...
Cybersecurity Labs: Home

dz-win10 #vulnerable

In the last post, we created a new VM from a pre-built virtual machine of Metasploitable2 and tweaked it. In this post, we will install and configure Windows 10 Evaluation Edition and make it vulnerable.

Virtual Machine Settings

Virtual Machine Settings

General

Basic
  • Name: dz-win10
  • Type: Microsoft Windows
  • Version: Windows 10 (64 bit)
Advanced
  • Snapshot Folder: /home/devendrashirbad/virtualbox-vms/dz-win10/Snapshots
  • Shared Clipboard: Bidirectional

System

MotherBoard
  • Base Memory: 4096 MB (try 2048 MB, sacrifice performance)
Processor
  • Processors: 2 CPU (try 1 CPU, sacrifice performance)

Storage

  • Hard Disk: 50 GB (/home/devendrashirbad/virtualbox-vms/dz-win10/dz-win10.vdi)
  • Optical Drive: /home/devendrashirbad/cs-lab/windows-10-evaluation-x64.iso

Network

Adapter 1
  • Host-Only Adapter: vboxnet0
Adapter 2 (Emergency Only)
  • Bridged Adapter: enp3s0

Shared Folder

  • Folder Path: /home/devendrashirbad/cs-lab
  • Folder Name: cs-lab
  • Mount Point: z: (auto-mount)

Guest Additions

The Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.

Post Installation

  • Rename the hostname to ‘dz-win10’.
  • Change the IP address to ‘192.168.56.213’.
C:\Users\Devendrakumar>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::88c3:9024:7fb6:d7d2%5
   IPv4 Address. . . . . . . . . . . : 192.168.56.213
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.56.1

Make It #Vulnerable

This system will act as a victim so we intentionally disable the security settings and make it vulnerable. You never do it in the PROD systems.

  • Disable Virus and Threat Protection in Windows Security
    • Real Time Protection
    • Cloud Deliver Protection
    • Automatic Sample Submission
    • Tamper Protection
  • Disable Firewall
    • Domain
    • Private
    • Public

Install And Configure IIS Server

We might need the IIS (Internet Information Services) server for hosting our own web application (may be with a malware) for penetration testing. It’s optional at the moment, we can do it any time in future.

Final Outcome

Final Outcome

Downloads

Scroll to Top
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.