Setting up a Lab Environment - Paiet/Tech-Journal-for-Everything GitHub Wiki

What software do you need? (Plan on searching for the latest versions on the web and downloading what you need, unless I note that I will provide it for you)

  • Microsoft Windows Server 2016 Standard Edition

  • Kali Linux

  • Bitvise SSH Server

  • ntopng

  • Oracle VM VirtualBox

  • XAMPP

  • MultiChain ( I am providing it to you )

  • MultiChain Web Demo ( I am providing it to you )

  • PuTTY

  • Autopsy ( I am providing it to you )

  • OPNsense

What do I need to do first? Windows Server 2016 Setup

Install Windows Server 2016:

  1. Boot the computer with the Windows Server 2016 installation DVD or USB drive. Press a key if prompted to boot from DVD or USB to start the Windows Server 2016 setup program.

  2. In the Windows Setup window, EITHER accept the default values to set Language to install to English (United States), Time and currency format to English (United States), and Keyboard or input method to US, OR change the values as necessary to localize as needed. Select Next.

  3. Select Install now.

  4. If prompted, on the Enter the product key to activate Windows page, type your product key and select Next.

  5. On the Select the operating system you want to install page, select Windows Server 2016 Standard (Desktop Experience) and select Next.

  6. On the Applicable notices and license terms page, read the terms, check the I accept the license terms check box, and select Next.

  7. On the Which type of installation do you want? page, select Custom: Install Windows only (advanced).

  8. Select each existing partition and select Delete. If necessary, confirm the deletion of each partition by selecting OK.

  9. Select Drive 0 Unallocated Space and select New. In the Size spin box, double-click and type 100000 and select Apply to allocate 100 GB for the C: volume.

10.If necessary, in the Windows Setup message box, select OK to allow Windows to create additional partitions for system files.

11.Select the partition with approximately 100 GB and select Next.

12.On the Installing Windows page, observe the progress of the installation. Wait for the installation to complete. The system will automatically reboot.

13.For the Administrator user, in the Password and Reenter password text boxes, enter ! Pass1234 as the password and select Finish.

14.Press Ctrl+Alt+Delete and log on as Administrator, using the password you just specified.

15.If necessary, in the Networks pane, select No.

Update the operating system:

  1. On the desktop, select the Start button.

  2. Select the Settings icon.

  3. In the Settings app, select Update & security.

  4. Select the Check for updates button.

  5. Allow Windows Update to download and install updates.

  6. When the updates are finished installing, select Restart now.

  7. After updates are finished configuring, sign back in to Windows.

Disable automatic updates:

  1. On the desktop, right-click the Start button and select Command Prompt (Admin).

  2. At the prompt, enter sconfig

  3. Enter 5 to select Windows Update Settings.

  4. Enter M to select (M)anual.

  5. In the Update Settings dialog box, select OK.

  6. Close the command prompt window.

Change the computer name:

  1. Right-click the Start button and select System.

  2. In the System window, to the right of the Computer name, domain, and workgroup settings section, select Change settings.

  3. In the System Properties window, on the Computer Name tab, select the Change button.

  4. In the Computer name text box, type Server01.

  5. Select OK, then in the Computer Name/Domain Changes message box, select OK.

  6. Select Close, then in the Microsoft Windows message box, select Restart Now. Close the System window.

Configure the IP address:

You will need to figure out your IP addressing for each of your two Windows Servers based on how you wish to configure it. Make sure that BOTH Windows Servers AND ALL OTHER MACHINES are on the same subnet and able to communicate with each other.

Ensure Windows Server 2016 displays file extensions and hidden items:

  1. On the taskbar, select the File Explorer icon.

  2. On the ribbon, select the View tab.

  3. On the ribbon, in the Show/hide group, check the File name extensions and Hidden items check boxes.

  4. Close File Explorer.

Install the Active Directory Domain Services role and promote the computer to a domain controller:

  1. In Server Manager, in the Configure this local server section, select Add roles and features.

  2. In the Add Roles and Features Wizard, on the Before you begin page, select Next.

  3. On the Select installation type page, verify that the Role-based or feature-based installation radio button is selected and select Next.

  4. On the Select destination server page, verify that the Server## is selected from the server pool and select Next.

  5. On the Select server roles page, check the Active Directory Domain Services check box.

  6. In the Add Roles and Features Wizard dialog box, select Add Features. Select Next.

  7. On the Select features page, select Next.

  8. On the Active Directory Domain Services page, select Next.

  9. On the Confirm installation selections page, check the Restart the destination server automatically if required check box, and in the Add Roles and Features Wizard message box, select Yes.

  10. Select Install. When installation completes, select the Promote this server to a domain controller link in the contents section.

  11. In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration page, select the Add a new forest radio button.

  12. In the Root domain name text box, type domain##.internal, where ## matches the number in the computer name, and select Next.

  13. On the Domain Controller Options page, verify that Windows Server 2016 is listed in both the Forest functional level and Domain functional level drop-down lists.

  14. In the Specify domain controller capabilities section, verify that the Domain Name System (DNS) server check box is checked.

  15. In the Type the Directory Services Restore Mode (DSRM) password section, in both the Password and Confirm password text boxes, type !Pass1234 and select Next.

  16. On the DNS Options page, select Next.

  17. On the Additional Options page, verify that the NetBIOS domain name is DOMAIN## and select Next.

  18. On the Paths page, select Next.

  19. On the Review Options page, select Next.

  20. After the prerequisites check completes successfully, select Install. After installation completes, the computer will automatically restart.

  21. Log on to DOMAIN## as Administrator.

Install and configure an FTP server:

  1. In Server Manager, select Add roles and features.

  2. Select Next three times.

  3. On the Select server roles page, check the Web Server (IIS) check box, then select Add Features.

  4. Select Next three times.

  5. On the Select role services page, scroll down and check the FTP Server check box, then select Next.

  6. On the Confirm installation selections page, check the Restart the destination server automatically if required check box, and in the Add Roles and Features Wizard message box, select Yes.

  7. Select Install. When installation completes, select Close.

  8. In Server Manager, select Tools→Internet Information Services (IIS) Manager.

  9. In the Connections pane, expand the server object and then expand Sites.

  10. Right-click Default Web Site and select Manage Website→Stop.

  11. In the Connections pane, right-click Sites and select Add FTP Site.

  12. In the Add FTP Site wizard, in the FTP site name text box, type Default FTP Site

  13. In the Physical path text box, type C:\inetpub\ftproot and select Next.

  14. On the Binding and SSL Settings page, in the SSL section, select No SSL. Select Next.

  15. On the Authentication and Authorization Information page, in the Authentication section, check the Basic check box. Select Finish.

  16. In the Connections pane, select Default FTP Site, and in the Default FTP Site Home pane, double-click FTP Authorization Rules.

  17. In the Actions pane, select the Add Allow Rule link.

  18. Verify that all users are allowed access to the FTP site. In the Permissions section, check the Read check box and select OK.

  19. Close the Internet Information Services (IIS) Manager window.

Allow authenticated users to log on to the domain controller:

  1. In Server Manager, select Tools→Group Policy Management.

  2. Expand the console tree (Forest: domain##.internal→Domains→domain##.internal→Domain Controllers) and select Default Domain Controllers Policy.

  3. In the Group Policy Management Console message box, select OK.

  4. Select Action→Edit.

  5. In the Group Policy Management Editor window, under Computer Configuration, expand Policies→Windows Settings→Security Settings→Local Policies.

  6. Select User Rights Assignment.

  7. In the details pane, double-click Allow log on locally.

  8. In the Allow log on locally Properties dialog box, verify that the Define these policy settings check box is checked, and select Add User or Group.

  9. In the Add User or Group dialog box, select Browse.

  10. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select text box, type Authenticated Users and select OK.

  11. In the Add User or Group dialog box, select OK.

  12. Select OK to close the Allow log on locally Properties dialog box.

  13. Close the Group Policy Management Editor and Group Policy Management windows.

Define new inbound rules to allow various traffic through the firewall:

  1. In Server Manager, select Tools→Windows Firewall with Advanced Security.

  2. In the Windows Firewall with Advanced Security window, in the console tree, select Inbound Rules.

  3. In the Actions pane on the right, select New Rule.

  4. In the New Inbound Rule Wizard, on the Rule Type page, select Port and select Next.

  5. On the Protocol and Ports page, in the Specific local ports text box, type 22 and select Next.

  6. On the Action page, verify that the Allow the connection option is selected and select Next.

  7. On the Profile page, select Next.

  8. On the Name page, in the Name text box, type SSH Allowed and select Finish to complete the wizard steps.

  9. Repeat these steps to add a new inbound rule called FTP Allowed for port 21.

  10. Repeat these steps to add a new inbound rule called HTTP Allowed for port 80.

11.Repeat these steps to add a new inbound rule called MultiChain Allowed for port 9701.

Enable outbound rules that allow network discovery traffic:

  1. In the console tree, select Outbound Rules.

  2. Scroll down to the bottom of the list.

  3. Hold Shift and select the first and last Network Discovery rule, then right-click and select Enable Rule to enable all of them. There are 10 such rules.

  4. Close the Windows Firewall with Advanced Security window.

Configure Internet Explorer 11:

  1. From Server Manager, select Local Server.

  2. Next to IE Enhanced Security Configuration, select On.

  3. In the Internet Explorer Enhanced Security Configuration dialog box, under Administrators, select the Off radio button, then select OK.

  4. On the taskbar, select the Internet Explorer icon.

  5. In the Internet Explorer 11 dialog box, select Don't use recommended settings and select OK.

Install the XAMPP web server:

  1. Double-click the xamppwin32installer.exe.

  2. In the Open File - Security Warning dialog box, select Run.

  3. In the Warning dialog box, select OK.

  4. In the Setup wizard, select Next.

  5. On the Select Components page, uncheck all components except Apache, PHP, and phpMyAdmin, then select Next.

  6. On the Installation folder page, select Next.

  7. On the Bitnami for XAMPP page, uncheck Learn more about Bitnami for XAMPP and select Next.

  8. On the Ready to Install page, select Next.

  9. After installation completes, select Finish.

  10. In the Language dialog box, select Save.

  11. In the XAMPP Control Panel , in the Apache row, select Start.

  12. Verify that Apache is running, then close the control panel window.

Install the MultiChain Web Demo interface:

  1. Right-click multichainweb-demo-master.zip and select Extract All.

  2. In the Extract Compressed (Zipped) Folders dialog box, in the Files will be extracted to this folder text box, type C:\xampp\htdocs

  3. Select Extract and overwrite any files.

Build your KALI machine:

Download the latest stable version of KALI and install. We use a variety of the tools from the Kali desktop, but they are selected and configured as needed during the demonstration, so all you need to do is have Kali installed and networked, and you are all set.

NOTE: Use the default installation parameters and use the root user and default password of toor for the Kali installation.

Build you OPNSense machine:

Download the latest stable version of OPNSense and install. We will configure the OPNSense installation as part of the demonstration I'll get to at some point 👍.

NOTE: Use the default installation parameters and use the root user and default password of opnsense for the installation.

Download and install ntopng in a Windows 10 machine ... DO NOT RUN THIS IN the WINDOWS SERVER 2016 machines/vms you build, as it does not work correctly !!!