CEHv12 LAB SETUP GUIDE

Updated July 22, 2023

Overview
Use this guide to set up your lab for the CEHv12 activities. You will:

1. Prepare your host PC.

2. Download and set up the virtual machines.

Lab Environment
Your lab consists of (7) virtual machines (VMs) running on your host PC. Six are traditional VMware VMs, and
one is an Android emulator named BlueStacks. You will turn VMs on and off as needed for the various activities.

VM logon credentials

Virtual Machine Username / Password Comment

Kali-Linux-2022.2-vmware-amd64 kali / kali Linux is case-sensitive
root / kali
Metasploitable2-Linux msfadmin / msfadmin Press Ctrl+Alt to release a trapped
mouse
bee-box bee / bug • Should log in automatically
• You might have to switch the
keyboard layout
Server2016 Administrator / Pa22w0rd! none
XP-PRO admin / password none
W2k karen / carrot none
BlueStacks 5 na / na none

1. Prepare Your Host PC

Before you can set up your lab, you must prepare your student host machine. This can be a laptop or desktop
running Windows 10 or later.

Host PC Minimum Requirements

Your Host PC must meet the following minimum requirements:

• Intel i5 CPU 64-bit

• 8 GB RAM (16 GB or more recommended)
• 150 GB Free Disk Space
• Windows 10 64-bit
• Camera (internal or external)
• High-speed Internet access

Back Up Your PC
When working with hacking tools, there is always a chance that you could accidentally damage your operating
system, apps, or data. Be sure to back up all important data to a removable drive or the cloud before you start.
Disable any anti-virus programs
Many of the tools you will use in this lab are considered malicious. Disable any anti-virus program you have
running on your Host PC, including real-time protection. If you use Windows Security, go to Settings → Privacy
& security → Windows security → Virus & threat protection → Manage settings. Turn off all of the protection
features. At the bottom, under Exclusions, click Add an exclusion→ Folder → Local Disk (C:) → Select folder.

Uninstall Hyper-V
Microsoft Hyper-V is incompatible with VMware. You will need to uninstall it for VMware Workstation Player to
run:

1. Search for and open Control Panel.

2. Click Uninstall a program.
3. Click Turn Windows Features on or Off.
4. Ensure that Hyper-V is unchecked (un-ticked) and click OK.
5. If prompted to reboot, do not do so yet.
6. Click Start → Command Prompt.
7. Right-click Command Prompt → Run as administrator. When prompted, click Yes.
8. Type the following command and press Enter:
bcdedit /set hypervisorlaunchtype off
9. Close the Command Prompt window.
10. Reboot your Host PC and then log back in.

Install Software and Activity Files on Your Host PC

1. On your Host PC, download CEHv12-Files.exe self-extracting archive from any of these mirrors:

• https://drive.google.com/drive/folders/1PaGzxmwnraVXBKpIa_p5P1b-yFgYyLnE?usp=sharing
• https://drive.google.com/drive/folders/1PSss5fInDyKc55-BvPL4z2Y49mIRG3pR?usp=sharing
• https://drive.google.com/drive/folders/1g6Gqv_9VMSwKqGuskX-CTRkZ3lz2IHXo?usp=sharing
• https://drive.google.com/drive/folders/1bQj-N1nWN77vmoj8djoZRPFVcvSTx7vp?usp=sharing

2. Double-click CEHv12-Files.exe and allow it to extract into a folder. It contains 3 subfolders: Activity Files,
Host PC Software, and Specimens.
3. Navigate into the Host PC Software folder.
4. Perform a default installation of the following items in this order:

• Google Chrome 64-bit Standalone Installer (ChromeStandaloneSetup64.exe)

• 7-zip (7z2107-x64.exe)
• VMware Workstation 17 Player (VMware-player-full-17.0.2-21581411.exe)
• BlueStacks version 5 or later (BlueStacksInstaller_5.7.110.1002_native.exe)
• PuTTY
• Wireshark (Wireshark-win64-3.6.5.exe)
(Optional) Install Additional Tools on Your Host PC
A number of activities use tools that can be run from either the Server2016 VM or your Host PC. If you prefer to
run them from your Host PC, then install them now. If not, they are already installed in the Server2016 VM.
Running them on your Host PC will provide better performance. Running them on Server2016 makes it easy to
discard them when you are through with this course.

1. In CEHv12-Host-PC-Tools, navigate into the Optional folder.

2. Install these files in this order:

• .NET Framework 3.5 (dotNetFx35setup.exe – required by FOCA)

• HTTrack (httrack_x64-3.49.2.exe)

• Angry IP Scanner (ipscan-3.8.2-setup.exe)

• Zenmap (nmap-7.92-setup.exe)
• Quick Stego (QS12Setup.exe)
• Notepad++ (notepad-pp.exe)
• .NET Framework 4.8 (ndp48-web.exe – required by JetBrains DotPeek)

• JetBrains DotPeek (JetBrains.dotPeek.2023.1.4.web.exe)

3. Unzip FOCA. It is standalone and does not require installation.

Note: Idserve.exe is standalone and does not require installation.

Note: The following are limited-time trials. You will install them later:

• Web Data Extractor (web-data-extractor.exe)

• eMail Tracker Pro (emt.exe)
• Java Runtime Environment 8u331 (jre-8u331-xxx.exe) – required by eMail Tracker Pro

Create a Test Gmail account

You will use a live email Gmail account for some activities. Identify or create an account you can use.

1. Open a browser to gmail.com.

2. At the Sign in page click Create account.
3. Select For my personal use.
4. Enter details as required.
5. When finished, send/receive a test email to ensure that the account is working ok.

Your Host PC is now ready!

You can now set up your VMs.
2. Set Up the Virtual Machines
The VMs are zipped up into multi-part self-extracting archives:

➢ (3) Group A Linux VMs

➢ (3) Group B Windows VMs

Download Group A Linux VMs

Group A consists of:

• bee-box (3 pieces)
• Kali-Linux-2022.2 (11 pieces)
• Metasploitable2 (2 pieces)

Download all pieces from any of the following mirrors:

• https://drive.google.com/drive/folders/1JC6ghJUBKrJnWfnNr6Uon0QONLemOWzH?usp=sharing
• https://drive.google.com/drive/folders/1Mvr0QuTthqyheaI5YjR5lathElv9HypX?usp=sharing
• https://drive.google.com/drive/folders/1C9Lgp4qyH9wp-CuBS0KQKrCs--Wly82s?usp=sharing
• https://drive.google.com/drive/folders/1d6I7BXHCwzmrQldUwkvz02e8MlYWWlBv?usp=sharing
• https://drive.google.com/drive/folders/124cFIyJXi-k1PG89_Fr8BjL6GKYUniCL?usp=sharing

Download Group B Windows VMs

Group B consists of:

• Server2016 (11 pieces)

• Windows XP Professional (3 pieces)
• W2k (2 pieces)

Note: The Windows VMs are trial copies with a limited life span

Download all pieces from any of the following mirrors:

• https://drive.google.com/drive/folders/1e-Diwnv3kbPxBbKZWDYuItxm0eAqk9Hh?usp=sharing
• https://drive.google.com/drive/folders/12Olnbcf_Ou_oBqm5GzOc58pdroLw3LUJ?usp=sharing
• https://drive.google.com/drive/folders/1n3DPFVWm82okfKxMfNkJI69nOf3Ukxdo?usp=sharing
• https://drive.google.com/drive/folders/1D1j5F8V1swBCYaHvlJKRHUVvl0qk5Oi_?usp=sharing
• https://drive.google.com/drive/folders/1DkuzX66uK1L8dGC7yObLDIk0dUEQ74he?usp=sharing
Extract the VMs
Once all parts of all six VMs have been downloaded, you will unzip them.

1. Locate and double-click Kali-Linux-2022.2.exe.

2. In the 7-Zip self-extracting archive popup dialog box, click Extract.
3. Allow Kali Linux to extract into a folder of the same name.
Note: The extraction process will reassemble all of the Kali Linux pieces into a single VM.
4. Using the same technique, extract the other 5 VMs.

Add the VMs to the Player Library

1. Double-click the VMware Workstation 17 Player launcher to start the app.
2. Click Open a Virtual Machine.
3. Navigate into the Kali-Linux-2022.2 folder.
4. Select Kali-Linux-2022.2-vmware-amd64 and click Open.
5. In the VMware Workstation Player Library (left pane), verify that you see the Kali-Linux-2022.2-
vmware-amd64 VM.

6. Click Home.
7. Using the same technique, open the other five VMs in Player.
8. Verify that you now see all six VMs in the VMware Player library.
Set VM NIC Configuration to NAT
All of the VMs (except for bee-box) are configured with multiple network interfaces (NICs). This allows the
activities to have different network configurations. You will connect and disconnect the various NICs, pinging
between the VMs to ensure connectivity.

1. Set Kali to NAT

a. In VMware Workstation Player, select (but do not start) the Kali VM
b. Click Edit virtual machine settings

c. In the Virtual Machine Settings Hardware tab, ensure that the network adapter that is set to NAT
will connect at power on.

d. Now ensure that the network adapter set to Custom will NOT connect at power on.
 e. Using the same technique, repeat this process for XP-PRO, Server2016, W2K, and Metasploitable.

Test NAT Network Connectivity

This network configuration is used in most of the activities.

You will use Server2016 to ping all of the other VMs.

1. Prepare Server2016
a. In VMware Workstation Player, select Server2016 and click Play virtual machine.
b. If you are prompted with a popup stating This virtual machine might have been moved or copied,
click I Copied It.
c. Allow Server2016 to boot up.
d. In the upper-left of the Server2016 VM, locate the Ctrl+Alt+Del button and click it.

e. Ensure that Administrator is selected, for the password type Pa22w0rd! and then press Enter.
f. When you see the desktop, in the lower-left corner of the VM, click the Start (Window) button
g. When the fly-up list appears, start typing cmd
h. When Command Prompt appears, click it.
 i. In the command prompt window, type ipconfig and press Enter.
j. In the results, look for IPv4 Address.

k. Record the IP address for handy reference. Note: IP addresses may change from time to time as you
power the VMs on and off.
l. Leave Server2016 running and logged in.

2. Prepare Kali
a. Start the Kali VM
b. Log in as kali with the password of kali
c. In the upper-left find and click the Terminal Emulator icon

d. In the terminal window (command prompt), type ifconfig and press Enter
Note: The Linux command is ifconfig, whereas the Windows command is ipconfig
Linux commands are case-sensitive.
e. Ensure that eth0 is RUNNING and has an IP address similar to Server2016. Record the IP address for
handy reference.
3. Ping Kali from Server2016
a. Switch to Server2016
b. In the command prompt, issue the command to ping Kali’s IP address. For example:

ping 192.168.247.131

4. Ensure that you see replies from Kali’s IP.

5. Shut down Kali. Its power button is in the upper-right corner of the VM.

6. Ping XP-PRO from Server2016

a. Start the XP-PRO VM.
b. Log in as admin / password
c. Click start → All Programs → Run.
d. In the Run line, enter cmd
e. In the command prompt, enter ipconfig.
f. Make note of the IP address.
g. Switch to Server2016 and ping XP-PRO.
Note: If the ping is unsuccessful, in XP-PRO open the Control Panel, then open Windows Firewall.
Verify that the Firewall is turned off and try to ping again.
h. Turn off XP-PRO.
i. Click Start → Turn Off Computer

7. Ping W2K from Server2016.

a. Start the W2K VM.
If the VM reports any errors, click OK.
Note: this OS is much older and may not perform as well as the other VMs.
b. Log on as karen / carrot
c. Click Start → Run
 d. Enter cmd
e. In the command prompt, enter ipconfig and record the IP address.
f. Switch to Server2016 and ping W2K.
g. Shut down W2K
i. Start → Shutdown → Shutdown

8. Ping bee-box from Server2016

a. Start the bee-box VM
Note: you should be logged in automatically. If prompted, log in as bee / bug.
b. In the upper left of the VM, click System → Preferences → Keyboard

c. In the Layouts tab, ensure that the Keyboard model is set to Generic 101-key PC
d. If necessary, add a USA layout:
i. Click Add
ii. Set Layouts to USA with Variants at Default, and click Add

e. Ensure that USA is selected as the Default and click Close

 f. In the upper left of the VM, click the Terminal icon
g. In the terminal window, enter ifconfig and make note of the IP address.
h. Switch to Server2016 and ping bee-box
i. Shut down bee-box. Its power button is in the upper right corner.

Test Custom Network Connectivity

The Custom Network reconfigures the VMs into the following arrangement:

• Used in Pivoting Activities 6.18.1 and 6.18.2

• W2K acts as a firewall between VMnet2 and VMnet3
• All machines on VMnet3 should be able to ping each other, the firewall, and Kali
• Kali should be about to ping the outside interface of the firewall, but none of the machines on VMnet3

Note: Linux will continue to ping until you press Ctrl+c to stop it.

1. Ensure all VMs are shut down.

2. In the Settings of each VM, disable the NAT network interface and enable the Custom network interface.
3. Click OK.
Note: W2K has two Custom NICs. Enable them both.
Note: Do not perform this procedure on bee-box. It does not have a Custom NIC 😉
 4. Turn on all VMs except for bee-box.
5. Log into Server2016.
6. Ensure that Server2016 can ping:
• 10.10.10.1
• 10.10.10.11
• 10.10.10.12
• 172.16.0.200
7. Switch to Kali.
8. Ensure that Kali can ping 172.16.0.100, but nothing else. Note: Press Ctrl+c to stop Kali from pinging.

Suspending the VMs

To save resources on your Host PC, you can either shut down or suspend VMs you do not need at the moment.

1. To suspend a VM, in the upper-left of the VM click the Suspend guest button
2. When prompted, click Yes. The VM will go into suspended (paused) mode, and its window will close. It
will stop using resources until you resume it.
3. To resume the VM:
a. Open VMware Workstation Player.
b. Select the VM and verify that its State: is Suspended.
c. Click Play virtual machine.
4. Shut down or suspend all of your VMs

Congratulations! Your CEHv12 lab is ready for use.

Troubleshooting
Follow these guides to troubleshoot the most common problems associated with your lab.

VMware Hyper-V Continued Incompatibility

When setting up this lab, you uninstalled and disabled Hyper-V. If VMware still has trouble launching, see this
article for comprehensive steps to resolve the problem:

https://kb.vmware.com/s/article/2146361

Can’t Find the Player Home Button or Library

When you open a VM in Player, the Player Home page disappears from that window. This is normal behavior.
You will have to open another instance of Player to open access the Home page and/or open another VM. You
can do any of the following:

• Locate and double-click the VMware Workstation Player launcher icon on your desktop
• On the Taskbar, locate the icon of a running VM. Right-click the icon → VMware Workstation 17 Player.
• Launch VMware Workstation Player from the Start menu.

When Downloading Files, You’re Prompted to Update Your Browser

When downloading files for this lab, it is popular to press Ctrl+C on a link in this Setup Guide to automatically
open a browser to that site. Sometimes it may lead you to a page that says your browser is out of date. While it
is possible that you need to update your browser, it is more likely that you do not need to. In some cases,
malware might even lead you to a malicious download.

To get around this issue, copy / paste the download link directly into a browser, rather than just clicking on it.

Mouse Keeps Getting Trapped in a VM

This happens because some of the VMs don’t accept VMware tools.

• If your mouse gets trapped in a VM, press Ctrl+Alt to release it.

You must click an object multiple times in a VM before it opens, or before you can type
As you switch back and forth between VMs, or between a VM and your Host PC, it’s easy to lose track of which
window has focus.

• Click into the desired VM once before attempting to select anything inside of it.
• If you are trying to type a command in the VM, click inside its command prompt before typing.

How to Shut Down or Reboot Metasploitable

There may be times when it becomes necessary to shut down or restart Metasploitable. This can especially
happen if you have performed an exploit against the VM.

• Command to shut down: sudo init 0

• Command to reboot: sudo init 6

1. When prompted for the password, enter msfadmin

2. Allow the VM to finish the shutdown / restart process.

VMware Player prompts you to Take Ownership of a VM

This happens when you already have the VM running in another window, or when the VM is in a suspended
state and you are trying to open another instance of it.

• Check your Host PC Taskbar carefully for other running instances of that VM.
• Be sure to only open one instance of each VM.

Virtual Machine does not start

This happens when:

• The VM is already running and you try to open it again

• The VM’s files were copied while they were still locked
• Your Host PC has run out of resources

Symptoms:

• Your virtual machine does not start.

• You cannot boot your virtual machine.
• You see one of these errors:
o Cannot open the disk or one of the snapshot disks it depends on.
o Failed to lock the file.
o The virtual machine is already powered on.

To fix the problem:

1. Ensure that the VM is not already running.

2. Navigate into the VM folder.
3. Delete any file or folder that has a .lck extension.
4. Start up the VM.
5. Also consider suspending/shutting down VMs you do not need at that moment.
Virtual Machine Freezes / Becomes Unresponsive
Occasionally, VMware Player may lose its connection to a running virtual machine.

1. If the VM does not respond at all, simply close its window. If necessary, use Task Manager on your Host
PC to close a VM window.
2. If prompted to shut down, allow Player to shut the machine down.
3. Reopen / run the machine again in Player.

Problems Resizing bee-box VM

When you start bee-box, you often see VMware Player’s Menu Bar overlaid on top of the bee-box Menu Bar:

1. Drag the corners of the VM to make it smaller.

2. Ensure that the Player menu bar is now it is proper place:

3. You should now be able to toggle the VM normally between Minimize, Resize, and Close.

Bee-box Displays Strange or Unexpected Characters When You Type

Bee-box uses a Belgian keyboard by default. During setup, you changed the default Keyboard Indicator to USA.
Unfortunately, you may still get strange or unexpected characters when you type.

• To fix the problem, locate the Keyboard Indicator button in the center of the desktop Menu Bar.
• Toggle it from USA to Bel (or back) as needed.
W2K Evaluation Period Expires
Unfortunately, the Windows 2000 evaluation period cannot be extended. You will have to obtain a new W2k VM
every 180 days. Follow these steps to determine when the evaluation period will expire:

1. At the W2k desktop, click Start → Run.

2. In the Run line, type winver and press Enter.
3. In the About Windows popup window, locate and examine the Evaluation copy expiration date.
4. Close the About Windows window.

Extend Activation Period for Server2016

You can extend the 180-day activation period for Windows Server 2016 evaluation copy up to six times, for a
total of 3 years (180 days * 6 = 3 years).

Note: Wait until the Windows License is expired or near expiration before reactivating.

1. In Server2016, click the Start window and then start typing Command Prompt.
2. In the Best match results, right-click Command Prompt → Run as administrator.
3. In the Command Prompt, enter the following to verify when the current license will expire:
slmgr /xpr

4. Enter the following to rearm the license to run for another 180 days:

slmgr /rearm

5. Enter the following to determine how many rearm counts you have left:

slmgr /dlv

6. Close the Command Prompt.

Alternate Tools Download Sites
The tools in CEHv12-Host-PC-Tools.exe can also be obtained from their original sources. Be sure to disable any
antivirus or real-time protection before you download these tools. Some browsers might disallow downloading
some of the more dangerous tools.

At the time of this writing, the Opera browser still allows downloading anything.

• 7-zip
https://www.7-zip.org/a/7z2107-x64.exe

• Angry IP Scanner
https://github.com/angryip/ipscan/releases/download/3.8.2/ipscan-3.8.2-setup.exe

• Bluestacks 5
https://www.bluestacks.com/download.html

• eMailTrackerPro
https://download.cnet.com/eMailTrackerPro/3001-2382_4-10907499.html

• Google Chrome 64-bit Standalone Installer

https://archive.org/details/chrome-standalone-setup-64_202205

• HTTrack
https://www.httrack.com/page/2/en/index.html

• ID Serve
https://www.grc.com/files/idserve.exe

• Java runtime environment 8u331

https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html#license-
lightbox

• JetBrains DotPeek
https://www.jetbrains.com/decompiler/download/download-thanks.html?platform=windowsWeb

• .NET Framework 3.5

https://www.microsoft.com/en-US/download/confirmation.aspx?id=21

• .NET Framework 4.8

https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net48-web-installer

• Nmap for Windows

(Note: Be sure to obtain both Nmap-7.92-setup.exe AND npcap-1.60.exe)
https://nmap.org/download.html#windows

• Notepad++
 https://github.com/notepad-plus-plus/notepad-plus-
plus/releases/download/v8.5.4/npp.8.5.4.Installer.x64.exe

• PuTTY
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

• QuickStego
https://download.cnet.com/QuickStego/3000-2092_4-75593140.html

• Web Data Extractor 8.3

http://www.webextractor.com/download.htm

• Wireshark (Windows Installer 64 bit)

https://www.wireshark.org/download.html

• FOCA 3.0
https://archive.org/details/foca_20230723

~ finish ~