Jump to content
cla1992

Back|Track 4 -Setting up your Windows XP SP2-

By cla1992, in Tutoriale in engleza

Recommended Posts

cla1992 Newbie

cla1992

Posted
Posted

Setting up your Windows XP SP2

For this section we will download our target VM and use Wine to run

a windows application known as WinRAR. This application will aid us in

extracting the target VM from a split zip file. We encourage you to verify

the integrity of the files to ensure you will have successful results.

The process is very simple to do since back|track4 has the necessary

applications to do this.

--------------------------------------------------------------------

I) Setting up your environment

1.

We must first download the 6 files which contain our target VM.

Once you download all the files completely, ensure the md5 checksums

match the ones provided below. This will take a considerable amount of time

to completely download. Please take this into consideration. 

[COLOR="Red"]wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-Q4-2008-XP-VHD.z01
      wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-[COLOR="Black"][/COLOR]Q4-2008-XP-VHD.z02
      wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-Q4-2008-XP-VHD.z03
      wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-Q4-2008-XP-VHD.z04
      wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-Q4-2008-XP-VHD.z05
      wget http://downloadfdcc.nist.gov/vm/FDCC_XP_Q4_20081107/FDCC-Q4-2008-XP-VHD.zip[/COLOR]

--------------------------------------------------------------------------------------

2.

After the multi-part zip files have been downloaded, we then need to check

their MD5 hashes. This process may take a while depending on your hardware capabilities.

root@bt4:~# md5sum FDCC-Q4-2008-XP-VHD.z*

64f06d2c0c5873736461b5bbe9894652 FDCC-Q4-2008-XP-VHD.z01
fb9dcfc5721abed6d073335ac4477123 FDCC-Q4-2008-XP-VHD.z02
ed1dcbe112b169675b6e670b47ab5344 FDCC-Q4-2008-XP-VHD.z03
2eb3ea2867b8eede5b644be365b79725 FDCC-Q4-2008-XP-VHD.z04
7e2094ee15f41b149fcbb916c3f576b7 FDCC-Q4-2008-XP-VHD.z05
2f4947495660f2f1e1263eed07410798 FDCC-Q4-2008-XP-VHD.zip

root@bt4:~#

----------------------------------------------------------------------------------------

3.

We must now acquire WinRAR. This will help us in extracting our VM from the zip file.

root@bt4:~# wget http://www.offsec.com/downloads/wrar390.exe

4.

We will now install msttcorefonts to get wine working properly.

root@bt4:~# apt-get install msttcorefonts

5.

Next, you will need to start the WinRAR install using wine.

root@bt4:~# wine wrar390.exe

6.

You can accept the defaults for the installation and then run WinRAR when completed.

7.

In WinRAR, click ‘File’, ‘Open archive’ and select the file FDCC-Q4-XP-VHD.zip.

Once the archive has opened, click ‘Extract To’ and choose a location for the files.

-------------------------------------------------------------------------------

II) Install VMware Converter and Player

If you don't already have an installation of VMware Workstation, you can download the VMware Converter and VMware Player applications for free from the following locations:

VMware Converter: VMware vCenter Converter, Convert Physical Machines to Virtual Machines

VMware Player: VMware Player: Run Multiple Operating Systems with Free Download for a Virtual PC

1.

Change to the directory containing the VMware converter and un-tar the archive. You can safely accept all of the defaults while installing VMware Converter:

root@bt4:~# tar -zxvf VMware-converter-4.0.1-161434.tar.gz

2.

Once the extraction is complete, change to the newly created directory and run the installer:

root@bt4:~# cd vmware-converter-distrib/

root@bt4:~# ./vmware-install.pl

root@bt4:~# /usr/bin/vmware-converter-client

3.

Once Converter has started up, select 'Convert Machine' from the toolbar.

4.

In the drop-down menu next to 'Select source type', select 'Backup image or third-party virtual machine'. Luckily for us, VMware Converter supports most major image and virtual machine formats.

5.

Click 'Browse', and select the '.vmc' file in the from the extracted NIST image, then click 'Next'.

6.

In the drop-down menu next to 'Select destination type', select 'VMware Workstation or other VMware virtual machine'. Another drop-down menu will appear below the first one. Select 'Vmware Player 2.5.x'.

7.

Enter a name under 'Virtual machine details', choose a location to save the virtual machine, then click 'Next'.

8.

On the Windows version of VMware Converter, once Converter has finished analyzing the virtual machine, you will be presented with a window where you can change various VM options. Select 'Advanced options' then select the box 'Install VMware Tools on the imported virtual machine'. Click 'Next', then 'Finish'.

9.

Change to your download directory, make the VMware Player executable, and start the VMware Player installer and follow the wizard through the installation:

root@bt4:~# chmod 755 VMware-Player-2.5.2-156735.i386.bundle

root@bt4:~# ./VMware-Player-2.5.2-156735.i386.bundle

10.

Start VMware Player and boot the XP VM.

11.

Uninstall the "Virtual Machine Additions" using "Add Remove Programs" and install VMWare tools.

-------------------------------------------------------------------------------------

III) Removing GPO Settings

1.

Login to the XP machine. The Username for the image is "Renamed_Admin" and the password is P@ssw0rd123456.

2.

Right-click the following link and select 'Save As' to download the "Microsoft Fixit" (http://www.offensive-security.com/downloads/MicrosoftFixit50198.msi). Run the FixIt to reset the GPO settings. Reboot when done.

3.

Open a command prompt and issue the following commands: 

C:\>secedit /configure /db reset /cfg "c:\windows\security\templates\compatws.inf" /overwrite
C:\>del c:\windows\system32\grouppolicy\machine\registry.pol

4.

Reboot the VM for your changes to take effect.

----------------------------------------------------------------------------------------

IV) Uninstalling Patches

1.

Go into the Control Panel and select 'Switch to Classic View' on the left-hand side.

2.

Open 'Windows Firewall' and turn it 'Off'.

3.

Open 'Automatic Updates' and select 'Turn off Automatic Updates' so Windows doesn't undo our changes for us.

4.

Open 'Security Center', select 'Change the way Security Center alerts me' on the left-hand side and de-select all of the checkboxes. This will disable the annoying system tray pop-up notifications.

5.

Back in the Control Panel, open 'Add or Remove Programs'. Select the 'Show updates' checkbox at the top. This will display all of the software and security updates that have been installed.

6.

From the command line run the following command to uninstall all patches and reboot :

 C:\>dir /a /b c:\windows\$ntuninstallkb* > kbs.txt && for /f %i in (kbs.txt) do cd c:\windows\%i\spuninst && spuninst.exe /passive /norestart && ping -n 15 localhost > nul

7.

Reboot the VM to complete the un-installation process.

____________________________________________________________________________________________

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...