
operating system. The virtual machine software we will be using is Virtual Box, which can be
found here

Once we Install the Virtual Box we need to Download a copy of Windows 2019 Server and
Windows 10 Enterprise operating system. Both can be found at Microsoft Evaluation Center.

From signing up for a free trial to exploring technical documentation,


virtual labs, and demos, the Evaluation Center…

www.microsoft.com

Before we install the OS we need to create and configure a new network for our testing lab.
Once we are create the network we need to configure the correct networking interface.

The process to carve out a separate network for our Lab is show below; click Tools -> Create

2
2 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

3
3 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Below screen cap show how to configure correct networking interface for our virtual machine.

4
4 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

5
5 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

The Process for installing operating system is pretty straight forward. There is no difference
in how you install a Server or Workstation except few configuration setting during
installation process.

Once the OS installation process is complete we need to configure couple of things on our
workstation.

1. Change the name of the workstation to something we can remember and


2. Create a Share and select turn on network discovery.

During the installation you might come across with something shown below, don’t worry
about it and just select I don’t have internet.

6
6 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

7
7 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

The screen shots below shows how we can change the computer name to something we can
remember. It’s not a requirement but it’s always good practice to name our machines to
something we can remember. The process is pretty simple and straight forward.

8
8 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

9
9 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

10
10 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

11
11 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Next we configure a share on our workstation, you can name the folder whatever you want
but its important that you Share it as shown below and enable turn on network
discovery.

12
12 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

13
13 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Now Let’s turn our attention to our Windows 2019 Install and set it up as our Domain
Controller.

In order to configure the Domain Controller we first assign the Server a permanent IP
address. As shown in screen caps below note down the IP address assigned to the machine

14
14 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

and then change that as shown in screen shots below.

15
15 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

16
16 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

17
17 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

18
18 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

After assigning permanent IP address I changed the name of my server to Skynet. Once we
change the name it requires a restart.

After the restart we get to work and start by adding the role of Active Directory Domain
Services to our Server. As show in Figures below from Server Manager select Manage -> Add
Role and Features.

19
19 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

After this you will be presented with following windows just click next until you are presented
with select server roles window.

20
20 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

21
21 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

22
22 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

23
23 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

24
24 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

25
25 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Select the Active Directory Domain Services as shown below.

26
26 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Once the installation finishes, you need to promote the server to Domain Controller as shown
below.

27
27 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

This presents us with Deployment configuration where you select the name of the Domain
and select Directory Services Restore Password. Take note that this password is required
when you restore directory services and is different from your Domain Admin password.
Although you have the option to keep it same but its not good practice.

28
28 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

29
29 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

30
30 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

31
31 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

32
32 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

33
33 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

34
34 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

35
35 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

36
36 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

37
37 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

38
38 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

39
39 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

40
40 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

41
41 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Once the configuration finishes the server restarts and you will be presented with a login
screen.

42
42 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

43
43 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

The next step is to configure a Share on the Server as shown below.

44
44 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

45
45 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

46
46 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

47
47 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

48
48 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

49
49 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

50
50 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

51
51 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

The next step is to create some users in Active Directory. We will be creating two regular user
account and one Domain Admin account.

The process is pretty straight forward from Server Manager under tools select Active
Directory Users and Computers as shown below.

52
52 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

This will bring up the screen below, from here on its just a matter of adding new users. The

53
53 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

best way to create a new account for a Domain Admin is to just right click the Administrator
account and select copy option.

54
54 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

55
55 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

56
56 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

This one is important as we don’t want Windows Defender to mess around with our tools
and technique. So we will configure a new group policy called Disable Windows Defender.
There are two specific setting which we want to enable

1. Turn Off Windows Defender Antivirus


2. Turn off real-time protection

The screen shots below show how to navigate and enable them.

57
57 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

58
58 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

59
59 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

60
60 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

61
61 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

62
62 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

63
63 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

64
64 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

65
65 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

66
66 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

67
67 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

68
68 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

The next and the most important step is to add workstation the Domain. The Process is pretty
straight forward. However we need to do one small configuration change before we
add the workstation to the domain, configure the DNS server on the workstation
to point at the IP address of our Domain Controller as shown below.

69
69 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

70
70 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

Once you configure the DNS , the rest of the process is pretty straight forward. All we are left
to do is join the domain. Once you successfully join the domain the workstation will reboot.

Use the credentials of regular users that we configured in Active Directory to log back into the
workstation and you are all set. If you need to create the user local admin then use the
Domain Admin account to log into the workstation and add the user to local Administrator
group.

71
71 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

72
72 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

73
73 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

74
74 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

75
75 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

76
76 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

77
77 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

78
78 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

79
79 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

80
80 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

81
81 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

82
82 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

If everything goes according to the plan you will see the workstation under computers on the
Domain Controller.

I hope this article help you in case you want to create your own Active directory lab for

83
83 of 84 6/18/2020, 11:08 PM
Active Directory Lab for Penetration Testing https://www.printfriendly.com/p/g/sAgrZq

learning or fun :)

~ Sonny

Further Resources to Learn about Active Directory

84
84 of 84 6/18/2020, 11:08 PM

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy