Creating an Active Directory Hacking Lab (Part 2 — Workstations)

This is part 2 of the blog in creating an Active Directory home lab. In this part we are going to be creating our workstations. At this point you should have your Domain Controller set up , but if not you can find part 1 here: Creating an Active Directory Lab (Part 1 ) | remsec | Medium

The below are just some of the possible attacks/scenarios that can be performed on the lab once created:

• LLMNR/NBT-NS Poisoning
• SMB Relay attacks
• Pass the Hash
• Token Impersonation
• Kerberoasting
• Golden Ticket
• Credential Dumping with Mimikats

As with anything there are always some prerequisites and things that are going to be needed to create this lab:

• Virtualization software (I’m going to be using VirtualBox)
• Windows Server ISO (I’m going to be creating this with Server 2022)
• Windows Desktop ISO (I’m going to be creating this with Windows 10)
• Kali Linux (or whatever distro you prefer)

Creating a Workstation

To create our first workstation we will need to pretty much recreate the same steps we took to install the Domain Controller within VirtualBox. So once again, within VirtualBox we need to create a new machine using whatever settings you want and not forgetting to use the Windows Desktop ISO we have and also making sure it is on the NAT Network we created in part 1.

Hopefully once you have created your VM within VirtualBox or whatever virtualization software you have chosen it will boot up and you’ll see the familiar screen at the start of the installation process.

Obviously choose the appropriate settings for yourself and click on install.

Once all files have been installed it should reboot and you’ll be presented with the below where you can start the configuring of the device.

As we are joining this to our Domain Controller we don’t need to sign in with a Microsoft account. It should be pretty obvious that we are going to choose the option in the bottom left corner — “Domain join instead”. All we have to do to get to the next step is click next until we are presented with a Windows desktop. Once we have this I would recommend shutting the device down so we can clone it to create a second workstation before we connect it to our Domain.

So once you have shut it down, right-click on the VM and simply click clone. All you have to do is call the VM what you want (ideally following some sort of naming convention if you want) and make sure the “Clone type” is a “Full clone”.

Anyway, once you have cloned your first workstation we can boot it back up and log into the desktop. As we have created our workstation within an “Internal Network” we are going to need to make sure the device is able to find our DC in order to connect to the Domain we have created.

So, if we open up the “Network and Sharing Center” in the workstation VM and modify the “IPv4 Properties” on our adapter. We need to set the DNS server address to the static IP address of our DC. In my case I set it to “192.168.100.125”.

Now we can connect to our domain, so open up the above by searching for “Access work or school”, then click on “Connect”.

Then click on “Join this device to a local Active Directory domain”.

To connect to the domain we need to enter credentials of the Administrator account we created on our DC in part 1. All going well we should now be connected to the DC.

For this bit we just need to “skip” when adding an account and restart the device.

Now the VM has restarted we will be able to log into the device with any of the user accounts that we created on the DC. But we will log in with the Administrator account so we can change the name of the PC. This step could of been done earlier but honestly is something I forgot to do so we are doing it now.

Call the device whatever you want and restart the VM.

On the DC we can see within the “Active Directory Users and Computers” in our old friend “Server Manager” that the device we have just created is now listed.

To add another device to the Domain all that has been done is load the Cloned device and follow the exact same steps as before. And there you have it we have created our own AD lab at home.