Windows User VM
Last updated
Last updated
I usually go with a VM with or . I have VMWare Workstation Pro as Broadcom bought out VMWare and made it free, you just need an account with them. You can go with either VMWare or Virtualbox, both work and it just comes down to personal preference on the application and what you're use to.
Obviously your setup may differ depending on your system specs. I typically go with 4GB(4096 MB) of RAM per VM, 2 processors and 2 cores per processor but I am running with 32GB of RAM and an Intel i7-10750H.
If you need to, you can start with 4 or 8GB of RAM and 2 processors and 2 core per processor, for the install so it goes faster then drop it down to 2 or 4GB of RAM and 2 processors and 1 core per processor for the victim machines.
Starting with typical setup
I add the .iso after
Select the size of the VM. This will NOT the overall size, this is just the max size of the VMs HDD space and will fill up as we add more to the VM that takes up space.
If this VM will be on a PC and not be used from an external HDD or moved around you can store it as a single file but if you plan on using this VM on other PC or from an external HDD it's a better idea to split it into multiple files.
Finally we can now customize our hardware. This is where we can customize the RAM, Processors, ISO files, Network Settings, etc. This is where we select our Windows Server ISO.
I recommend disabling the Printer, Sound Card, and under Display unchecking 'Accelerate 3D Graphics'.
I usually increase the RAM for the install so it goes quicker then drop it down after.
For install purposes, I up it to 8GB of ram and 4 Processors. Also add in the .iso file now.
When finished, click close > finish > turn on the VM. Be sure to click into the VM to press a button when it starts.
Press Shift+F10 to bring up the Command Prompt
Run regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup and make a new Key called "LabConfig"
Inside there create DWord(32-Bit) Values for:
BypassTPMCheck
BypassRAMCheck
BypassSecureBootCheck
and change their value to 1
Close out that window to exit the installation and start from the beginning window.
Click INSTALL NOW, then accept the EULA and click next
I go with the custom installation option.
Select the hard drive and click next
Click Next
Wait for the install process to finish and restart
After install and it reboots
We choose our region, keyboard layout, etc. and we can setup our account. Select 'sign-in options'
Then 'Domain Join Instead'
Input our username and password, password confirmation, and security questions
Disable all the privacy settings and click accept.
It will now do Windows setup and such
We're now logged in and can install VMWare Tools
We need to set out DNS Server to be the IP of our Domain Controller. So open the start menu, search for and open Control Panel.
In the top right, change it from 'Category' to 'Small/Large Icons', then open network and sharing center.
On the left hand side, select 'Change Adapter Settings', then right click on the adapter, and select properties.
Select Internet Protocol Version 4 (TCP/IPv4) and then properties.
Change the DNS settings and set it to be the Domain Controllers IP address.
Open the start menu and search for domain, and select 'Access work or school'
Click the blue 'Connect' button
Select 'Join this device to a local Active Directory domain'.
and follow the steps. Add in your domain name followed by .local, Eg. Gibson.local, sign in with Domain Admin credentials, reboot, and ta-da! You're now on a domain
From an admin CMD on the User Machine, we can run the script.
You MAY need to bypass TPM. If so, continue on. If not, skip ahead a little bit to .
There a great from we can run that will give us a nice setup to practice Privilege Escalation tactics.
