How to setup home lab for CEH v8

Hello.

I want to set up a home lab.
I am using Windows server 2012 datacenter as host machine, win7, win8, windows server 2008 r2 and bactrack5 as clients.
Can you give some instructions how to configure these machines?

Find more posts tagged with

Comments

TechGuy215

Server 2008R2 shouldn't be a client...its a server. You need to create a domain on your LAN, and join your clients to it. Also, BT5 isn't a client you would find in a business environment, you should use a distro such as Suse, RHEL, or CENTOS. BT5 is the OS you should have loaded on the machine you intend to use as the attacking machine.

Promote your 2012 server to a DC, then join your clients to it. You'll also want to assign the Server a Static IP, and enable DHCP on it. Create a few accounts in AD with different permissions, memberships, some with a weak password, some with a strong password, etc...

Once you have a domain setup and working, user/computer accounts created, the skies the limit on what you want to test. You can install different applications, frameworks, webservices, etc.. that you can attempt to exploit/scan for vulnerabilities.

BT5 has some great tools built in, you can also find many script-kiddie tools by simply Googling them.

*Edit, I forgot to mention if you enable DHCP on your server, besure to disable it on your router.

impelse

Install applications by yourself and trying to brake it is good, I found a XSS error in a new software installation and sent it to the software providers, it was an application out of the box.

Also is good to download virtual machines with vulnerabilities, it is quicker to begin to attack and simulate black box.

MrAgent

TechGuy215 wrote: »

Server 2008R2 shouldn't be a client...its a server. You need to create a domain on your LAN, and join your clients to it. Also, BT5 isn't a client you would find in a business environment, you should use a distro such as Suse, RHEL, or CENTOS. BT5 is the OS you should have loaded on the machine you intend to use as the attacking machine.

Promote your 2012 server to a DC, then join your clients to it. You'll also want to assign the Server a Static IP, and enable DHCP on it. Create a few accounts in AD with different permissions, memberships, some with a weak password, some with a strong password, etc...

Once you have a domain setup and working, user/computer accounts created, the skies the limit on what you want to test. You can install different applications, frameworks, webservices, etc.. that you can attempt to exploit/scan for vulnerabilities.

BT5 has some great tools built in, you can also find many script-kiddie tools by simply Googling them.

*Edit, I forgot to mention if you enable DHCP on your server, besure to disable it on your router.

I think he meant that they are guests, not clients.

@ploist
When I was studying for this exam I used VMWare workstation and had BT5 as well as Kali Linux loaded to use the tools. I also loaded up metaspoitable to try out different attacks as well.

I would also recommend using Matt Walker's AIO book, if you dont have it yet.

Good luck!