Thursday, February 23, 2017

Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 2

In order to understand how adversaries compromise an entire domain and to learn what you have to hunt for, you have to create your own at home. In this post we will go over setting up a basic Windows Server 2012 and enabling the following server roles: DHCP, AD and DNS.

First of all, I would like to say that there is a great step by step series of articles that can also walk you through how to build a simple active directory lab covering everything I will show you in the next couple of posts, so if you want to also have a second option with great details and definitions, I would highly recommend reading the following article: Building and Active Directory Lab by Jared Haight.

In this post I will share how I installed my Windows 2012 server and enabled roles before promoting it to DC.

Requirements for this setup:

3 new VMs to install your Windows Server 2012 R2 and Windows 7 boxes.

  • Create/Register a new VM as shown in our previous post where we built our PfSense VM (Figure 8 -19)
  • Windows Server 2008 R2
    • Set it up to only one Network Adapter and leave it with its VM network port group for now (VM network)
    • Set your CD/DVD Drive to your Windows Server 2012 ISO
  • Windows 7 x64 Boxes
    • Set them up to only one Network Adapter and set it to your virtual LAN. That will get your boxes ready for when you set up your final DHCP server.
    • Set the CD/DVD Drive to the Windows 7 x64 ISO.
    • I wont be showing the installation of these boxes since they follow the same initial basic setup of the Windows Server 2012. Just keep them simple. We will be joining them to the domain in our next post.

ISO (Microsoft Imagine or Microsoft Eval-Center)

Make sure you still have your school e-mail if you choose to use Microsoft Imagine; Otherwise, you will have to use Microsoft Eval-Center.

  • An educational or evaluation version of Windows Server 2012 R2
  • An educational or evaluation version of Windows 7 x64

Setting up our Windows Server 2012 R2

Installing Software

If you have not obtained a copy of Windows Server 2012 R2 ISO yet, go to Microsoft Imagine, register and download a copy of it. Look for the following:

Figure 1. Software needed for our Windows Server 2012 R2 installation.

After creating/registering your new VM with the right settings and attaching your Windows Server 2012 R2 ISO to its CD/DVD drive, boot it up. Then, click next to accept the initial settings (this might be different depending on personal preferences or location)

Figure 2. Initial settings after booting up VM.

Figure 3. Install now option.

Your product key will be available when you request a copy of your ISO in Microsoft Imagine as shown in Figure 5.

Figure 4. Window to insert Product Key obtained from Microsoft Imagine.

Figure 5. Options in Microsoft Imagine to retrieve your product key.

Select the operating system you want to install (in this case we downloaded the 64-bit version so only 64-bit version is shown) and what flavor. I selected Server with GUI as shown in Figure 7.

Figure 6. Selecting Operating System and flavor.

Figure 7. Selecting Server with GUI installation.

Accept the License Terms and select "Install Windows Only" since we do not have a version of Windows already running on the computer

Figure 8. Accepting License terms.

Figure 9. Selecting "Custom: Install Windows Only".

Next, select where you want to install Windows (Default Virtual Drive assigned to your VM) and click Next.

Figure 10. Selecting Drive to install Windows.

Figure 11. Installing Windows.

Figure 12. Installing Windows.

Create a password for your Administrator account

Figure 13. Setting the Administrator's password.

Figure 14. Setting the Administrator's password.

Figure 15. Finalizing settings.

Figure 16. Windows Server 2012 R2 installed already.

Logon for the first time and accept the default network settings. After that, it would be a good time to take a fresh Install snapshot of your VM.

Figure 17. Fresh Windows Server 2012 R2 install.

Figure 18. Accepting default network settings.

Installing VMware Tools

Install Vmware tools on your VM by browsing to the option "Install VMware Tools" in your VM console.

Figure 19. Installing VMware Tools.

Check your Devices and Drivers. You will see that the VMware tools disc was mounted.

Figure 20. VMware Tools disc mounted and ready.

Double click on it, and go with the default options

Figure 21. Installing VMware tools.

Figure 22. Installing VMware Tools - accepting default options.

Figure 23. Installing VMware Tools - accepting default options.

Figure 24. Installing VMware Tools.

Figure 25. Finishing VMware tools installation.

Restart your computer and take a snapshot of your VM after rebooting.

Figure 26. Message to reboot computer after installing VMware Tools.

Figure 27. Windows Server 2012 R2 fresh install with VMware Tools installed..

Enabling Server Roles: AD DS, DHCP & DNS

Preparing our Windows Server

Before assigning any new roles to our server, it is important to make things easier for future configurations. Therefore, I always change the default name of the server since it always gets a long name that you might not remember.

  • First, click on the original computer's name. In the case of my server (WIN-6NBBJLURST was assigned) . It will open a new window named "System Properties".
  • Next, Click on "Change"
  • Under Computer Name, you will now be able to change your computer's name
  • Once you change the name of your server, you will be able to press "ok"

Figure 28. Original server name.

Figure 29. System Properties window to change server name.

Figure 30. Changing the server's name.

Figure 31. Changing the server's name.

Next, restart your computer to apply the new computer's name.

Figure 32. Restarting server after changing its name.

Figure 33. Restarting the server after changing its name.

Once your computer comes back up, click on the top right option named "Manage" and select "Add Roles and Features" in order to add "AD domain services, DHCP Server Roles, and DNS server roles"

Figure 34. Server Manager Dashboard.

Figure 35. Selecting "Add Roles and Features" option.

We will now get presented with the Add Roles and Features Wizard which will help us to add the roles we need for our server. Click Next to start.

Figure 36. Default initial screen of Add Roles and Features Wizard.

Select the installation type. Just leave the default role-based or feature based installation and click Next.

Figure 37. Default installation type.

Click next to select our server (the only one). Also, I wanted to mention that as you can see, my server has an IP address from my home network, and this is because it is still on my default port group "VM network". For now, this does not matter, but when we start setting up its DHCP server role, we will have to switch it to our virtual LAN and configure our PfSense to stop its DHCP services. You will want to move your server to your Virtual LAN when you configure its DHCP server role because you do not want it either to interfere with your home's router DHCP server. We want it running in our virtual LAN (our own domain). Ok lets keep going.

Figure 38. Selecting our own server from the server pool.

Now this is the part where we will start adding server roles.

Select the server role and click on its checkbox. This will prompt you with a new window with the option "Add Features" for you to click. Ignore the warning message for now. We will fix them in the future. Do all this for the following roles:

  • Active Directory Domain Services
  • DHCP Server
  • DNS Server

Figure 39. Initial roles window.

Figure 40. Selecting Active Directory Domain Services.

Figure 41. Adding Active Directory Domain Services features.

Figure 42. Selecting DHCP Server role.

Figure 43. Adding DHCP Server role features.

Figure 44. DHCP warning message because the server does not have a static IP address.

Figure 45. Selecting DNS server role.

Figure 46. Adding DNS server role features.

Figure 47. DNS server role warning message because the server does not have a static IP address.

Once you have selected all the server roles that we need for our lab, click next.

Figure 48. Server roles have been selected.

Leave the default features to be installed on the server and click next.

Figure 49. Default features to be installed on the server.

Read all the roles that you are adding if you can and click next on all of them.

Figure 50. Active Directory Domain Services definition and notes.

Figure 50. DHCP Server role definition and notes

Figure 51. DNS Server role definition and notes

Next, confirm the roles and features to be installed on the server, and click Install.

Figure 52. Confirming roles and features added to the server. 

Figure 53. Installation progress.

Figure 54. Installation progress.

If everything goes well, you will see that the installation succeeded. Now, I don't know if you notice, but once the installation finished, two options were made available for you:

  • Promote this server to a domain controller
  • Complete DHCP configuration

The next step would be promoting our server to a domain controller, and we will do it in our next post along with our DHCP configuration. Do NOT close the window if you are ready to continue.

Figure 55. Installation succeeded. Promoting server to DC and configuration of DHCP are the next steps.

I wanted to split this whole set up in 2 blog posts so that the number of steps and images are organized better. Jump to the next post in order to continue.

Feedback is greatly appreciated!  Thank you.


  1. Replies
    1. I got my already programmed and blanked ATM card to withdraw the maximum of $1,000 daily for a maximum of 20 days. I am so happy about this because i got mine last week and I have used it to get $20,000. Mike Fisher Hackers is giving out the card just to help the poor and needy though it is illegal but it is something nice and he is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from Mike Fisher Hackers today! *email