Open in app

Sign in

Write

Sign in

PEH (Practical Ethical Hacking) — Setting Up the Domain Controller on VirtualBox

Domenique
6 min readNov 15, 2023

--

This is a step-by-step guide for configuring a Domain Controller on VirtualBox.
It is a crucial setup for the PEH course’s Active Directory labs, as this setup paves the way for all the subsequent modules where attack vectors and mitigations are taught in an Active Directory context.

Important Warning

⚠ This guide provides instructions for configuring a Domain Controller specifically tailored for the PEH course labs. It is intentionally set up with vulnerabilities for educational purposes and should NOT be used in a production environment. ⚠

Pre-requisites

  • 16GB of RAM
  • VirtualBox
  • Windows Server 2022 64-bit ISO

VirtualBox Network Setup

First of all, all lab machines must be attached to the NatNetwork network. NAT, orNetwork Address Translation, serves as a localized virtual network within our labs, enabling the isolation of individual machines within a dedicated network.

This configuration ensures internet access for these machines while shielding them from external access.

Configuration steps:

  1. Navigate to Tools→ Network → NAT Networks.
  2. Set the CIDR to → 192.168.57.0/24.
  3. Ensure that all lab machines are configured to use the NATNetwork as their designated network.
VirtualBox NAT Networks wizard

Getting the ISO for the virtual machine

To set up the lab environment, you’ll need the following virtual machine image. Simply follow the provided link and fill out the form to unlock the download of the ISO (Please note that providing real data in the form is not necessary).

Windows Server 2022 Trial (microsoft.com)

Download the 64-bit edition

Creating a New Box

On VirtualBox, create a new box and use the following configuration parameters:

  • Type = Microsoft Windows
  • Version = Windows 2016 (64-bit)
  • Hardware = Minimum of 4GB of RAM
  • 1 processor is fine
  • Disk Size = 60GB
Creating the Windows Server 2022 machine

Before initializing the machine, setup the ISO:

Selecting the ISO for the Server machine

Operating System Setup

When you first boot the server you’ll have to install the operating system and configure a few things.
The first step is to pick the language that you prefer and then proceed to the installation page. Click on install and continue till you reach this stage:

Server GUI setup

Ensure you pick Windows Server 2022 Standard Evaluation (Desktop Experience) to have a GUI.

Afterwards, pick the Custom Install option, and proceed to add a new partition.
Keep the default values provided during this step.
If you observe only two partitions (instead of 3), it’s fine.

Adding Partitions

After this step you’ll be prompted to insert the Administratorpassword.
I’ll stick with the password that Heat used, so let’s go with P@$$word! .

Setting Administrator password

After this step, you will be able to login into the server with the Administrator credentials!

Rename The Machine

Before proceeding with the Domain Controller setup, let’s rename this machine to HYDRA-DC. This will help us in the next labs during our reconnaissance phase to easily identify the domain controller.

Type on the windows search bar “name” and click on View your PC name:

Renaming Server

Configuring the Domain Controller

Now we are ready for the most important part of the setup, setting up the Domain Controller that we will be attacking on the next labs! Let’s head over the Server Manager Dashboard (it should open automatically as soon as the server boots up).

  1. Open Server Manager > Manage > Add Roles and Features

2. A new wizard will pop up:

Add Roles and Features Wizard

Add Roles and Features setup

  1. Before you Begin > Next.
  2. Installation type >Role-based or feature-based installation
  3. Server Selection > Next (HYDRA-DC should be selected).
  4. Server Roles >Click on Active Directory Domain Services checkbox (see below image 1) > Click on “Add Features".
  5. Features > Next.
  6. AD DS > Next.
  7. Confirmation > Install.
  8. When the installation is ready, click on Promote this server to a domain controller:
Step 4 — Server Roles

After clicking on Promote this server to a domain controller, a new wizard will open up. Proceed with the following options:

  1. Deployment Configuration > Select the Add a new forest option and set the Root domain name = MARVEL.local
  2. Domain Controller Options > Keep default configurations, just set the password P@$$word!
  3. DNS Options > Next.
  4. Additional Options (Should set MARVEL automatically) > Next.
  5. Paths > Next.
  6. Review Options > Next.
  7. Prerequisites Check (You should see “All prerequisites checks passed successfully) > Install.
  8. Await for the installation to complete and reboot the machine.
Deployment configuration wizard
If everything is good, we’ll see this screen before the installation

Login as MARVEL\Administrator

By now, after the reboot you should be seeing this screen:

This means that we will be logging for the first time into the MARVEL Domain!

Now there is just one last thing missing to setup in order to unlock another few attack vectors.

Setup Certificate Services

Again let’s head over the Server Manager. Manage > Add Roles and Features

  1. Before you Begin > Next.
  2. Installation Type >Role-based or feature-based installation.
  3. Server Selection > Next.
  4. Server Roles >Check the Active Directory Certificate Services checkbox > click on “Add Features”
  5. Features > Next.
  6. AD CS > Next.
  7. AD CS > Role Services > Make sure that Certification Authorityis checked > Next.
  8. Confirmation > Check the Restart the destination server automatically if required checkbox > Install.
  9. Await for the installation and then click on Configure Active Directory Certificate Services on the destination server
Step 4 — Server Roles
Step 9 — Opens up the next wizard for the Credentials

Configure Credentials Setup

  1. Credentials > should be set to MARVEL\\Administrator > Next.
  2. Role Services > Click on the Certification Authority checkbox.
  3. Setup Type > Enterprise CA
  4. CA Type > Root CA
  5. Private Key > Pick the Create a new private key option
  6. Cryptography (keep default SHA256) > Next.
  7. CA Name > Next.
  8. Validity Period > change to 99 years.
  9. Certification Database > Next.
  10. Confirmation > Configure.
AD Certificate Service Configuration

After completing the configuration, reboot the server.

Conclusion

Great job! Your Domain Controller is up and running on VirtualBox, and now the only remaining step is to add the users and groups. All the details for this step are covered in the video “Setting Up Users, Groups, and Policies”.

Once you’ve set up the users, groups and the windows machines, you’ll be ready to delve into exploring various attack vectors and their mitigations within the Active Directory environment! 🚀

Pjpt
Tcm Academy
Domain Controller
Hacking
Setup

--

--

Domenique

Written by Domenique

11 Followers

software developer && cybersecurity enthusiast

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams