# Preparing the OS ## Preparing the OS to run the Red Team home lab ### Windows We are going to use **Windows 10 pro** or a **Windows server** and Hyper-V to create the Red Team home lab. Here we are detailing step-by-step, if you want just the commands go to the [**summary**](/lab/preparing-the-os.md#summary) #### 1 Installing RSAT tools If we are using a **Windows 10 pro** we are going to install first the RSAT tools.\ We can list them by opening a **Powershell as an admin** and type: ``` Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State ``` ![List of RSAT tools](/files/-MhDDz1O25HXRQmn1Qxd) To install all the available RSAT tools at once, we run: ``` Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online ``` #### 2 Enable Hyper-V We can enable Hyper-V by opening a **Powershell as an admin** and type: ``` Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All ``` And we **reboot** ![Enabling Microsoft Hyper V feature](/files/-MhDLXhohfkj_Nfw0A65) #### 3 Enable WSL The Host server will serve as the attacker machine. It will host the C2 and also we are going to leverage the Windows Subsystem for Linux to use Kali. You must first enable the WSL feature. Open **PowerShell as Administrator** and run: ``` dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart ``` ![Enabling WSL feature](/files/-MhDN4SItSXUuJKVMVYf) #### 4 Enable Virtual Machine feature Before installing WSL 2, you must enable the Virtual Machine Platform optional feature. Open **PowerShell as Administrator** and run: ``` dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart ``` ![Enabling Virtual Machine Platform](/files/-MhDNasbN9UhWGtP8R2P) **Restart** your machine to complete the WSL install and update to WSL 2. #### 5 Download the Linux kernel update package Download the latest package by opening **PowerShell as Administrator** and run: ``` curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi ``` ![Downloading the Linux kernel update package](/files/-MhDQ19V0V0_HDXkA3t3) And we run it with: ``` C:\Windows\Temp\wsl_update_x64.msi ``` ![Installation of WSL](/files/-MhDQE4JJxfsWz9TKA1c) #### 6 Set WSL 2 as the default Open **PowerShell as Administrator** and run: ``` wsl --set-default-version 2 ``` #### **7 Download Kali** Open **PowerShell as Administrator** and run: ``` curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx ``` #### 8 Install Kali Open **PowerShell as Administrator** and run: ``` Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx ``` and set it up: ``` kali ``` ![Successfully running kali](/files/-MhDqWKi8LZQG9a-eU9d) #### **9 Install git** Download the last release of git for windows and install it {% embed url="" %} ### AutomatedLab For building and running the lab we are going to use [AutomatedLab](https://github.com/AutomatedLab/AutomatedLab) > AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. #### 1 Download and install the last release We download **AutomatedLab.msi** from the last release on Github: {% embed url="" %} And install it ![Installation of AutomatedLab](/files/-MhDV_4iVutaosb-wM3h) ![Options for installing AutomatedLab](/files/-MhDVmcy1Jd-7NSI-a21) ![AutomatedLab is installed](/files/-MhDVs5ckyziMIAlnF7a) #### 2 SetUp Automated lab Open **PowerShell as Administrator** and run: ``` powershell -ep bypass Import-Module AutomatedLab Install-Module -Name Pester -Force -SkipPublisherCheck ``` ### Docker For managing ELK as an air gapped solution we need to host our own Elastic Package Registry. For that we need to install Docker We download the[ last stable release](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe) and install it Create a file as **C:\startDocker.ps1** ```powershell start-service -Name com.docker.service sleep 10 start 'C:\Program Files\Docker\Docker\Docker Desktop.exe' ``` Run in an elevated powershell cmd ```powershell powershell -ep bypass $trigger = New-ScheduledTaskTrigger -AtStartup $action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1" $settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest # Add the user to the docker-users user-group # This is needed so that this user has access to docker services try { Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop } catch [Microsoft.PowerShell.Commands.MemberExistsException] { } # Run Docker right now C:\startDocker.ps1 ``` ### Summary Open **PowerShell as Administrator** and run: ``` Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All ``` **Reboot** ``` dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart ``` **Reboot** ``` curl.exe https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi --output C:\Windows\Temp\wsl_update_x64.msi C:\Windows\Temp\wsl_update_x64.msi wsl --set-default-version 2 curl.exe -L https://aka.ms/wsl-kali-linux-new --output C:\Windows\Temp\wsl-kali-linux-new.appx Add-AppxPackage C:\Windows\Temp\wsl-kali-linux-new.appx kali ``` We download and install the last git release {% embed url="" %} We download and install **AutomatedLab.msi** from the last release on Github: {% embed url="" %} ``` powershell -ep bypass Import-Module AutomatedLab Install-Module -Name Pester -Force -SkipPublisherCheck ``` We download and install the[ last stable release](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe) of Docker Create a file as **C:\startDocker.ps1** ```powershell start-service -Name com.docker.service sleep 10 start 'C:\Program Files\Docker\Docker\Docker Desktop.exe' ``` Run in an elevated powershell ```powershell powershell -ep bypass $trigger = New-ScheduledTaskTrigger -AtStartup $action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "-ep bypass -File C:\startDocker.ps1" $settings = New-ScheduledTaskSettingsSet -Compatibility Win8 -AllowStartIfOnBatteries Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Start Docker on Start up" -Settings $settings -User $env:UserName -RunLevel Highest # Add the user to the docker-users user-group # This is needed so that this user has access to docker services try { Add-LocalGroupMember -Group docker-users -Member $env:UserName -ErrorAction Stop } catch [Microsoft.PowerShell.Commands.MemberExistsException] { } # Run Docker right now C:\startDocker.ps1 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.breaching-defenses.com/lab/preparing-the-os.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.