Damn Vulnerable Windows 7: Lesson 1: How to create a Damn Vulnerable Windows 7 Machine
ComputerSecurityStudent (CSS) [Login] [Join Now]




|WINDOWS >> Damn Vulnerable Windows >> W7-SP1 IE8 >> Current Page |Views: 8998

(Damn Vulnerable Windows 7: Lesson 1)

{ How to create a Damn Vulnerable Windows 7 Machine }


Section 0. Background Information
  1. What is Damn Vulnerable Windows 7?
    • This is a Windows 7 Virtual Machine that provides a practice environment to conduct ethical penetration testing, vulnerability assessment, exploitation and forensics investigation.
    • The Microsoft Software License Terms for the IE VMs are included in the release notes.
    • By downloading and using this software, you agree to these license terms.

  2. Pre-Requisite Labs
  3. Lab Notes
    • In this lab we will do the following:
      1. Download a Windows 7 (IE8)
      2. Disable the Firewall
      3. Disable Windows Update
      4. Disable Internet Security
      5. Remove most Windows 7 SP1 Patches
      6. Create Weak Passwords
     
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

 

Section 1: Download Microsoft Win7-IE8 VM
  1. Download Windows XP-IE6

     

  2. Download Location
    • Instructions:
      1. Navigate to your preferred download directory
        • In my case, G:\VMs\Damn Vulnerable Windows 7
      2. Click the Save Button

     

  3. Go To Downloads Folder (Part 1)
    • Instructions:
      1. Tools --> Downloads

     

  4. Go To Downloads Folder (Part 2)
    • Instructions:
      1. Right Click on IE8.Win7.For.Windows.VMware.zip
      2. Open Containing Folder

     

  5. Extract Files
    • Instructions:
      1. Right Click on IE8.Win7.For.Windows.VMware.zip
      2. Select 7-Zip
      3. Extract Here

     

  6. Extract Process
    • Note(FYI):
      1. The Extraction Process will take between 2 to 5 minutes.
      2. Continue to Next Step after the extraction completes.

 

Section 2: Create a New Virtual Machine
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player

     

  2. Create a New Virtual Machine. (See Below)
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open Virtual Machine
    • Instructions:
      1. Navigate To Extracted Virtual Machine Location
        • In my case, the directory was G:\VMs\Damn Vulnerable Windows 7
      2. Click IE8 - Win7
      3. Click the Open Button

     

  4. Import Virtual Machine
    • Instructions:
      1. Name:  Damn Vulnerable Windows 7
      2. Storage Path: Browse to your desired storage location
        • In my case, the storage directory is G:\VMs\DVW7
      3. Click the Import Button
        • Don't be alarmed, an error message will be displayed.
        • Continue to the next step.

     

  5. Virtual Machine OVF Failure
    • Instructions:
      1. Click the Retry Button
    • Note(FYI):
      1. The import will take between 15 to 45 minutes.

     

  6. Edit Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable Windows 7
      2. Click on Edit virtual machine settings

     

  7. Configure Memory Setting
    • Instructions:
      1. Click on Memory
      2. Select 1 GB
    • Note(FYI):
      1. Do NOT Click the OK Button, we still have more to configure.

     

  8. Add Network Adapter
    • Instructions:
      1. Click the Add... Button
        • Note: The Windows UAC message might appear.  If so, click Yes.
      2. Click on Network Adapter
      3. Click the Next Button
      4. Click the OK Button

     

  9. Configure CD/DVD Settings
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click the Use physical drive radio button
      3. Select Auto detect
      4. Click the OK Button

     

Section 3: Play Damn Vulnerable Windows 7
  1. Start the Damn Vulnerable Windows 7
    • Instructions:
      1. Click on Damn Vulnerable Windows 7
      2. Click on Play virtual machine

     

Section 4: Network Location Setup
  1. Set Network Location
    • Note(FYI):
      1. After the Windows 7 Operating System loads it will take about 1 to 2 minutes for the Network Adapter Drivers to install the new device. 

     

  2. Set Network Location
    • Instructions:
      1. Double Click on Home Network

     

  3. Create a Homegroup (Part 1)
    • Instructions:
      1. Check all the checkboxes
      2. Click the Next Button

     

  4. Create a Homegroup (Part 2)
    • Instructions:
      1. It's your discretion to record your password. 
        • (Ie. we will not use it)
      2. Click the Finish Button

     

  5. Restart Message
    • Instructions:
      1. Click Restart Later

 

Section 5: Turn Off Windows Firewall
  1. Open Windows Firewall (Part 1)
    • Instructions:
      1. Click on the Windows Start Button
      2. Search for Windows Firewall
      3. Click on Windows Firewall

     

  2. Open Windows Firewall (Part 2)
    • Instructions:
      1. Click on Turn Windows Firewall on or off

     

  3. Turn Off Windows Firewall
    • Instructions:
      1. Home or work (private) network location settings:
        • Click on Turn off Windows Firewall (not recommended)
      2. Public network location settings:
        • Click on Turn off Windows Firewall (not recommended)
    • Note(FYI):
      1. Obviously, it is never a good idea to turn off a host firewall.  Accordingly, this VM will later be used to illustrate that point.

 

Section 6: Turn Off Windows Update
  1. Open Automatic Update (Part 1)
    • Instructions:
      1. Click the Windows Start Button
      2. Search for Windows Update
      3. Click on Windows Update

     

  2. Open Automatic Update (Part 2)
    • Instructions:
      1. Click Change settings

     

  3. Turn Automatic Updates Off
    • Instructions:
      1. Select Never check for updates (not recommended)
      2. Click the OK button
    • Note(FYI):
      1. Obviously, it is never a good idea to turn off Automatic Updates.  Accordingly, this VM will later be used to illustrate that point.

 

Section 7: Configure Internet Options
  1. Open Internet Options
    • Instructions:
      1. Click the Windows Start Button
      2. Search for Internet Options
      3. Click on Internet Options

     

  2. Default Home Page Configuration
    • Instructions:
      1. Click the General Tab
      2. Click the Use Blank Button
      3. Click the Apply Button

     

  3. Default Home Page Configuration
    • Instructions:
      1. Click the Security Tab
      2. Uncheck Enable Protected Mode
      3. Click the Apply Button
      4. Click the Warning! OK button

     

  4. Name the server
    • Instructions:
      1. Click the Privacy Tab
      2. Select lowest setting for the Internet Zone. (See Picture)
      3. Uncheck Turn on Pop-up Blocker
      4. Click the Apply Button
      5. Click the OK Button.

 

Section 8: Configure Remote Settings
  1. Open System Panel
    • Instructions:
      1. Click the Windows Start Button
      2. Search for System
      3. Click System

     

  2. Open Remote Settings
    • Instructions:
      1. Click on Remote settings

     

  3. Configure Remote Settings (Part 1)
    • Instructions:
      1. Remote Assistance:
        • Check Allow Remote Assistance connections to this computer
      2. Remote Desktop
        • Allow connections from computers running any version of Remote Desktop (less secure)
      3. Click the OK Button

 

Section 9: Change Computer Name
  1. Edit the System Environment
    • Instructions:
      1. Click the Windows Start Button
      2. Search for edit the system environment
      3. Click the Edit system environment variables

     

  2. Change Computer Name
    • Instructions:
      1. Select the Computer Name tab
      2. Computer description: Damn Vulnerable Windows 7
      3. Click the Change... button
      4. Computer name: DVW7
      5. Click the OK button
      6. You must restart your computer message
        • Click the OK button
      7. Click the Apply button

     

  3. You must restart your computer
    • Instructions:
      1. Click Restart Later

 

Section 10: Change Power Options
  1. Edit Power Plan (Part 1)
    • Instructions:
      1. Click the Windows Start Button
      2. Search for edit power
      3. Click on edit power plan

     

  2. Edit Power Plan (Part 2)
    • Instructions:
      1. Turn off the display: 30 minutes
      2. Put the computer to sleep: 3 hours
      3. Click the Save Changes button

 

Section 11: Change Desktop Background
  1. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. Search for command prompt
      3. Click on Command Prompt

     

  2. Remove BGInfo
    • Instructions:
      1. del /Q C:\Wallpaper
    • Note(FYI):
      1. Command #1, Delete the Wallpaper directory.  Use the flag (/Q) to not ask if it is OK to delete.

     

  3. Change Desktop Background (Part 1)
    • Instructions:
      1. Click the Windows Start Button
      2. Search for change desktop background
      3. Click on Change desktop backgroud

     

  4. Change Desktop Background (Part 2)
    • Instructions:
      1. Picture locations: Windows Desktop Backgrounds
      2. Scroll all the way down (See Picture)
      3. Click on the only picture under Windows(1)
      4. Click on the Save Changes Button

     

Section 12: Remove "Most" Windows 7 Patches
  1. Open Notepad
    • Instructions:
      1. Click the Windows Start Button
      2. Search for Notepad
      3. Click on Notepad

     

  2. Copy and Paste Patch Removal Script
    • Instructions:
      1. Copy the below text.
        • @ECHO OFF
          Setlocal EnableDelayedExpansion
          set cmdopt1=/uninstall /quiet /norestart
          set cmdtorun=wusa.exe

          for /f %%i in ('wmic qfe get "HotFixID" /format:table') DO call :concat %%i

          :concat
          set MYVAR=%1
          set TESTVAR=!MYVAR!

          If NOT "%TESTVAR%"=="%TESTVAR:kb=%" (
          set modified=!MYVAR:kb=kb:!
          set cmdopt=%cmdtorun% /%modified% %cmdopt1%
          echo %cmdopt%
          !cmdopt!
          )
      2. Paste Text in the Notepad Screen: Edit --> Paste

     

  3. Save patch_removal.bat file
    • Instructions:
      1. File --> Save As...
      2. Save in: Local Disk (C:\Users\IEUser)
      3. File name: patch_removal.bat
      4. Save as type: All Files
      5. Encoding: ANSI
      6. Click the Save Button

     

  4. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. Search for command prompt
      3. Click on Command Prompt

     

  5. Remove Patches (Part 1)
    • Instructions:
      1. wmic qfe get "HotFixID" /format:table > before_removal.csv
      2. dir | findstr "before"
      3. patch_removal.bat
    • Note(FYI):
      1. Command #1, output all the HotFix patches into file before_removal.csv using the greater than (>) operator.
      2. Command #2, Use (dir) to list the contents of the current directory and use (findstr) to search for the string "before".
      3. Command #3, use patch_removal.bat to remove most of the HotFix patches for Windows 7 SP1.  Obviously, it is never a good idea to remove all the patches.  Accordingly, this VM will later be used to illustrate various issues.  The patch_removal.bat script will take around 45 minutes to execute, so go get some Turkish Coffee and re-charge.

     

  6. Remove Patches Failure (Part 1)
    • Instructions:
      1. Click to close the Windows Update Standalone Installer.
      2. Continue to the next step.
    • Note(FYI):
      1. Although the script will exit after you click , the majority of the HotFixes that are not kernel dependent were removed.

     

  7. Verify Results and Reboot
    • Instructions:
      1. wmic qfe get "HotFixID" /format:table
      2. wmic qfe get "HotFixID" /format:table > after_removal.csv
      3. type before_removal.csv | find /C "K"
      4. type after_removal.csv | find /C "K"
      5. shutdown -r -t 3
    • Note(FYI):
      1. Command #1, will display all the current HotFixes on the system that are still present.  These are the patches that the Operating System would not allow to be removed.
      2. Command #2, Output the contents in Command #1 into the file after_removal.csv using the greater than operator (>).
      3. Command #3, Count the number of lines (ie. the number of patches) in the before_removal.csv file.  Notice the number 155 is returned.
      4. Command #4, Count the number of lines (ie. the number of patches) in the after_removal.csv file.  Notice the number 7 is returned.  So, the patch_removal.bat script, removed 148 patches (eg. 155 - 7 = 148).
      5. Command #5, Now that you have successfully removed 148 patches, you will have to wait for another 10 to 15 minutes for the Operating System to reboot and reconfigure itself.

 

Section 13: Disable IEUser Auto Login
  1. Open Advanced User Accounts Control Panel (netplwiz)
    • Instructions:
      1. Click on the Window's Start Button
      2. Search for netplwiz
      3. Click on netplwiz
    • Note(FYI):
      1. Command #3, netplwiz is the Advanced User Accounts Control Panel that we will use to disable auto login.

     

  2. Remove Auto Login
    • Instructions:
      1. Check Users must enter a user name and password to use this computer
      2. Click on IEUser
      3. Click the OK Button
    • Note(FYI):
      1. By default, the IEUser for this VM can auto login without a password.

 

Section 14: Create Username, Set Weak Password, Add to Administrators Group
  1. Run Command Prompt as administrator
    • Instructions:
      1. Click on the Windows Start Button
      2. Search for the string command prompt
      3. Right click on the Command Prompt
      4. Click on Run as administrator
    • Note(FYI):
      1. Command #4, Your screen will go gray prompting you to with a User Access Control message. Continue to next step.

     

  2. User Account Control
    • Instructions:
      1. Click the Yes Button

     

  3. Change Username, Set and Require Password
    • Instructions:
      1. net users
      2. wmic useraccount where name='IEUser' rename student
      3. net users student abc123 /PASSWORDREQ:yes /FULLNAME:"Security Student"
      4. net users
    • Note(FYI):
      1. Command #1, Display all local users.
      2. Command #2, Windows Management Instrumentation Command-line (WMIC) is used to rename username (IEUser) to (student).
      3. Command #3, Set the username (student) password to (abc123).  Set the fullname (Security Student).  Require a password using the flag (/PASSWORDREQ:yes).
        • Obviously, this is an extremely weak password.  Accordingly, we will illustrated why weak passwords should never be used in following lessons.
      4. Command #1, Display all local users.  Notice that the username IEUser was changed to student.

     

  4. Enable the Administrator Account, Set Password
    • Instructions:
      1. net users administrator password /active:yes
      2. net users administrator
    • Note(FYI):
      1. Command #1, Set the administrator's password to the string password. Use flag (/active:yes) to enable the administrators account.
        • Obviously, this is an extremely weak password.  Accordingly, we will illustrated why weak passwords should never be used in following lessons
      2. Command #2, display the details of the administrator account. Notice the account is set to active.

     

  5. Create Regular Account, Set Weak Password
    • Instructions:
      1. net users jdoe abc123 /ADD /FULLNAME:"John Doe" /COMMENT:"Regular User"
      2. net users jdoe
    • Note(FYI):
      1. Command #1, Create user (jdoe) using the flag (/ADD). Set weak password (abc123).  Use flag (/FULLNAME:"John Doe") to set the full name.  Use flag (/COMMENT:"Regular User") to describe the username.
        • Obviously, this is an extremely weak password.  Accordingly, we will illustrated why weak passwords should never be used in following lessons
      2. Command #2, display the details of the jdoe account.

     

  6. Reboot Machine
    • Instructions:
      1. shutdown -r -t 0
    • Note(FYI):
      1. Command #1, Use the flag (-r) to reboot the machine.  Use the flag (-t) to specify the number of seconds before the reboot will occur.  We use 0 seconds to reboot now.

 

Section 15: Login To Damn Vulnerable Windows 7
  1. Select Login User
    • Instructions:
      1. Click on Security Student

     

  2. Switch User
    • Instructions:
      1. Supply the student password (abc123).
      2. Click on the arrow

     

Section 16: Install Firefox
  1. Open Internet Explorer
    • Instructions:
      1. Click the Windows Start Button
      2. Search for internet explorer
      3. Click on Internet Explorer

     

  2. Firefox Download URL
    • Instructions:
      1. Navigate to the following URL
        • https://download.mozilla.org/?product=firefox-stub&os=win&lang=en-US
      2.  Click the Run Button

     

  3. File Download - Security Warning
    • Instructions:
      1. Click the Run Button

     

  4. User Account Control
    • Instructions:
      1. Click the Yes Button

     

  5. Firefox Setup (Part 1)
    • Instructions:
      1. Click the Install Button

     

  6. Firefox Setup (Part 2)
    • Note(FYI):
      1. The Firefox download will take around 15 minutes.
      2. Once the installation finishes it will automatically open a Firefox browser.

     

  7. Import Wizard (Import Settings and Data)
    • Instructions:
      1. Click on Don't import anything
      2. Click the Next Button

     

  8. Firefox Options (Option)
    • Instructions:
      1. Click on the menu icon
      2. Click on the options icon

     

  9. Firefox Options (General:Downloads)
    • Instructions:
      1. Click the General Tab
      2. Click the Always ask me where to save files radio button
      3. Click the to close Firefox
      4. Click the Close tabs button

 

Section 17: Install 7-zip
  1. Open Firefox
    • Instructions:
      1. Click the Windows Start Button
      2. Search for Firefox
      3. Click on Mozilla Firefox

     

  2. Start 7-Zip Download
    • Instructions:
      1. http://www.7-zip.org
      2. Click Download
      3. Click the Save File Button

     

  3. Save to Destination Folder
    • Instructions:
      1. Navigate to the follow folder
        • C:\Users\IEUser\Downloads
      2. File name: 7z920
      3. Save as type: Binary File
      4. Click the Save Button

     

  4. Open Containing Folder
    • Instructions:
      1. Click on the down arrow
      2. Right click on 7z920.exe
      3. Open Containing Folder

     

  5. Open Executable File
    • Instructions:
      1. Right click on 7z920
      2. Click Open

     

  6. User Account Control
    • Instructions:
      1. Click the Yes Button

     

  7. Choose Install Location
    • Instructions:
      1. Destination: C:\Program Files\7-Zip
      2. Click the Install Button

     

  8. 7-Zip Completion
    • Instructions:
      1. Click the Finish Button

     

Section 18: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. dir *.csv
      2. type before_removal.csv | find /C "KB"
      3. type after_removal.csv | find /C "KB"
      4. dir "C:\Program Files" | findstr "7-Zip"
      5. date /t
      6. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth