CompTIA PenTest+ Lab Setup Guide

Before You Begin

Penetration testing is a rich, complex discipline. This setup guide will give you a similar environment to
what is used for demonstration in the lessons..

WARNING
As you go through the activities, please keep the following in mind:

 You will be using hacking tools! BE SURE to back up your computer before you start!
 The IP addresses of your virtual machines are likely to be different from those shown in the
video or this setup guide. They are also likely to change from day to day. Use a separate piece of
paper/document to record IP addresses for handy reference during the activities. You will
probably have to update it from time to time.

VM Logins Quick Reference

Use this table as a quick reference for the various logins.

Computer Name Username Password

Metasploit Pro GUI admin Pa22w0rd
Kali 2018.3 root toor
Server 2003 administrator Pa22w0rd
XP-SP2 hacker letmein
Metasploitable msfadmin msfadmin
Server 2016 Administrator Pa22w0rd
DC1 Administrator Pa22w0rd
Kioptrix 1 <unknown> <unknown>
Thunderbird <yourname>@example.com 1Password

Objectives
When you are through setting up your lab, you will have the following:

 On your host computer:

o Internet access
o No Hyper-V
o Folders
 C:\Support Tools
 C:\Operating Systems
 C:\Hacking Tools
o Exception in your antivirus for C:\Hacking Tools
o Disabled antivirus
o Disabled firewall
 o VMWare Workstation 15 Player
o Opera browser
o PDF reader
o 7zip
o Wireshark 2.6.0 for Windows
o Microsoft Baseline Security Analyzer (MBSA) 2.3
o Netcut
 Server 2016:
o Windows Server 2016
o Adminstrator password: Pa22w0rd
o Name: Server2016
o IIS
o Windows Defender Firewall and Antivirus disabled
o MailEnable Email Server
o Mozilla Thunderbird email client
o Low Orbit Ion Cannon (LOIC)
o Wireshark
o FOCA 3.0 Free
o L0phtCrack 7 (Win 64)
 DC1:
o Windows Server 2016
o Administrator password: Pa22w0rd
o Name: DC1.example.com
o IP address hard-coded to x.x.x.10
o Active Directory Domain example.com
o DHCP (not configured and unauthorized)
o DNS with added records
o IIS FTP Server
o Windows Defender Firewall Disabled
o Mozilla Thunderbird Client
o Wireshark 2.6.0 for Windows
 Server 2003:
o Default installation
o Administrator password: Pa22w0rd
 XP Pro SP2
o Windows XP Professional with Service Pack 2
o Username / password = hacker / letmein
o Internet Explorer 7
o Cain and Abel
 Windows XP PRO SP2
 Kali Linux 2018.3
o Download 1000 most common passwords file
o Download scripts
o Metasploit Pro Trial
 o Mozilla Thunderbird email client
 Kali 2
 Metasploitable
 Kioptrix Level 1

Prepare Your Host Computer

Your host computer is a PC or laptop that meets the minimum hardware requirements listed in the Pre-
requisites section of this setup guide.

Pre-requisites
In order to reproduce the lab environment used during the course, you will need a desktop or laptop
host computer with the following MINIMUM hardware and software:

 64-bit 2.6 GHz Dual Core CPU (4 or more cores preferred)

 16 GB RAM (32 GB preferred)
 100 GB free disk space (Solid State Drive preferred)
 DVD drive
 (2) USB 2.0 ports
 Wireless network adapter
 Internet access
 Motherboard with Intel (R) Virtualization Technology and Intel (R) VT-d feature enabled in the
BIOS. Refer to your manufacturer documentation on how to do this. Please note that not all
computers support virtualization.
 64-bit Windows 7, 8, or 10 Professional, or Server 2008, 2012, or 2016.
 Hyper-V uninstalled in Windows

Note: You can, of course, modify the setup to suit your particular environment. For example, you could
install all host software onto another virtual machine, or use a different virtualization product. You could
also use physical computers that are networked, rather than virtual machines.

Uninstall Hyper-V
If you have never installed Hyper-V on your host, you can skip this task. If Hyper-V is installed on your
host, you will not only have to remove it in the Control Panel, you will also have to run a command to
disable an unremovable artifact so it does not interfere with VMware.

1. Open the Control Panel.

2. Under Programs, click Uninstall a program.
3. Click Turn Windows features on or off
4. Locate and expand Hyper-V. Make sure all Hyper-V subfeatures are unchecked. Note: Hyper-
V checkboxes might not fully clear, even though you have unchecked them.
 5. Click OK.
6. Close the Control Panel.
7. Open a command prompt. Click Start  Command Prompt
8. Right-click Command Prompt  Run as administrator
9. Type the following command and press Enter:

bcdedit /set hypervisorlaunchtype off

10. If prompted, reboot.

Host Has Wi-Fi Adapter

1. Ensure that your host computer has Wi-Fi connectivity to the Internet.

Disable the Firewall

1. Disable any personal firewall that might be installed on your computer. Refer to the firewall
software manual for the exact procedure.

Create Download Folders

1. On the C: drive of your host, create the following folders for your downloads:

 C:\Support Tools
 C:\Operating Systems
 C:\Hacking Tools
 2. In your antivirus program, create an exemption for C:\Hacking Tools. Refer to your antivirus
software documentation for the exact procedure.

Download Support Tools:

Download the following into C:\Support Tools

 VMWare Workstation 15 Player for Windows (alternatively, VMWare Workstation Pro or Oracle
Virtual Box)
o https://www.vmware.com/products/workstation-player/workstation-player-
evaluation.html
 7zip for 64-bit Windows
o https://www.7-zip.org/a/7z1805-x64.exe
 Opera Browser for Windows
o https://www.opera.com/computer/thanks?ni=stable&os=windows
 Wireshark 2.6.0 for Windows
o https://1.na.dl.wireshark.org/win64/Wireshark-win64-2.6.0.exe
 Microsoft Baseline Security Analyzer (MBSA)
https://www.techspot.com/downloads/3886-microsoft-baseline-security-analyzer.html
 A PDF reader such as Adobe Acrobat Reader or Foxit PDF Reader
o https://www.foxitsoftware.com/downloads/#Foxit-Reader/
o https://get.adobe.com/reader/
 Mozilla Thunderbird for Windows
o https://www.thunderbird.net/en-US/
 MailEnable Standard Edition (Free) Email Server
o http://www.mailenable.com/standard_edition.asp
 Internet Explorer 7
o https://www.microsoft.com/en-us/download/internet-explorer-7-details.aspx
o Note: If you get a warning that Internet Explorer 7 is not compatible with your system,
ignore the warning and select Windows Internet Explorer 7 for Windows Server 2003
SP1 or Windows Server 2003 SP2

Download Operating Systems

Download the following operating systems into C:\Operating Systems:

 Kali 2018.3 VM 64 Bit 7z

o https://images.offensive-security.com/virtual-images/kali-linux-2018.3-vm-amd64.7z
 Windows Server 2016 ISO (licensed or evaluation)
o https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016
Note: You will need to complete a form to download the ISO
 Metasploitable
o https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
o Note: this is actually Metasploitable version 2, but in this lab it will simply be referred to
as Metasploitable.
 Windows XP Pro 32-bit with Service Pack 2
 This is difficult to find, as Microsoft no longer supports There were many versions of XP, and the
lab activities are designed specifically for XP Professional 32-bit with Service Pack 2. XP. Here are
some possible unofficial download sites. Be careful when downloading:
o http://www.downloadfreeios.com/p/download4.html#moreNext
o https://archive.org/details/Microsoft_Windows_XP_Professional_Version_2002_Micros
oft_X08-26176
o https://www.24hourdownload.com/windows-xp/
 Service Pack 2 for XP Pro (WindowsXPKB835935SP2ENU.exe):
o Download and install on your XP VM if you were unable to find a version that already
had Service Pack 2 installed.
o https://windows-xp-service-pack-2.soft32.com/file-download/1236918/?
 Windows Server 2003 Service Pack 2 (32-bit x86) - ISO-9660 CD Image File
o https://www.microsoft.com/en-us/download/details.aspx?id=21700
 Kioptrix Level 1
o http://www.kioptrix.com/dlvm/Kioptrix_Level_1.rar

Download Hacking Tools

Most of the hacking tools you will use in this lab are already installed on Kali Linux. However, there are a
few you will still need.

WARNING: Some of these tools are NOT NICE, and they come from NOT NICE PLACES. Use caution when
downloading. Some of these tools have no “official” website, or ar no longer supported by the vendor. If
the provided link no longer works, you will have to hunt for the tool yourself. Make sure you click the
correct download, as many sites will try to clickbait you into downloading something else. Turn off your
antivirus/antimalware software. Some browsers, such as Chrome and IE, might refuse to download
some tools. If that is the case, use the Opera browser to download the tools.

1. Turn off your antivirus program.

2. Use Opera to download the following tools into C:\Hacking Tools.

 Low Orbit Ion Cannon (LOIC) -- WARNING: Your host antivirus, Google Chrome, and Internet
Explorer might all disallow this download. If you have problems, install the Opera browser on
your host, then temporarily disable your antivirus. Use Opera to download LOIC. Alternatively,
install Opera on your Windows Server 2016 Attacker VM and download LOIC directly to that VM.

https://sourceforge.net/projects/loic/

 Nmap for Windows

https://nmap.org/dist/nmap-7.70-setup.exe

 FOCA 3.0 (Free) for Windows

https://www.softpedia.com/get/Network-Tools/Network-Information/FOCA.shtml#download
 Be very careful not to accidentally click one of the advertisements. They say “download” but are
actually for another product. They are deliberately deceptive and take you to another place.
Make sure you only click the FOCA 3.0 for Windows download button.

 L0phtCrack 7 (Win64)
http://lc7.download/win64/

 ProRat v1.9 or later

https://prorat.software.informer.com/download/

Note: This tool is hard to find. Because it is a Trojan, any antivirus will mark it as infected. If
necessary, download it directly using Opera onto Server 2016 VM with Windows Defender
disabled. Then copy to XP-SP2 VM.

 Netcut
http://www.arcai.com/download_netcut/

 Cain & Abel v4.9.56 for Windows NT/2000/XP

http://www.oxid.it/downloads/ca_setup.exe

Install VMware Workstation Player 15

Note: as an alternative, you can use other virtualization software such as VMWare or Hyper-V.
Additionally, you can use networked physical computers instead of virtual machines.

1. On your host PC or laptop, locate and double-click the VMWare Workstation Player installer that
you downloaded. The name will be something like VMware-player-15.0.0-10134415.exe
2. On the setup welcome page, click Next.
3. On the End User License Agreement page, check the I accept the terms in the License
Agreement checkbox and click Next.
4. On the next Custom Setup page accept the defaults and click Next.
5. On the User Experience Settings page, uncheck the two check boxes and click Next.
6. On the Shortcuts page, accept the defaults and click Next.
7. On the Ready to install WMware Workstation 15 Player page, click Install.
8. When the wizard completes, click Finish.
9. If necessary, open VMware Workstation Player, and if prompted to enter a license key, ensure
that the Use VMware Workstation 15 Player for free for non-commercial use radio button is
checked, click Continue, then click Finish.

Install Additional Software

1. From your C:\Support Tools folder, perform a default installation of the following:
  7zip
 PDF reader
 Opera browser
 Wireshark 2.6.0 for Windows
 Microsoft Baseline Security Analyzer (MBSA) 2.3
2. From your C:\Hacking Tools folder, perform a default installation of the following:
 Netcut

Obtain Additional Hardware (optional)

The following tools and hardware are used in some of the activities in this course. Because of cost, you
can choose to not acquire some of these tools and simply watch the activity video. You do not need to
know how to use or configure these specific tools to pass the exam. However, you DO need to know in
general how they work.

 Blank USB thumb drive any size

 WRT54G Wireless router OR EQUIVALENT
 Alfa AWUS036NHA High Gain Wireless B/G/N USB Adaptor OR EQUIVALENT
 Belkin 802.11n WLAN USB adapter OR EQUIVALENT
 Elechouse Proxmark3 Kit RDV2 Badge Cloner
 ETEKJOY Handheld 10-Frequency RFID NFC Card Reader Writer

Set Up Server2016
You will set up Windows Server 2016 in a workgroup with the following:

 Windows Server 2016

 Name: Server2016
 Administrator password: Pa22w0rd
 Disable Windows Defender Firewall and Realtime Protection
 MailEnable email server with mailboxes and a group
 Mozilla Thunderbird email client
 Low Orbit Ion Cannon (LOIC)
 Wireshark
 FOCA

Install the OS
Note about VMware Player: Unlike the Pro version, VMware Player will not let you manage multiple
VMs from the same dashboard. You can run multiple VMs at the same time, but will have to launch a
separate instance of VMware Workstation Player for every VM you wish to run. Just double-click the
launcher icon from your desktop to launch a separate VM. Do NOT install VMware player more than
once. Just start the launcher for each new VM.
1. Locate the Windows Server 2016 evaluation copy ISO that you downloaded. The name might be
similar to 14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.iso. Keep the
location handy as you will need to refer to it.
2. If necessary, open VMware Workstation Player, and if prompted to enter a license key, ensure
that the Use VMware Workstation 15 Player for free for non-commercial use radio button is
checked, click Continue, then click Finish.
3. In VMware Workstation 15 Player, click Create a New Virtual Machine.
4. In the Welcome to the New Virtual Machine Wizard popup dialog box, under Install from:, click
the I will install the operating system later radio button and click Next.
5. On the Select a Guest Operating System page, ensure that the Microsoft Windows radio button
is selected, and in the Version dropdown box that Windows Server 2016 is selected. If you do
not have that choice, then select Windows 10 x64. Click Next.
6. On the Name the Virtual Machine page, in the Virtual machine name: text box, enter Server
2016 and click Next.
7. On the Specify Disk Capacity page, accept the defaults and click Next.
8. Click Finish.
9. In VMware Workstation Player, ensure that Server 2016 is select. Click Edit virtual machine
settings.
10. Adjust the Memory to 4 GB.
11. Click CD/DVD (SATA), click the Use ISO image file: radio button.
12. Click the Browse… button.
13. Browse to the Windows Server ISO, select it, and click Open.
14. Click OK
15. Click Play virtual machine.
16. When prompted to press any key, click inside the black installation window and press any key.
17. On the Windows Server 2016 page, accept the defaults and click Next.
18. On the next page, click Install now.
19. On the Select the operating system you want to install page, select Windows Server 2016
Standard Evaluation (Desktop Experience) and then click Next.
20. On the Applicable notices and license terms page, check the I accept the license terms
checkbox and click Next.
21. On the Which type of installation do you want? page select Custom: Install Windows only
(advanced).
22. On the Where do you want to install Windows? page, accept the default and click Next.
23. Allow Windows to install.
24. On the Customize settings page, enter and reenter the password Pa22w0rd (that’s a zero, not a
capital O) and click Finish.
25. If applicable, at the bottom of the VM, click Install Tools. In the Software Updates popup dialog
box, click Download and Install. If prompted by User Account Control, click Yes.
 26. With Server2016 running in VMware, on the menu bar above the VM, click the Ctrl+Alt+Del

button.
27. At the Administrator login prompt, in the password text field, enter Pa22w0rd and press Enter.
28. If you see a message about Networks Do you want to allow your PC to be discoverable… click
Yes.
29. IF you do not see the VMware tools installing, press the Window key + R. In the Run line enter
D:\setup and press Enter. Click through the installation wizard, accepting the defaults. When the
installation is done, restart the server.

Change Server Name

1. When the server reboots, log in.
2. Verify that the Server Manager Dashboard opens. If not, click its launcher on the Task Bar.

3. On the left pane, click Local Server.

4. In the PROPERTIES section, locate Computer name, and click the link (current computer name)
next to it.

5. On the Computer Name tab, click Change…

6. In the Computer name: text field, enter Server2016 and click OK.
7. In the Computer Name/Domain Changes popup dialog box, click OK.
8. Click Close. Restart the virtual machine.

Add IIS
1. In Server Manager, switch to Dashboard.
2. Click Add roles and features.
3. Click Next.
4. Ensure that Role-based or feature-based installation is selected, and click Next.
5. Click Next again.
6. On the Select server roles page, check the Web Server (IIS) checkbox, click Next, click Add
Features, then click Next and Install.
7. If prompted, restart Server 2016 and log in again.
Disable the Firewall and Windows Defender Realtime Protection
1. Click the Start button and enter Command Prompt.
2. Right-click Command Prompt  Run as administrator. When prompted by User Account
Control, click Yes.
3. Type these two commands. Press Enter after each:

netsh advfirewall set allprofiles state off

powershell Set-MpPreference -DisableRealtimeMonitoring $true

4. Close the command prompt.

Install MailEnable Email Server

NOTE: This is not the same email server that is used in the video. This product is actually simpler to use
and is not a trial copy, so you will be able to use it indefinitely.

1. Locate the MailEnable installer you downloaded. It will be named something like
standard1015.exe.
2. Drag and drop it from your host computer to the desktop of Windows Server 2016.
Note: if you are having trouble dragging and dropping, restart Server 2016 and try again.
3. When the installer has copied to the server desktop, double-click it.
4. Click OK.
5. Click Next.
6. On the Get Installation Settings page, in the Name: text box enter your name. In the Company:
text box, enter example.com
7. Click Next 5 times.
8. On the Get Postoffice Details page, in the Post Office Name: text box change the text to the
example.com
9. In the Password: text box, change the default to 1Password and click Next.
10. Click Next.
11. On the SMTP Connector Configuration page, in the Domain Name: text box example.com,
accept the other defaults, and click Next.
12. Click Next and allow the installation to continue.
13. On the Select WebMail Web Root page, ensure that the Configure web mail as an IIS Virtual
Directory checkbox is selected, and that the Web Server: dropdown box shows (Default Web
site) Default Web Site and then click Next.
14. Click Next again.
15. Click Finish.
16. If a browser page opens, close it.

Set Up Mailboxes
1. On the server, click Start.
2. In the M section, expand MailEnable.
3. Click MailEnable.
4. In the MailEnableAdmin console, on the left pane, under MailEnable Management, expand
Messaging Manager  Messaging Manager  Post Offices  example.com
5. Double-click Mailboxes.
6. Verify that you see the Postmaster mailbox.

7. Right-click Mailboxes  New Mailbox

8. In the Mailbox Name: text field enter your first name
9. In the Password: text field enter 1Password
10. In the Mailbox Type: dropdown box, select ADMIN
11. Click OK
12. Verify that you now see your mailbox.
13. Using the previous steps, create another mailbox for Moo. Make that mailbox type a user.
14. Verify that you see both mailboxes.
15. Create additional mailboxes for the following people:
 sally
 sue
 help
 helpdesk
 admin
 administrator

16. Right-click Groups  New Group

17. In the Group Name text box enter managers
18. Click the Add Email button
19. In the Enter Email Name text box, enter managers
 20. Click OK twice.
21. If necessary, expand Groups.
22. Right-click managers  Create New Group Member
23. Enter sally@example.com and click OK.
24. Using the same procedure, also add moo@example.com to the managers group.
25. If necessary, right-click managers  Refresh.
26. Verify that you see moo and sally in the managers group.

27. Minimize MailEnableAdmin. Leave it running.

Install the Mozilla Thunderbird Email Client

Install Thunderbird Email Client
1. Drag and drop the Thunderbird installer from your host to Server2016.
2. Double-click the installer. If prompted by User Account Control, click Yes.
3. If prompted to install the file, click Run.
4. On the Welcome page click Next.
5. Click Next again.
6. Click Install.
7. Click Finish.
8. If you see a System Integration popup dialog box, click Skip Integration.
9. If applicable, on the Welcome to Thunderbird page, select Skip this and use my existing email
button. (NOTE: Not all versions of Thunderbird include this page)

10. On the Mail Account Setup page, enter your name, the email address you created in
MailEnable, and the password you set for the mailbox in MailEnable.

11. Click Continue.

12. In the Authentication Required popup dialog box, click Cancel.
13. In the Set Up an Existing Email Account dialog box, enter information to look like the following.
In the Server hostname section, enter the IP address of Server 2016.
 Note: Your IP addresses may be very different.

14. Click Done.

15. If a Warning page appears, check the I understand the risks checkbox and click Done.
16. In the Thunderbird application, in the upper left on the toolbar, click Write.
17. Create and send a test email to both of the email accounts you created. Notice that each
recipient is listed on its own line.

18. Ensure that you can receive and read the email you sent to yourself.
19. In Thunderbird, on the left pane, select your account.
20. In the middle pane, under Accounts, under Set up an account, click Email.

21. Using the steps you just learned, set up an account for your second user.
22. Verify that you can see both users in Thunderbird, and that they can send email to each other.
Install Low Orbit Ion Cannon
Note: If your host antivirus deletes LOIC, open a browser on the Server attacker machine and download
it directly to the server attacker.

1. Locate LOIC in the host C:\Hacking Tools folder.

2. Drag and drop LOIC to the Server2016 desktop. If necessary, unzip it.
3. This application does not require installation. Just have it handy for later use.

Install Wireshark
1. Locate the Wireshark installer in C:\Support Tools. It will be named something like Wireshark-
win64-2.6.0.exe.
2. Drag and drop it to the Server2016 desktop.
3. Perform a default installation.

Install FOCA
1. Drag and drop FOCA from your host’s C:\Hacking Tools to the Server2016 desktop.
2. Perform a default installation.

Install L0pht 7.0 for Windows

1. Drag and drop the L0pth7 installer from your host C:\Hacking Tools to the Server2016 Desktop.
2. Perform a default installation.

Shut Down Server2016

1. At the desktop, click the Start button.
2. Click the Power icon  Shutdown  Continue.

Create a Backup Copy of Server 2016

1. If necessary, shut down Server2016.
2. On your host, locate the folder for the Server2016 VM. It is likely to be in C:\Users\<your
name>\Documents\Virtual Machines\
3. Make a copy of the folder to another location (such as a removable drive)
Alternatively, if your virtualization software supports it, take a snapshot of this VM that you can
roll back to it at any time during the activities.

Set Up DC1
NOTE: If your mouse ever gets trapped inside a virtual machine, press Ctrl+Alt to release it.

You will install/configure the following:

o Windows Server 2016

o Change the name to DC1
o Hard code the IP address to x.x.x.10
o Active Directory Domain Services
o DHCP
o DNS
o IIS FTP Server
 o Disable Windows Defender Firewall and Realtime protection
o MailEnable Email Server
o Wireshark
o Thunderbird email client

Install the OS
1. Locate the Windows Server 2016 evaluation copy ISO that you downloaded. The name will be
similar to 14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.iso. Keep the
location handy as you will need to refer to it.
2. If necessary, open VMware Workstation Player, and if prompted to enter a license key, ensure
that the Use VMware Workstation 15 Player for free for non-commercial use radio button is
checked, click Continue, then click Finish.
3. In VMware Workstation 15 Player, click Create a New Virtual Machine.
4. In the Welcome to the New Virtual Machine Wizard popup dialog box, under Install from:, click
the I will install the operating system later radio button and click Next.
5. On the Select a Guest Operating System page, ensure that the Microsoft Windows radio button
is selected, and in the Version dropdown box that Windows 10 x64 is selected. Click Next.
6. On the Name the Virtual Machine page, in the Virtual machine name: text box, enter DC1 and
click Next.
7. On the Specify Disk Capacity page, accept the defaults and click Next.
8. Click Finish.
9. In VMware Workstation Player, ensure that DC1 is select. Click Edit virtual machine settings.
10. Adjust the Memory to 4 GB.
11. Click CD/DVD (SATA), click the Use ISO image file: radio button.
12. Click the Browse… button.
13. Browse to the Windows Server ISO, select it, and click Open.
14. Click OK
15. Click Play virtual machine.
16. When prompted to press any key, click inside the black installation window and press any key.
17. On the Windows Server 2016 page, accept the defaults and click Next.
18. On the next page, click Install now.
19. On the Select the operating system you want to install page, select Windows Server 2016
Standard Evaluation (Desktop Experience) and then click Next.
20. On the Applicable notices and license terms page, check the I accept the license terms
checkbox and click Next.
21. On the Which type of installation do you want? page select Custom: Install Windows only
(advanced).
22. On the Where do you want to install Windows? page, accept the default and click Next.
23. Allow Windows to install.
24. On the Customize settings page, enter and reenter the password Pa22w0rd and click Finish.
25. If applicable, at the bottom of the VM, click Install Tools. In the Software Updates popup dialog
box, click Download and Install. If prompted by User Account Control, click Yes.
26. With Server2016 running in VMware, on the menu bar above the VM, click the Ctrl+Alt+Del

button .
 27. At the Administrator login prompt, in the password text field, enter Pa22w0rd and press Enter.
28. If you see a message about Networks Do you want to allow your PC to be discoverable… click
Yes.
29. IF you do not see the VMware tools installing, press the Window key + R. In the Run line enter
D:\setup and press Enter. Click through the installation wizard, accepting the defaults. When the
installation is done, restart the server.

Change Server Name

1. When the server reboots, log in as administrator / Pa22w0rd.
2. Verify that the Server Manager Dashboard opens. If not, click its launcher on the Task Bar

. If you do not see the launcher, click Start and search for Server Manager.
3. On the left pane, click Local Server.
4. In the PROPERTIES section, locate Computer name, and click the link (current computer name)
next to it.

5. On the Computer Name tab, click Change…

6. In the Computer name: text field, enter DC1 and click OK.
7. In the Computer Name/Domain Changes popup dialog box, click OK.
8. Click Close.

Click Restart Later.

Hard Code IP Address

1. Click Start and search for command prompt.
2. At the command prompt, enter:

ipconfig

3. Make note of the first three octets (subnet ID) of the IP address (for example, 192.168.98.) Also
make note of the Subnet Mask and Default Gateway.

4. Switch to Server Manager.

5. In the Server Manager > Local Server PROPERTIES section, locate your Ethernet adapter and
then click the link next to it.

Note: Your Ethernet adapter might be named Ethernet0 or similar.

6. In the Network Connections dialog box, double-click Ethernet.

7. In the Ethernet Status popup dialog box, click Properties
8. In the Ethernet Properties popup dialog box, locate and double-click Internet Protocol Version
(TCP/IPv4) Click the actual wording, DO NOT check its checkbox!
9. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, in the General tab, click the
Use the following IP address: radio button.
10. In the IP address: field, enter the IP address you previously recorded, but change the last octet
to 10. Enter the Subnet mask and Default Gateway you previously recorded. Change the
Preferred DNS to be the same as the IP address. Your results should be similar to this:
 11. Click OK twice, then click Close.
12. Restart the server by clicking Start, then clicking the power symbol, then clicking Restart. Click
Continue.

Install Active Directory, DNS, DHCP, IIS, and FTP

1. When the server restarts, log in.
2. Verify that you can drag and drop a file between your host desktop and the DC1 desktop. If you
can’t, reinstall VMware tools.
3. Wait for Server Manager to open.
4. In the Server Manager Dashboard, under Configure this local server, click Add roles and
features.
5. On the Before you begin page, click Next.
6. On the Select installation type page, click Next.
7. On the Select destination server page, click Next.
8. On the Select server roles page, check the Active Directory Domain Services checkbox.
9. In the Add features that are required popup dialog box, click Add Features.
10. Repeat the process to also install the DHCP Server, DNS Server, and Web Server (IIS) roles.
11. Click Next.
12. On the Web Server Role (IIS) page, click Next.
13. On the Select role services page, scroll down and click the FTP Server checkbox.
 14. Click Next and then click Install.
15. Wait for the installation to finish. It will take several minutes. While waiting, you can proceed to
another task.
16. When the installation is complete, click Close.
17. Leave Windows Server 2016 running.

Configure Active Directory

1. In Server Manager, on the left side navigation pane, click AD DS.
2. On the Menu bar at the top right, locate the Notifications (flag) icon and click the yellow
notification triangle next to it.
3. In the popup dialog box, locate and click Promote this server to a domain controller.

4. On the Deployment Configuration page, click the Add a new forest radio button.
5. In the Root domain name: text box, enter example.com
 6. Click Next.
7. On the Domain Controller Options page, in the Password: and Confirm password: text boxes,
enter Pa22w0rd
8. Click Next four times, ignoring any warnings, then click Install
9. Allow the installation to complete. The server will reboot automatically.
10. Log into DC1 as EXAMPLE\Administrator with the password of Pa22w0rd

Configure the Default Domain Policy

1. Switch to Server Manager.
2. On the Menu bar at the top right, click ToolsGroup Policy Management.

3. In the left pane, expand Forest: example.com until you see the Default Domain Policy
4. Right-click Default Domain PolicyEdit
5. In the Group Policy Management Editor, expand Computer ConfigurationPoliciesWindows
SettingsSecurity SettingsAccount PoliciesPassword Policies.

6. In the Policy pane on the right, double-click Enforce password history.

7. In the Do not keep password history field, change the setting to 0 and click OK.
8. Similarly, set the Maximum and Minimum password age to 0.
9. Set the Minimum password length to 4 characters.
10. Set the Password must meet complexity requirements to Disabled.
11. Set the Store passwords using reversible encryption to Enabled.
 12. Close the Group Policy Management Editor.

Add DNS Records

NOTE: Your

1. Return to Server Manager Dashboard.

2. On the left pane, locate and click DNS.
3. In the Servers middle pane, right-click DC1DNS Manager.
4. Expand DC1.example.comForward Lookup Zonesexample.com.
5. Right-click example.comNew Host (A or AAAA).
6. In the New Host popup dialog box, in the Name field, enter www
7. In the IP address field, enter the IP address of DC1.
8. Click Add Host.
9. Click OK.
10. Similarly, add an A record for mail with the IP address 192.168.98.157.
11. Similarly, add an A record for db1 with the IP address 192.168.98.156.
12. Click Done.
13. Verify that your example.com DNS records look similar to this:
 14. Close DNS Manager.

Disable the Firewall and Windows Defender Realtime Protection

1. Click the Start button and enter Command Prompt.
2. Right-click Command Prompt  Run as administrator. When prompted by User Account
Control, click Yes.
3. Type these two commands. Press Enter after each:

netsh advfirewall set allprofiles state off

powershell Set-MpPreference -DisableRealtimeMonitoring $true

4. Close the command prompt.

Install the Mozilla Thunderbird Email Client

1. If necessary, switch to your host and start the Server2016 VM. You will need this running as this
is the email server.
2. On DC1, using the same procedure you used for Server2016, install Thunderbird and set it up for
you and Moo. Keep in mind that the email server is Server 2016, not DC1.
3. Ensure that you and Moo can send and receive email to each other.

Install Wireshark
1. Locate your download of Wireshark on the host.
2. Drag and drop it from your host to the DC1 desktop
3. Install it with default settings.

Shut Down DC1

3. At the desktop, click the Start button.
4. Click the Power icon  Shutdown  Continue.
Create a Backup Copy of Server 2016
1. Using the same procedure you used for Server2016, make a backup copy of DC1.

Set Up Windows Server 2003

You will create a default install of Server 2003.

Install the OS
1. Using the same technique you used to install Server2016, create a default Server 2003 VM with
these settings:

 The Guest Operating System is Windows Server 2003 Enterprise Edition

 Computer name = Server2003
 Administrator password = Pa22w0rd
 Do not install any other services or software

Warning: There have been reports of VMware tools not installing properly on Windows Server
2003, or if they install, then suddenly the mouse does not work in Windows 2003. If that is the
case, you can ignore the problem. HOWEVER, be sure to choose “I will install the operating
system later” in the New Virtual Machine Wizard. This bypasses VMware installing the tools,
thus allowing the mouse to function.

Shut Down Server 2003

1. At the desktop, click Start  Shut Down.
2. In the Shut Down Windows dialog box, in the Comment field, enter any text you like and click
OK.

Create a Backup Copy of Server2003

1. Using the same procedure you used for the other VMs, make a backup copy of Server2003.

Set Up Windows XP PRO SP2

Install the OS
1. Using the same technique when you created the Server VMs, create a new virtual machine for
Windows XP Professional 32-bit with the following settings:
 Default settings
 (If prompted) Computer Name = XP-PRO
 Username / password = hacker / letmein
 Help protect your PC = Not right now
2. When the installation is complete, click StartRun
3. At the Run line, enter winver
4. Check to see the version of XP. It should be Version 5.1 with Service Pack 2 installed.
 5. If it does not have Service Pack 2, then if necessary download the Service Pack 2 installer
(WindowsXPKB835935SP2ENU.exe) on your host, drag and drop it to the XP desktop, and
perform a default install.

Install Internet Explorer 7

1. Copy Internet Explorer 7 from your host C:\Support Tools to the XP Pro desktop
2. Perform a default installation of IE7.

Install Cain & Abel

1. Copy Cain & Abel from your host C:\Hacking Tools folder to the XP Pro desktop.
2. Perform a default installation of Cain & Abel.

Install ProRAT v1.9

1. Copy ProRAT v1.9 from your host C:\Hacking Tools to the XP Pro desktop.
2. Perform a default installation.

Shut Down XP
1. From the desktop, click Start  Turn Off Computer  Turn Off.

Create a Backup Copy of XP Pro

Using the same procedure you used for the other VMs, make a backup copy of XP Pro.

Set Up Kali 2018.3

Install the OS
1. Locate the downloaded Kali 2018.3 VM zip file.
2. Use 7zip to unzip the VM.
 3. Open a new instance of VMware Workstation Player.
4. Click Open a Virtual Machine.
5. Browse to Kali-Linux-2018.3-vm-adm64.vmx, select it, and click Open.

6. Click Play virtual machine to start Kali.

7. If prompted, click I Copied It.
8. When Kali starts, log in with the username root and password toor
Note: If you do not see the login dialog box, click the login page and press the spacebar.

Download the 1000 Most Common Passwords text file

1. At the Kali desktop, on the Favorits (Launcher) bar on the left, click the Firefox launcher

2. Open a new page to the following site. You can also conduct a Google search for 1000 most
common passwords rather than typing in the URL. Just be sure to go to this site.

https://github.com/DavidWittman/wpxmlrpcbrute/blob/master/wordlists/1000-most-common-
passwords.txt

3. On the Github page, click the Raw button.

4. When the raw page opens, right-click anywhere in the white space of the page  Save Page
As.
5. In the breadcrumb trail at the top, click root, change the name to
1000_most_common_passwords, click the plain text document button, then click Save.
6. Verify that you have the file. On the Kali desktop, on the left side tool pane, click the Files

icon.
7. On the breadcrumb trail, if necessary, click Home. Make sure you see the file there.
Copy Scripts to Desktop
1. Using Kali’s Firefox, download the following scripts from the course files to the Kali Desktop:
 pingsweep.sh
 pingsweep2.sh
 simplescan.sh
 simplescan2.sh
 portscan.sh
 nmap_scanner.sh
Note: If you accidentally saved the scripts to the Downloads folder, use steps from the previous
task to help you navigate to the Downloads folder and copy the files to the Desktop.
2. Verify that you see the scripts on the Kali desktop.

Edit the Scripts to Match Your Subnet ID

1. On the Desktop, open a terminal window and enter

ifconfig

2. Make note of the IP address.

3. On the Desktop, locate pingsweep.sh and double-click it.
4. In the popup dialog box, select Display.
 5. When the script opens, locate and change the subnet ID to match what is being used in your lab.

6. Click Save and close the file.

7. Repeat the process for the other scripts. Please note that simplescan.sh and simplescan2.sh
should have the IP address of DC1. nmap_scanner.sh will not have any IP addresses in it.

Alternative - Create the Scripts

Alternatively, create new script files on Kali. Use a text editor to copy/paste the following content into
new script files. If necessary, change the subnet ID to match what is used in your lab.

Note: You should be able to copy/paste from this document to Kali.

Create pingsweep.sh
1. On the Kali desktop, open Leafpad by clicking its launcher icon from the Favorites (Launcher) bar

on the left.
2. Copy or type the following content (between the lines) into a new blank text file in Kali. Change
the IP address to match your subnet ID if necessary. Your results should look similar to this:
 3. Save the file as pingsweep.sh on the Kali desktop.

--------- Pingsweep - Copy code below this line ---------------------------

#!/bin/bash

for ip in $(seq 1 254);

do
ping -c 1 192.168.75.$ip
done

----------- End Pingsweep - do not include this line -------------------------------

Create pingsweep2.sh
1. On Kali, open Leafpad
2. Copy or type the following content (between the lines) into a new blank text file in Kali
 3. Save the file as pingsweep2.sh on the Kali desktop

--------- Pingsweep2 - Copy code below this line ---------------------------

#!/bin/bash

for ip in $(seq 1 254); do

ping -c 1 192.168.75.$ip | grep "bytes from" | cut -d ":" -f 1 &
done

----------- End Pingsweep2 - do not include this line -------------------------------

Create simplescan.sh
1. On Kali, open Leafpad
2. Copy or type the following content (between the lines) into a new blank text file in Kali
3. Save the file as simplescan.sh on the Kali desktop

--------- Simplescan - Copy code below this line ---------------------------

#!/bin/bash

for port in {80..81};

do
echo >/dev/tcp/192.168.75.10/$port &&
echo "Port $port is open" ||
echo "Port $port is closed"

done

----------- End Simplescan - do not include this line -------------------------------

Create simplescan2.sh
1. On Kali, open Leafpad
2. Copy or type the following content (between the lines) into a new blank text file in Kali
3. Save the file as simplescan2.sh on the Kali desktop

--------- Simplescan2 - Copy code below this line ---------------------------

#!/bin/bash

for port in {1..3389};

do
(echo >/dev/tcp/192.168.75.10/$port) > /dev/null 2>&1 &&
echo "$port open"

done

----------- End Simplescan2 - do not include this line -------------------------------

Create portscan2.sh
1. On Kali, open Leafpad
2. Copy or type the following content (between the lines) into a new blank text file in Kali
3. Save the file as portscan.sh on the Kali desktop

--------- Portscan - Copy code below this line ---------------------------

#!/bin/bash

# This script scans ports for 192.168.75.10-12

# Usage: portscan.sh <first port> <last port>

firstport=$1
lastport=$2

for ((ip=10; ip<=12; ip++))

do

echo "Open ports on 192.168.75.$ip: "

for ((port=$firstport; port<=$lastport; port++))

do

(echo >/dev/tcp/192.168.75.$ip/$port) > /dev/null 2>&1 &&

echo "$port open"

done

done

----------- End Portscan - do not include this line -------------------------------

Create nmap_scanner.sh
1. On Kali, open Leafpad
2. Copy or type the following content (between the lines) into a new blank text file in Kali
3. Save the file as nmap_scanner.sh on the Kali desktop

--------- Nmap_scanner - Copy code below this line ---------------------------

#!/bin/bash

echo "Start IP:"

read FirstIP

echo "Last IP:"

read LastIP

echo "Port:"
read port

nmap -sS $FirstIP- $LastIP -p $port

----------- End Nmap_scanner - do not include this line -------------------------------

Install Metasploit Pro Trial

1. On the Kali desktop, open Firefox.

2. Download Metasploit Pro Trial for Linux from:
https://www.rapid7.com/products/metasploit/download/pro/

You will have to register using a real business email address, not a Gmail/Yahoo/Hotmail
webmail address. The trial is good for only 14 days, but you can keep requesting a new trial key
indefinitely.

3. Perform a default installation. Set the username / password = admin / Pa22w0rd

4. Verify that the install was successful. If necessary, on Kali open a Firefox browser page to
localhost:3790. Log in as admin / Pa22w0rd

Install Thunderbird
1. Ensure that Server2016 is running, as this is the email server.
2. Ensure that you know the IP address of Server2016.
3. Open an terminal and enter:

apt install thunderbird

 4. If prompted during install, press Y
5. Launch Thunderbird. At the top left, above the Desktop, click ApplicationsUsual
ApplicationsInternetThunderbird.

Alternatively, on the left pane Favorites Launcher bar, click the terminal icon to open a
terminal, type thunderbird and press Enter. (Note: if you use this method, do not close the
terminal window until you are ready to close Thunderbird!)
6. Set up Thunderbird for the user Moo using the same method you used in Server2016.

Shut Down Kali

1. Make sure you are logged in as root / toor.
2. In the upper right corner above the desktop, click the power button icon.
3. In the dropdown box, click the power button icon again.

4. When prompted, select Power Off.

Create TWO Copies of Kali

1. Using the same procedure as the other VMs, create TWO copies of Kali.
2. Rename one of the copies Kali 2
Set Up Kali 2
You will launch a duplicate Kali machine.

Install the OS
1. Use VMware Workstation Player to open Kali 2.
2. Log in as root / toor
3. Open and terminal and enter ifconfig
4. Ensure that the IP address is different from Kali. If it is not, restart Kali 2 and check again.
5. In VMware, right-click the new Kali and rename it to Kali 2.
Note: you do not have to worry about changing the computer name for Kali. Linux does not use
NetBIOS names, so duplicate names are not an issue like they are with Windows computers.

Shut Down Kali 2

1. Using the same procedure you used to shut down Kali, shut down Kali 2.

Set Up Metasploitable
Install the OS
1. Using the same procedure you used for Kali, use VMware Workstation Player to open the
Metasploitable VM.
2. Log in as msfadmin / msfadmin
3. There is no GUI. Verify that Metasploitable obtained a lease by entering ifconfig

Shut Down Metasploitable

1. Make sure you are logged in as msfadmin / msfadmin
2. Enter sudo init 0
3. When prompted, enter the password msfadmin
4. All the shutdown to proceed. When the last message says “System halted”, press Ctrl+Alt to
release your mouse.
5. In VMware Player, click PlayerPowerShut Down Guest.
6. When prompted, click Yes.

Create a Backup Copy of Metasploitable

Using the same procedure you used for the other VMs, make a backup copy of Metasploitable.

Set Up Kioptrix Level 1

Install the OS
1. On your host, use 7zip to unzip the Kioptrix download.
 2. Open the VM in VMware. If prompted to download updates, click Remind me later.

Shut Down Kioptrix

1. Note: You do not know the username and password for Kioptrix. This is by design. To shut down
the machine, you will have to be rude.
2. In VMware, click PlayerPowerShut Down Guest.
3. When prompted, click Yes.

Create a Backup Copy of Kioptrix

Using the same procedure you used for the other VMs, make a backup copy of Kioptrix.

Troubleshooting
Here are some troubleshooting steps you can use if you encounter specific difficulties during setup.

Mouse trapped in VMware

If your mouse gets trapped in a VMware virtual machine, press Ctrl+Alt to release it

Chrome and Internet Explorer Refuse to Download Hacking Tools

Even with your antivirus program turned off, Google Chrome and Microsoft Internet Explorer may refuse
to download some of these hacking tools, especially LOIC and HOIC. If this happens, use Opera.

Uninstalling Hyper-V
Microsoft Hyper-V is not compatible with other virtualization products such as VMware or VirtualBox.
Additionally, when you uninstall Hyper-V, it will still leave an artifact of itself in the computer’s boot
record which you will need to remove manually.

If you uninstall Hyper-V and you still get an error message when you try to launch VMware Workstation
Player, perform this task:

1. Open a command prompt in administrator mode

2. Enter the following command:

bcdedit /set hypervisorlaunchtype off

3. Reboot the computer.

Specifying the Alternate Source Path When Installing Windows Roles

Although Windows loads most source files onto the hard drive during installation, to save space some
are left on the source DVD. When installing some of the less popular features, such as .NET 3.5, you
might have to point to that DVD as an alternate source during installation.

1. As you specify roles and features, if you are prompted “Do you need to specify an alternate
path?...” click the Specify an alternate source path link at the bottom of the page.
2. Leave the installation windows open. Temporarily navigate to the Task Bar and click the File
Explorer icon at the bottom. In the This PC popup window, identify the drive letter for the DVD
Drive. It is most likely D: Ensure that the ISO you connected to the VM (to install the server)
appears as a DVD.
 3. Return to the Add Roles and Features window.
4. In the Path: text box, enter D:\Sources\sxs\
5. Note: If your DVD is some other drive letter, substitute D with that letter.
6. Click OK, Next, or Install as prompted

Drag and Drop Between Host and Guests Does Not Work
If you installed VMware tools on your Guest VMs, you should be able to drag and drop between your
host and the Guest (at least Windows guests). If this does not work, then use any of these alternate
methods to move the files:

Use a USB Removable Drive to Move the Files

1. Plug a USB removable drive into your host.
2. If a popup message appears asking you to choose where you would like to connect the disk,
select Connect to the host and click OK.
3. Copy the necessary files for that activity from C:\Hacking onto the USB drive. If you have enough
space, copy the entire folder to the drive.
4. Switch to VMware Player for whichever VM needs the tools.
5. Click PlayerRemovable Devices<name of the disk>Connect (disconnect from host).
6. Click OK.
7. In the guest VM, in the File Explorer, check to make sure the drive appears.
8. Proceed to copy the files to the guest desktop.

Share the C:\Hacking Tools Folder

1. On your host, navigate to C:
2. Right-click Hacking ToolsProperties
3. Click the Sharing tab
4. Click the Advanced Sharing button
5. In the Advanced Sharing dialog box, click the Share this folder checkbox.
6. Click the Permissions button
7. In the Group or user names box, ensure that appears and is selected.
8. Ensure that Everyone is selected and in the Allow column, click the Full Control checkbox.

9. Click OK twice.
10. Click the Security tab
11. Click the Edit button
12. Click the Add button
13. In the Enter the object names to select text box, type everyone and press Enter.
14. Back in the Security tab, ensure that Everyone is selected.
15. In the Allow column, click Full control.

16. Click OK.

17. Click Close.
18. Open a command prompt and enter ipconfig
19. Scroll through the results and look for the Ethernet adapter VMware Network Adapter
Vmnet8. This is the interface the host uses to connect with the guests. Make note of the IP
address.
 20. Switch to the VM that needs the tools and log in.
21. Click StartRun
22. At the Run line, enter the IP address you discovered in Step 19 Precede it with \\. For example:
\\192.168.75.1

23. Click OK.

24. In the Windows Security popup dialog box, enter the username and password for your HOST.
25. Locate Hacking Tools share and double click it to open it.

26. Copy the tools to the guest.

Create an ISO from C:\Hacking and Use the ISO to Move the Files
1. On your host, download a copy of Folder2Iso from here:
http://www.trustfm.net/software/utilities/Folder2Iso.php?page=Download
 Note: You will have to choose a site from which to actually download it. I chose Google Drive.
The direct link is:

https://drive.google.com/file/d/0B7nKMWPhyfl-SlVoWXprWkhHR2c/view

2. Double-click the installer. It is actually just a self-extracting archive that, by default, will unzip
the folder to wherever you downloaded the installer to.
3. Locate the Folder2iso folder, and double-click Folder2iso.exe
4. Click Select folder, then browse to and select C:\Hacking Tools.
5. Click Select Output, browse to your desktop, and name the ISO Hacking Tools and click Save.

6. Click Generate ISO. When finished, it will say “ISO Generated” at the bottom left.
7. Switch to VMware Player for the VM that needs the tools.
8. Click PlayerManageVirtual Machine Settings.
9. On the Hardware tab, click CD/DVD (SATA).
10. On the right side, under Connection, click Use ISO image file:
11. Click Browse…
12. Browse to and select Hacking Tools.iso and click Open.
13. Click OK.
14. In the VM, browse to ComputerDVD Drive (D:)
15. Open up the D: drive and copy the files to the VM desktop.

Congratulations! Your PenTest+ lab is set up and ready for use!

~ finish ~