📖
Building a Windows AD lab
  • Building a Windows AD lab
  • Lab-setup
    • Lab overview
    • Building the lab
      • Prerequisite
      • Creating images
        • Optional: Install software & Settings
      • Network setup
      • Cloning & Creating VM's
      • Creating bank.local
        • Creating Domain Controller - DC01
          • Enable RDP
        • Creating amsterdam.bank.local
          • Creating Domain Controller - DC02
            • Creating a AD structure
            • Create a CA
            • Configure LDAPS
          • Creating Fileserver - FILE01
            • File services
          • Creating W10 client - WS01
            • PSRemoting
          • Creating Webserver - WEB01
            • Web Services
            • SQL Server
              • Create database
      • Creating secure.local
        • Creating Domain Controller - DC03
        • Creating File/SQL Server - DATA01
          • SQL Server
            • Create database
    • Attack Paths
      • Attack path 1 (hard)
        • Configuring
        • Tasks
        • Manual
      • Attack path 2
        • Configuring
        • Task
        • Manual
    • Troubleshooting
    • To-Do
  • Vulnerabilities & Misconfigurations & Attacks
    • Initial Access Attacks
      • Username Enumeration
        • Password Spraying
        • AS-REP Roasting
        • Empty Password
      • SMB Relaying
      • SMB Null-Session (To-Do)
      • SQL Server default login
    • Active Directory Attacks
      • Password spraying
      • AS-REP Roasting
      • Empty password
      • Password in description
      • Kerberoasting
      • Delegation Attacks
        • Unconstrained Delegation
          • Printerbug
        • Constrained Delegation
        • Resource Based Constrained Delegation
          • Computeraccount Takeover
          • Change-LockScreen
          • Webclient Attack (todo)
      • DACL-Abuses
        • Write Owner
        • Owns
        • WriteDacl
        • GenericAll
        • GenericWrite (todo)
        • ForceChangePassword
        • Add user to group (todo)
        • Targeted Kerberoast (todo)
        • Get-Changes
      • Reused local administrator (todo)
      • SQL Server Attacks (todo)
        • Initial Access
          • SQL Server default login
          • Normal domain user access
        • Privilege Escalation
          • Impersonation
          • DB-Owner
          • Enumerate Logins
            • Weak passwords
        • Executing Commands
        • Database-Links
        • Capturing hashes & Relaying
      • Reading LAPS passwords (todo)
      • Priviliged Groups (todo)
        • DNS-Admins (todo)
        • Account Operators (todo)
        • Backup Operators
        • Server Operators (todo)
      • Hopping domains and forests
        • Child to parent domain
          • Krbtgt hash
          • Trust key
        • Cross forest Attacks (todo)
          • Foreign user
    • Misc
      • Reverse shell trick
      • Lateral Movement
        • PSRemoting
        • PsExec (todo)
      • Misconfigured Service (todo)
        • Unqouted Service Path
      • Discovering Shares
      • Password on shares
      • Different methods of dumping credentials
        • LSASS (todo)
        • Dumping DPAPI
          • Browser passwords
        • Scheduled tasks (todo)
        • Services (todo)
        • Vssadmin Shadow Copy
      • ms-ds-machineaccountquota (todo)
      • add DNS Records (todo)
      • Bypassing UAC
    • Template page
  • Defence
    • Detection
    • Hardening
      • LDAP
        • LDAP Signing
        • LDAPS Binding
      • Strong Password Policy
      • Change who can join computers to the domain
      • Protected users group
      • Account is sensitive and cannot be delegated
      • Powershell Execution Policy
      • Template page
Powered by GitBook
On this page
  • Configuring Windows Firewall for SQL Server
  • Testing connectivity
Edit on GitHub
  1. Lab-setup
  2. Building the lab
  3. Creating bank.local
  4. Creating amsterdam.bank.local
  5. Creating Webserver - WEB01

SQL Server

PreviousWeb ServicesNextCreate database

Last updated 3 years ago

  1. Login to WEB01 as the Administrator user with password Welcome01!.

  2. Download SQL Server 2019 from .

3. When smartscreen comes up select "Run".

The SQL Server Installation may require internet access, temporally add a second adapter in the machine settings and select the NAT network. The machine should have internet access. (ps our first adapter is different since our lab runs on a ESXI host).

4. On "Select an installation type" select "Basic":

5. Accept the License Terms and click "Install".

6. Once the installation is finished, click on "Customize".

7. Check "Use Microsoft Update to check for updates" and click next till the step "License Terms" and accept them:

8. At the step "Feature Selection" choose the following options:

  • Database ENgine Services

  • SQL Server Replication

  • Client Tools Connectivity

  • Client Tools SDK

9. Click Next and fill in the Instance name dev.

10. Change the "Startup Type" for the "SQL Serer Agent" to "Automatic" and make sure all three are set to "Automatic", click "Next".

11. At the next step select "Mixed Mode" and fill in the password Password1!. Then select "Add" at the "Specify SQL Server administrators" and add amsterdam\administrator then click Next.

12. Click "Install" and wait for the installation to finish.

13. Open the "SQL Configuration Manager".

13. Expand "SQL Server Network Configuration" and select "Protocols for DEV". Double click on "TCP/IP" and select the "IP Addresses" tab. Fill in 1433 for "TCP Port".

14. Scroll to the bottom and also configure IPAll:

14. Then click "Apply".

15. Open "SQL Server services" and right click on "SQL Server (DEV)" and click "Restart".

16. Do the same for "SQL Server Agent":

Configuring Windows Firewall for SQL Server

  1. Search for "Windows Defender Firewall with Advanced Security" and select "Windows Defender Firewall with Advanced Security"

2. Rightclick on "Inbound Rules" and select "New rule".

3. Select "Port" and click "Next"

4. Make sure "TCP" is selected and fill in port 1433 and click "Next":

5. Click next at the step "Profile". Fill in the name "Allow TCP 1433 MSSQL Server for all" and click "Finish":

6. When done remove the "NAT" adapter from the virtual machine.

Testing connectivity

1. Open the Kali machine and run a quick Nmap to check if the port is open:

sudo nmap -p 1433 10.0.0.5 -Pn -n

Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-06 11:39 CET
Nmap scan report for 10.0.0.5
Host is up (0.017s latency).

PORT     STATE SERVICE
1433/tcp open  ms-sql-s

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

17. Download and Install . Just Click "Install" and reboot the system.

SQL Server Mangement Studio
Microsoft Evaluation Center