Building an ActiveDirectory Lab with just 4GB of RAM
Hey guys,
In this blog, we are going to see about how I built an Active Directory Lab for Pentesting with just 4GB of RAM
Note : This can be done only if you have Linux on Bare Metal.(Linux as a Host, best if you have a lighter Arch Distro, Kali or any pentesting distribution). If you are using Windows, here is a suggesstion, read up on building an AD Lab on AZURE using the free credits for the signup.
Yes, you read that right, an Active Directory Lab with just 4GB of RAM.
I am one of the guys, who got the most from Heath Adams aka TheCyberMentor’s Practical Ethical Hacking Course in Udemy for which a free coupon was shared to Stay Home in COVID-19.
That was an excellent course fully hands-on explaining mostly everything you need to know about in Hacking.
I got to see that, to do some Attacks against Active Directory, we build an Active Directory Lab, That requires lots of RAM, I made certain tweaks to that so we could perform all those within our constrained 4GB of RAM.
Again, If you have Windows as the Host, this will definitely not work for you. Because Windows consumes more RAM.
We are going to use the following,
1. Windows Server 2016 iso
2. Windows 7 iso
Our setup is going to be like a domain controller(Server 2016) and 2 Windows hosts on the domain(Windows 7).
You know that you have less RAM, so things get slower when you run all these things, so be patient for this setup and also in the attack phase, Remember Patience is one great quality of a hacker.
I am going to share only the settings I used to configure the System’s hardware, building the Lab is covered in the course as well as here in https://www.youtube.com/watch?v=xftEuVQ7kY0&t=176s
First Configuring the Server.
Note the settings carefully, especially the Base Memory, and configure the Server Entirely from Installation of Server, Installing Active Directory to Creating Users in the Active Directory
Now after completing everything ShutDown the System.
Next we are moving on to Configuring Windows 7 hosts.
Complete the Installation of Windows 7 and shut down the System.
Repeat the Same Settings for the other Windows 7 host also.
Next comes in our Tweaks.
Now we are going to join our machines to the Domain.
Apply these Settings to the Server and Power On the Server. Donot Login to the Server, as there is no necessity to login to the Server.
Next Having the Server 2016 open,
Apply these settings to windows 7 and open it, join the computer to the domain, after joining to the domain shutdown the system.
Apply the same settings to the other Windows 7 guest and join that to the Domain.
Now everything is set and Congrats!! You have setup your AD Lab with just 4GB of RAM
Next is Important step, you have to run all three VMs at the Same time, Apply the settings as follows,
You donot need to login to any of the VMs unless necessary.
If you want to login, then do login into the Windows 7 guest with more RAM alloted.
This is what happened, when I ran the 3 VMs together,
If you are on a Linux host, the remaining RAM is more than enough to run your tools.
It was a lot slower when I started Up Metasploit, but after it starts, it rocks…! Not only metasploit, most tools start up slow, afterwards they runs great.
With this Lab Setup I was able to perform all the following attacks
LLMNR Poisoning
SMB Relay Attack
IPv6 DNS TakeOver attack
PTH attacks
Kerberoasting etc..,
The only problem I had is Windows 7 guests didn’t have the .NET Framework installed, which is needed to run Bloodhound. You have to manually install it.
The key thing to learn is Active Directory, so the Older OSes doesn’t matter and they too behave in the same way as Windows 10 and Server 2019, the take away is the concepts and the attacks that you could perform practically.
Windows 10 requires more RAM than 7, so I used Windows 7, I feel that there is no difference.
It took me almost half a day to set up the Lab, though I enjoyed creating the Lab and attacking it, Felt to share, so I wrote down.
Hope you too enjoy creating your AD LAB.
