IR 311: Making a Member Server (10 pts)

What You Need for this Project

A Google Cloud Domain Controller, which you prepared in a previous project
A second Google Cloud Windows 2016 Server

Purpose

To prepare an environment like that used in real enterprises, appropriate for security projects.

Starting your Domain Controller

In the Google Cloud Console, make sure your Domain Controller is running. Note its local IP address, (starting with 10) outlined in green in the image below.

You don't need to connect to the Domain Controller via RDP--all the steps below should be performed on your Member Server's desktop.

Connecting to your Member Server

If you haven't done this yet, create another Windows cloud server to be the Member Server.

Connect to it via RDP and log in with the credentials Google Cloud provides.

Adjusting the DNS Server

At the lower left of the desktop, right-click the Start button. Click "Network Connections".

In the "Network Connections" window, right-click Ethernet and click Properties.

In the Ethernet Properties box, double-click "Internet Protocol Version 4 (TCP/IPv4)".

In the Internet Protocol Version 4 (TCP/IPv4) Properties window, in the lower section, click the "Use the following DNS server addresses" button.

Enter the IP address of your domain controller, as shown below.

Note: your IP address will be different from my example

Click OK.

Open a Command Prompt and execute this command:

ping hackme.com

You should get replies, as shown below.

Joining the Domain

At the lower left of the desktop, right-click the Start button. Click System.

In the System window, on the left side, click "Advanced system settings".

A System Properties box opens.

In System Properties, click the "Computer Name" tab.

Click the Change... button.

In the "Computer Name/Domain Changes" box, click the Domain button and enter a Domain of HACKME.COM as shown below.

Click OK

A Windows Security box pops up. Enter these credentials:

Username: Administrator
Password: P@ssw0rd123

After a few seconds, a box pops up saying "Welcome to the HACKME.COM domain". Click OK.

A box pops up saying "You must restart your computer...". Click OK.

Close all windows and restart your Member Server.

Logging in as Domain Administrator

Note: this is a poor security practice which leaves high-privilege password hashes available on the workstation. But we'll do it anyway for convenience.

Connect again to the Member Server via RDP.

Username: HACKME\Administrator
Password: P@ssw0rd123

At the lower left of the desktop, right-click the Start button. Click System.

In the System window, on the left side, click "Advanced system settings".

A System Properties box opens.

In System Properties, click the Remote tab.

In the "Remote Desktop" section, clear the "Allow connections only from computers running Remote Desktop with Network Level Authentication (Recommended)" box.

Click the "Select Users..." button.

In the "Remote Desktop Users" box, click the Add... button.

In the "Select Users or Groups" box, in the bottom pane, enter

HACKME\Wally

as shown below.

Click OK. Click OK. Click OK.

Close the RDP session.

Logging In to the Domain

Connect again to the Member Server via RDP.

Username: HACKME\Wally
Password: W@lly123

Flag IR 311.1: Privileges (10 pts)

At the lower left of the desktop, right-click the Start button.

Click "Command Prompt".

Execute this command:

whoami /priv

The flag is covered by a green rectangle box in the image below.

Posted 10-27-19