1
00:00:00,120 --> 00:00:00,560
All right.

2
00:00:00,590 --> 00:00:03,880
So I'm going to run a setup for one machine.

3
00:00:03,900 --> 00:00:07,980
I want you to do it for the one machine and then I want you to go ahead and do your second machine the

4
00:00:07,980 --> 00:00:12,150
exact same way if you're running the two machine configuration.

5
00:00:12,150 --> 00:00:14,060
So I'm on the Windows 10 enterprise.

6
00:00:14,060 --> 00:00:17,180
This is Frank Castle's machine The Punisher.

7
00:00:17,340 --> 00:00:19,730
And we're going to go ahead and join this to the domain.

8
00:00:20,100 --> 00:00:26,190
So before we do that I do want to go ahead and go to our pieces or go to this P.C..

9
00:00:26,330 --> 00:00:33,560
Go to your C drive and then go ahead and just right click new folder and we're just on gonna call this

10
00:00:33,680 --> 00:00:35,540
share.

11
00:00:35,660 --> 00:00:37,430
We're going to make a fake share here.

12
00:00:37,430 --> 00:00:39,800
Well it's going to be a real share but we're not going to really use it.

13
00:00:40,290 --> 00:00:41,390
And we're just in a right click on it.

14
00:00:41,390 --> 00:00:46,360
We're going to select properties and then we're going to go to sharing.

15
00:00:46,820 --> 00:00:53,690
We're going to say share right here and then we're going to share everything and then say yes turn on

16
00:00:53,690 --> 00:01:01,810
that we're discovery and file sharing for all public networks and done and now we are sharing on this

17
00:01:01,810 --> 00:01:02,410
machine.

18
00:01:03,310 --> 00:01:07,230
So we go ahead and close that out now on top of this.

19
00:01:07,240 --> 00:01:14,710
We're gonna go ahead and join this to the domain so let's go ahead and first go to our domain controller

20
00:01:15,900 --> 00:01:17,610
and let's grab our IP address.

21
00:01:17,640 --> 00:01:27,580
Let's go do a command prompt here and we're just going to say IP config and our IP address is 1 9 2

22
00:01:27,610 --> 00:01:35,410
1 6 8 fifty seven one forty so fifty seven dot 140 I'm going to go ahead and switch back to this machine

23
00:01:35,980 --> 00:01:42,680
and now let's right click on this access down here on the Internet access and say open network and internet

24
00:01:42,700 --> 00:01:51,050
settings down here you should see change adapter options go ahead and select that and then we have Ethernet

25
00:01:51,050 --> 00:01:51,790
0 right here.

26
00:01:51,790 --> 00:01:58,130
Go ahead and right click this and select properties and then we're gonna go ahead and double click on

27
00:01:58,130 --> 00:02:03,760
this IP for and it should bring up a screen that looks like this.

28
00:02:03,940 --> 00:02:06,520
We're going to leave obtain an IP address automatically.

29
00:02:06,520 --> 00:02:07,650
This is DCP.

30
00:02:07,660 --> 00:02:11,020
That's absolutely ok here on the DNS.

31
00:02:11,020 --> 00:02:12,340
We're going to do something like this.

32
00:02:12,340 --> 00:02:20,450
We're gonna say 1 9 2 if I can type 1 9 2 1 6 8 fifty seven dot 140.

33
00:02:20,460 --> 00:02:25,880
So we want the IP address of the domain controller here because we need to get DNS from that.

34
00:02:26,100 --> 00:02:27,710
Go ahead and say OK.

35
00:02:27,900 --> 00:02:34,790
And then we're gonna go over here and we're gonna say domain and it should say access work or school.

36
00:02:34,830 --> 00:02:39,510
Go ahead and select that and we're going to say connect

37
00:02:42,870 --> 00:02:47,460
and then it's gonna bring this up set up a work or school account down here say join this device so

38
00:02:47,460 --> 00:02:49,200
local Active Directory Domain

39
00:02:52,500 --> 00:02:54,480
and now it's gonna say domain name.

40
00:02:54,480 --> 00:02:55,440
What are we going to join.

41
00:02:55,440 --> 00:02:57,720
Well we're joining Marvel dot local

42
00:03:00,750 --> 00:03:07,980
now it's gonna say Who do you want to join as well let's go ahead and just say administrator and then

43
00:03:07,980 --> 00:03:17,870
we're gonna go ahead and say our password which we set way back in the beginning and now we are good

44
00:03:17,870 --> 00:03:18,200
to go.

45
00:03:18,200 --> 00:03:22,080
We're gonna skip this feature here and then we need to restart.

46
00:03:22,080 --> 00:03:26,690
So let's go ahead and restart now.

47
00:03:26,790 --> 00:03:31,920
And so this is going to reboot when it reboots you're gonna need to log in as your user.

48
00:03:31,920 --> 00:03:40,540
So how I set up this domain is this user is going to be Frank Castle so f Castle is going to log into

49
00:03:40,560 --> 00:03:41,480
the punisher.

50
00:03:41,610 --> 00:03:48,860
The other user you saw me create was Peter Parker or P. Parker and I am making a machine called Spider-Man.

51
00:03:48,960 --> 00:03:55,350
So we're going to be able to have Spider-Man and we're going to have the Punisher as two machines.

52
00:03:55,470 --> 00:04:01,230
So I'm going to go ahead and log into this now instead of being Frank Castle this is a local account

53
00:04:01,260 --> 00:04:07,740
we're gonna go ahead and do f castle like this and we're gonna say password 1 which is what we used

54
00:04:07,740 --> 00:04:14,390
before log in here and it should logs in as this user.

55
00:04:14,520 --> 00:04:18,990
Now it might take a second to get everything ready and there's going to be one other setting that we're

56
00:04:18,990 --> 00:04:21,850
going to do on this computer specifically.

57
00:04:21,930 --> 00:04:26,170
And then there's going to be one setting on the other machine that we're gonna want to do as well.

58
00:04:26,280 --> 00:04:30,570
So I'm going to go ahead and hit the brakes here and we're going to let this finish.

59
00:04:30,600 --> 00:04:33,840
And once it finishes we're gonna go ahead actually here it is.

60
00:04:33,840 --> 00:04:38,580
So let's go ahead and make these setting changes real quick.

61
00:04:38,580 --> 00:04:43,940
Now you can see that we are actually logged in as f Castle we've successfully done that.

62
00:04:43,980 --> 00:04:44,570
Great.

63
00:04:44,580 --> 00:04:51,310
So let's go ahead now and let's sign out and let's sign in as the administrator because I do want to

64
00:04:51,310 --> 00:04:53,140
make a couple changes here.

65
00:04:53,140 --> 00:05:01,060
So let's go ahead and say administrator and let's go ahead and we'll do we've got to do a Marvel slash

66
00:05:01,060 --> 00:05:08,980
administrator like that and we'll do password as we set it log into this computer and it might take

67
00:05:08,980 --> 00:05:10,390
a second again.

68
00:05:10,390 --> 00:05:17,950
What we're going to do is we're going to enable Frank Castle to be a local administrator on this machine.

69
00:05:17,950 --> 00:05:23,110
So we want to set that up and then we're gonna go ahead and we're going to navigate over to Spider Man's

70
00:05:23,110 --> 00:05:28,210
machine and we're gonna set Frank Castle to be a local administrator there.

71
00:05:28,210 --> 00:05:33,520
There is a special attack that we want to do actually to do special attacks we want to do that involve

72
00:05:33,520 --> 00:05:42,130
the usage of local administrators on multiple machines so let's go ahead and come into here and we're

73
00:05:42,130 --> 00:05:50,380
gonna go into right click or actually we can do we can do right click and computer management and this

74
00:05:50,380 --> 00:05:52,840
should bring up our settings for local administrators

75
00:05:56,570 --> 00:05:57,020
OK.

76
00:05:57,030 --> 00:06:03,220
And then we come local users and groups in here we've got groups go ahead and double click.

77
00:06:03,240 --> 00:06:04,080
Administrators

78
00:06:07,690 --> 00:06:11,800
and then we're going to go ahead and add a couple of users so we're going to add well we'll just add

79
00:06:11,830 --> 00:06:20,540
f Castle on this so check names f Castle is good and then we're gonna apply and say OK and we're good

80
00:06:20,540 --> 00:06:21,020
here.

81
00:06:21,500 --> 00:06:24,100
So let's go ahead and stop here.

82
00:06:24,410 --> 00:06:30,380
We'll go ahead and get your other machines setup completely as you need to log in as the administrator

83
00:06:30,380 --> 00:06:36,620
on your other machine and meet me over there we're going to setup Frank Castle and Peter Parker as administrators

84
00:06:36,620 --> 00:06:38,860
there as well OK.

85
00:06:38,860 --> 00:06:41,740
Now on to peer Parker's machine.

86
00:06:41,740 --> 00:06:42,940
Same deal here.

87
00:06:42,970 --> 00:06:50,110
So if we go in administrators I've made Peter Parker an administrator of his own machine and I've also

88
00:06:50,110 --> 00:06:53,640
made Frank Castle an administrator of Peter Parker's machine.

89
00:06:53,710 --> 00:07:01,450
So however you set this up make sure that you have a user that is on domain Alvin or an admin I should

90
00:07:01,450 --> 00:07:09,070
say on two machines local administrator on two machines and you have a user who is a administrator on

91
00:07:09,070 --> 00:07:10,320
their machine both.

92
00:07:10,330 --> 00:07:13,290
So Franks administrator is a machine.

93
00:07:13,290 --> 00:07:19,690
Peter is an administrator in his own machine and then Frank has administrator access on both machines.

94
00:07:19,690 --> 00:07:20,290
All right.

95
00:07:20,290 --> 00:07:22,860
And also make sure you set up everything the same.

96
00:07:22,870 --> 00:07:31,060
This also has a share in it has the share here and we're domain joined last thing I want to point out.

97
00:07:31,090 --> 00:07:38,530
So let's go over to Windows Server and I'm going to log back in and then let's take a look at what our

98
00:07:38,530 --> 00:07:40,200
Active Directory looks like now.

99
00:07:40,350 --> 00:07:48,820
So we come into here and let's go ahead and go into our users and groups and look at our computers here

100
00:07:48,820 --> 00:07:54,730
we might have to refresh up top and then you can see now Spider-Man and The Punisher have been joined

101
00:07:54,760 --> 00:07:55,630
to this domain.

102
00:07:55,630 --> 00:08:00,840
They showed up in our o u here and we know that we have successfully joined the set domain.

103
00:08:01,090 --> 00:08:03,230
Everything is set up the way we want it to be.

104
00:08:03,250 --> 00:08:08,950
Now we can move on to the attacking phase we start attacking all these things and notice we only made

105
00:08:08,950 --> 00:08:10,440
a few changes right.

106
00:08:10,510 --> 00:08:16,450
We did turn off windows defender but for the most part we've got normal default settings for pretty

107
00:08:16,450 --> 00:08:23,410
much everything we added some file shares to just emulate a network and we set up a service that's pretty

108
00:08:23,410 --> 00:08:24,360
common as well.

109
00:08:24,610 --> 00:08:30,250
So so far besides turning off the vendor everything is pretty common across the board for how you would

110
00:08:30,250 --> 00:08:32,970
see an Active Directory network set up.

111
00:08:32,980 --> 00:08:39,340
So from here we're going to exploit these these settings these almost default configurations and really

112
00:08:39,340 --> 00:08:41,890
just own this network all over the place.

113
00:08:41,920 --> 00:08:46,810
So let's see how we can do that and I'll catch you over in the attack vectors video.