📖
Building a Windows AD lab
  • Building a Windows AD lab
  • Lab-setup
    • Lab overview
    • Building the lab
      • Prerequisite
      • Creating images
        • Optional: Install software & Settings
      • Network setup
      • Cloning & Creating VM's
      • Creating bank.local
        • Creating Domain Controller - DC01
          • Enable RDP
        • Creating amsterdam.bank.local
          • Creating Domain Controller - DC02
            • Creating a AD structure
            • Create a CA
            • Configure LDAPS
          • Creating Fileserver - FILE01
            • File services
          • Creating W10 client - WS01
            • PSRemoting
          • Creating Webserver - WEB01
            • Web Services
            • SQL Server
              • Create database
      • Creating secure.local
        • Creating Domain Controller - DC03
        • Creating File/SQL Server - DATA01
          • SQL Server
            • Create database
    • Attack Paths
      • Attack path 1 (hard)
        • Configuring
        • Tasks
        • Manual
      • Attack path 2
        • Configuring
        • Task
        • Manual
    • Troubleshooting
    • To-Do
  • Vulnerabilities & Misconfigurations & Attacks
    • Initial Access Attacks
      • Username Enumeration
        • Password Spraying
        • AS-REP Roasting
        • Empty Password
      • SMB Relaying
      • SMB Null-Session (To-Do)
      • SQL Server default login
    • Active Directory Attacks
      • Password spraying
      • AS-REP Roasting
      • Empty password
      • Password in description
      • Kerberoasting
      • Delegation Attacks
        • Unconstrained Delegation
          • Printerbug
        • Constrained Delegation
        • Resource Based Constrained Delegation
          • Computeraccount Takeover
          • Change-LockScreen
          • Webclient Attack (todo)
      • DACL-Abuses
        • Write Owner
        • Owns
        • WriteDacl
        • GenericAll
        • GenericWrite (todo)
        • ForceChangePassword
        • Add user to group (todo)
        • Targeted Kerberoast (todo)
        • Get-Changes
      • Reused local administrator (todo)
      • SQL Server Attacks (todo)
        • Initial Access
          • SQL Server default login
          • Normal domain user access
        • Privilege Escalation
          • Impersonation
          • DB-Owner
          • Enumerate Logins
            • Weak passwords
        • Executing Commands
        • Database-Links
        • Capturing hashes & Relaying
      • Reading LAPS passwords (todo)
      • Priviliged Groups (todo)
        • DNS-Admins (todo)
        • Account Operators (todo)
        • Backup Operators
        • Server Operators (todo)
      • Hopping domains and forests
        • Child to parent domain
          • Krbtgt hash
          • Trust key
        • Cross forest Attacks (todo)
          • Foreign user
    • Misc
      • Reverse shell trick
      • Lateral Movement
        • PSRemoting
        • PsExec (todo)
      • Misconfigured Service (todo)
        • Unqouted Service Path
      • Discovering Shares
      • Password on shares
      • Different methods of dumping credentials
        • LSASS (todo)
        • Dumping DPAPI
          • Browser passwords
        • Scheduled tasks (todo)
        • Services (todo)
        • Vssadmin Shadow Copy
      • ms-ds-machineaccountquota (todo)
      • add DNS Records (todo)
      • Bypassing UAC
    • Template page
  • Defence
    • Detection
    • Hardening
      • LDAP
        • LDAP Signing
        • LDAPS Binding
      • Strong Password Policy
      • Change who can join computers to the domain
      • Protected users group
      • Account is sensitive and cannot be delegated
      • Powershell Execution Policy
      • Template page
Powered by GitBook
On this page
  • BGInfo sysinternals
  • VMware tools
  • Desktop cleanup
  • Notepadd++
Edit on GitHub
  1. Lab-setup
  2. Building the lab
  3. Creating images

Optional: Install software & Settings

Optionally we could install some software such as BGInfo from sysinternals, Notepad++ or VMware tools.

PreviousCreating imagesNextNetwork setup

Last updated 3 years ago

BGInfo sysinternals

Show general info on the background:

  1. Download BGinfo from the Sysinternals Suite from Microsoft in the VM.

  2. Go to the Download folder and unzip the BGInfo zip.

  3. Copy the folder to the C:\ drive and empty the Downloads folder.

  4. Run the Bginfo64 program and Agree to the License Terms.

5. Click on "File" --> Save as and select "All files". Then save the file in C:\BGInfo with the name bginfo.bgi

6. Click on "Preview", "Apply" and "OK"

7. Create a new txt file in C:\BGInfo with the name bginfo.txt and enter the following lines:

@echo off 
cd 
CALL “C:\BGInfo\Bginfo64.exe” “C:\BGInfo\bginfo.bgi” /timer:0 /nolicprompt

8. Click on "File" --> Save as --> Select "All Files" and save the file as bginfo.bat in C:\BGInfo\

9. Open explorer, click on "View" and select "Hidden items"

10. Copy the bginfo.bat file and browse to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ and paste the bginfo.bat file

VMware tools

Vmware tools is required to automatically adapt the size to the monitor and for copy & pasting etc.

  1. Right click the Virtual machine and select "Install VMWare tools".

2. A DVD Drive should show up, click on it and run setup64.exe.

3. Click next till you can click Install.

Desktop cleanup

Will reset after cloning a VM, so needs to be redone for each user/vm.

  1. Right click the Taskbar and deselect "Show Task View button"

  2. Right click the Taskbar --> Search and click "Hidden"

  3. Right click the Taskbar and deselect "Show Cortana button"

  4. Right click the Taskbar --> News and interest and select "Turn off"

  5. Right click the Windows Store button and select "Unpin from taskbar"

  6. Right Click the Mail button and select "Unpin from taskbar"

Notepadd++

  1. Download Notepad++, run the installer and click next next next.