Post

Setting Up Active Directory

Posted Updated
Preview Image
By Ashish Ghimire 4 min read

‼️This is a setup for Penetration Testing in Local Network and never meant for production.

At first Download ISOs

Setup Domain Controller

  1. NEW VM
  2. Typical
  3. Server ISO
  4. Split
  5. Make sure its 60 GB
  6. Finish
  7. Edit
  8. Add 8GB RAM
  9. Remove Floppy Drive (Recommended)

Install

  1. Next > Install Now
  2. Standard Evaluation Desktop Experience
  3. Custom Install
  4. New > Default > Apply > Ok
  5. Next
  6. Done
  7. For This purpose set easy password P@$$w0rd!
  8. Login
  9. Install VMWare Tools
  10. VM > Install VMWare tool
  11. Open This PC > Open ISO
  12. Install

SERVER CONFIGURATION (ADDS)

  1. Change Hostname
    1. Start Menu > Name > Rename This PC
    2. HYDRA-DC
    3. Reboot.
  2. Make this a Domain Controller
    1. Manage > Add Roles and Feature
      1. Role-based or Feature-based install > Next
      2. HYDRA-DC > Next
      3. Server Roles > ✅Active Directory Domain Services (ADDS) > Add Features > Next
      4. Next
      5. Next
      6. Restart Auto if required
      7. Install
    2. Promote This Server to Domain Controller
      1. Add a new forest
      2. Root Domain: marvel.local > Next
      3. Functional Level: 2016
      4. Same password for Admin Account > Next > Next
      5. Loads netbios Automatically > Next
      6. Next to last > Install
    3. Certificates Services
      1. Manage
      2. Add roles and Feature
      3. Role Based Feature
      4. Next to Features
      5. Role Based Features
      6. Active Directory Certificate Services (Used to verify ID in domain controller) (Allows us to use LDAP)
      7. Add Features > Next to AD CS Role Services
      8. ✅ Certificate Authority > Next
      9. ✅ Restart if Needed
      10. Install
    4. Configure Certificates Services
      1. Flag > Configure AD CS
      2. ✅ Certification AUthority > Next
      3. Private Key > Create New pvt key
      4. Default Next to Validity
      5. 99 years
      6. Default > Configure

DC

ip: 192.168.135.131 administrator:P@$$w0rd!

CLIENT SETUP

Setup 2 OS at same Time

  • Download WIndows 10 Enterprise ISO

VM Setup

  1. Open VMWARE
  2. Create new VM
  3. select Downloaded ISO
  4. Windows 10 Enterprise > Next > Yes (Without product key)
  5. Name: THE PUNISHER > Next
  6. SIZE 60 GB > Finish
  7. Customize > Remove Floppy, Adjust RAM 8 GB Cpu 4 > OK
  8. Power On and Hit any key and move to second VM do same, different name

OS SETUP

(SIMALTANEOUSLY)

  1. Power On Both Machines
  2. Press key to continue
  3. Install Now > Accept Terms > Custom > Next to install
  4. RESTART
  5. US > YES > US > YES > SKIP
  6. Domain Join Instead
  7. Punisher VM = frankcastle password= Password1
  8. Spiderman VM = peterparker password = `Password1
  9. All Questions Answered BOB
  10. Disable all tracking > Not Now to Cortana
  11. WAIT
  12. INSTALL VMWARE TOOLS
  13. Change Hostname > THEPUNISHER & SPIDERMAN

SETTING UP USERS, GROUPS and POLICIES

SERVER

USER Setup
  1. Server Manager
  2. Tools > AD Users and Computers
  3. Manage User Groups
    1. MARVEL.local ( Domain Controller) > Right Click >New > OU AD Users and Computers: right-clicking MARVEL.local to create a new Organizational Unit
    2. Move Everything Except Admin and Guest to New Groups > YES Moving default users and groups into the new Groups OU Groups OU created with all objects moved in
  4. Create Another Administrator
    1. Copy current Administrator Copy Administrator dialog to create a new admin account New domain administrator account created in AD
  5. Create a Service account
    1. Name: SQL Service Password: MYpassword123# (Weak pw with complexity and character count for lab purpose) Creating SQL Service account in AD Users and Computers SQL Service account created with weak lab password
  6. Create Two New Users
    1. Right Click > New > User New User dialog in AD Users and Computers User details form with name and login username filled in Password configuration for new domain user
    2. For Second User copy recently created user and change Names Second domain user created by copying the first user
File Sharing To Exploit Later
  1. Server Manager
  2. File Share and Storage
  3. Shares > Tasks > New Shares
  4. SMB Share Quick > Next
  5. C: is fine > Next
  6. Name: hackme
  7. ✅Allow Caching > Next
  8. Permission > Next
  9. Create
SETUP Service Account Fully
  1. Open Command prompt as Admin
  2. setspn -a HYDRA-DC/SQLService.MARVEL.local:60111 MARVEL\SQLService
  3. Check with setspn -T MARVEL.local -Q */*
Setup Group Policy
  1. Start Menu > Group Policy Management
  2. Forest > Domains
  3. Right Click MARVEL.local > Create a GPO in this domain and Link it here
  4. Name: Disable Windows Defender > Ok
  5. Edit Newly created Policy i.e Disable Windows Defender
    1. Computer Config > Policies > > Admin Templates > Windows Components > Microsoft Defender Antivirus
    2. Double Click Turn Off Microsoft Defender Antivirus
    3. Enabled > Apply
  6. Right Click > Enforced
Setup Static IP Address
  1. Right Click Network on Taskbar
  2. Open Network Internet Settings
  3. Change Adapter options
  4. Ethernet0
  5. Properties > IPV4 > Use Following (acquired form ipconfig )
    1. IP: 192.168.135.137 (current ip from ipconfig)
    2. Subnet Mask: 255.255.255.0
    3. Gateway: 192.168.135.2
  6. Ok

Join Machine To Domains

  1. Login to Client Machines
  2. Make IP Addresses Static
    1. Change Preferred DNS server to Domain Controller’s IP i.e. 192.168.135.137

Make Client devices Join the Domain

  1. Start Menu
  2. Access Work or School Windows Access Work or School settings page
  3. Connect Connect to work or school account dialog
  4. Join this device to a local Active Directory Domain Option to join device to a local Active Directory domain
  5. Set it as MARVEL.local
  6. Enter your Domain Controller Username and Password and ENTER
  7. We can Add as Administrator Adding the joining account as Administrator during domain join
  8. Restart Now
  9. Verify If you Joined Domain
    1. Server Manager > Tools > AD Users and Computers
    2. Computers > You will see both your Devices AD Users and Computers Computers container showing both client machines joined to MARVEL.local
  10. Open CLient Login with MARVEL\administrator

Modify Local Users for Client Machines

Enable Local Admin

  1. Start > Users > Edit Local Users and Groups
  2. Users > Administrator > Enable Local Users and Groups showing Administrator account enabled
  3. Set Password (Password1!) Set password dialog for local Administrator account
  4. Uncheck Account is Disabled > Apply > OK Unchecking Account is disabled on local Administrator properties

Add Other Administrators

  1. Start > Users > Edit Local Users and Groups

  2. Groups > Administrators > Add > Search fcastle > Check Names > OK

    Adding fcastle user to local Administrators group on client machine

Logout and Check Local Account

  1. Other Users
  2. .\peterparkerPassword1
  3. Map Network Drive > Z:
  4. Folder > \\HYDRA-DC\hackme | Connect using Different Credentials Mapping network drive to hackme share on HYDRA-DC using domain credentials
  5. Use Credentials username: administrator password: Pa$$w0rd!

SPIDERMAN

ip: 192.168.135.134 peterparker:Password1

local: peterparker

THEPUNISHER

ip: 192.168.134.135 frankcastle:Password1

local frankcastle:Password123

Admins [email protected] pw: Password12345!

SQL Service Password is MYpassword123#

Domain Controller IP > 192.168.135.137

TO sign IN

Windows login screen showing domain sign-in for MARVEL.local

Active Directory
Active-Directory windows-server pentesting TCM-SEC PNPT cybersecurity AD
This post is licensed under CC BY 4.0 by the author.