DarthSidious
  • Darth Sidious
  • GETTING STARTED
    • Getting started
    • External network access to Domain Admin
    • Intro to Windows hashes
  • Building a lab
    • Building a lab
    • Preparing Kali
    • Building a small lab
    • Building a lab with ESXI and Vagrant
    • Cuckoo malware analysis lab
  • Initial access
    • Password spraying
    • Initial access through exchange
  • ENUMERATION
    • Powershell
    • BloodHound
    • PowerView
    • Azure enumeration
  • Execution
    • Pass the hash
    • Responder with NTLM relay and Empire
    • DeathStar
    • CrackMapExec
  • Privilege escalation
    • Mimikatz
    • Token Impersonation
    • Juicy Potato
    • ALPC bug 0day
  • Defense evasion
    • Bypassing Applocker and Powershell contstrained language mode
    • From RDS app to Empire shell
    • Stealth
  • OTHER
    • Link encyclopedia
    • Writeups
      • lkylabs v1
    • War stories
      • Domain admin in 30 minutes
  • Credential access
    • Password cracking and auditing
  • Command & Control
    • SILENTTRINITY
Powered by GitBook
On this page
  1. Building a lab

Preparing Kali

PreviousBuilding a labNextBuilding a small lab

Last updated 7 years ago

You need some tools for this guide. Get ready! Make a directory to put all this in, because it can get messy. I won't explain all the tools and how to install them, because the different tools and procedures might change.

  • - A python collection for networking. Includes ntlmrelay, which will be useful later.

  • - Tool for poisoning requests. Use this forked repo rather than SpiderLabs' repo, because it is no longer maintained.

  • - A framework almost like Metasploit, but for Windows hacking.

  • - Includes tools to check for SMB signing.

  • - A for automating the process of becoming Domain Admin.

  • - Creating a map of AD. Check /releases on the GitHub page for precompiled binaries!

  • - Powershell tools for post exploitation, some are included in Empire already.

  • - Dumping credentials.

  • - Database to use with BloodHound.

Most of these should be available through apt. If not, install them by cloning in git and putting them in /opt. Now you may need to play a litte with installing the tools and their dependencies. A lot of them are written in Python, so familiarize yourself with pip. Make sure you are running tools and scripts with the correct Python version. Certain tools are written for 2.7 and some for 3. How to use the tools are explained in subsequent parts of this tutorial.

Impacket
Responder
Empire
CrackMapExec
DeathStar
BloodHound
PowerSploit
Mimikatz
Neo4j