Lab 1.

0: Setting Up the Virtual Machine Images

This document outlines the steps for setting up your Slingshot Linux and Windows 10 VMs and connecting them to the
class network.

Overview

SEC560 includes over 30 hands-on labs integrated into the course. Each lab teaches multiple lessons that are directly
useful in conducting real-world penetration tests and Red Team engagements.

The course media includes all the tools needed for every lab in the class. Many of the labs rely on the Slingshot Linux
distribution and the Windows 10 VM included in the course media. This lab provides detailed information for networking
the student's Windows machine as well as the course Slingshot Linux image.

1. Downloading the VM ISO file

You've already recieved an email and/or paperwork on downloading the course content. Follow the directions in the How
to Access your Digital SANS Course Materials instructions prior to completing these steps.

2. Open the .ISO

The SEC560 ISO contains the content you'll need for the class. If you open the .ISO file, it will mount as a new drive.

• Windows: Go to Explorer, and click on "This PC". Find the SEC560 drive under "Devices and drives".

• Mac: In Finder, go to "Volumes" and open the SEC560 volume.

Once you find the drive, copy the two .7z files to your desktop.

3. Install 7zip

This step will vary based on your host operating system.

Windows

In the SEC560 volume you opened, click utilites , then windows . Install 7zip using the exe installer.

Mac

In the SEC560 volume you opened, click utilites , then macos . Install Keka using the dmg installer.
Linux

Use your Linux's package manager to install p7z.

5. Extract the VMs

Extract the two 7z files you copied to your desktop. It should be as simple as double clicking the 7z files and following the
prompts to extract.

After the extractions are complete, go to the next step.

If Linux is your host OS

If using Linux as your host use the command line to extract the files:

7z x FILENAME

6. Windows Users Only (Skip if MacOS or Linux is your host OS)

To make the next step easier, enable file extensions. In your explorer Window, click View then check the box next to
File name extensions .

7. Open the VM

Extracting the 7z files created two new directories. In the GUI, open the folder for Slingshot. Double click on the .vmx file
(NOT .vmdk ) to open the the VM in VMware.

Do the same thing, but for the Windows 10 VM.

 8. Start the VMs

Workstation & Fusion Player (Windows and Linux Host OS)

Select the Slingshot VM in your VMware Workstation (player).

Click the play button next to "Power on this virtual machine".

Click I Copied It when prompted

Fusion (MacOS Host OS)

Select the VM in Fusion.

Click the Play button in the top right.

Click I Copied It when prompted

Repeat for the Windows VM

Credentials

The default credentials for both the Windows and Slingshot VMs are the same:

• Username: sec560

• Password: sec560

9. (OPTIONAL) Change Keyboard Layout

If you have a keyboard that is different than the US keyboard, follow the directions below to change your keyboard layout.

Windows

1. Open the Start Menu

2. Type the word "Language" (you don't need to click on anything first, just start typing)

3. Select "Regional & Language settings"

4. Scroll down in the new Windows

5. Click in the white space next to "English (United States)"

6. Click the "Options" button

7. Click the "Add a keyboard" button

8. Select your keyboard from the list

 9. Click the whitespace next to the "US" keyboard

10. Click the "Remove" button

11. Close the window

Slingshot Linux

1. Click on the "System" menu in the bar at the top of your VM

2. Click on Preferences | Hardware | Keyboard

3. Select the "Layouts" tab

4. Click the "+ Add" button

 Select your "Country" from the dropdown
5.
6. Select the correct option from the "Variants" dropdown

7. Click the "+ Add" button

8. Select the "English (US)" keyboard

9. Click "- Remove"

10. Close the window

10. Connect to the remote lab infrastructure

 Tip

"You will use the A target environment!"

Option 1: Within your Account Dashboard, select the My Labs link:

Option 2: While logged into your SANS account, please visit: https://connect.labs.sans.org.

Help

If you encounter problems, please speak to your instructor or email virtual-labs-support@sans.org.

11. Confirm connectivity

 Warning

You can only do this portion when connected to the VPN.

Windows

Open a command prompt and ping 10.130.10.10.

If the command is unsuccessful, ensure your network interface is properly configured.

Confirm the firewall is disabled by running the following below, making sure all the output lines say OFF:

 Command

netsh advfirewall show allprofiles | find /i "state"

 Expected Results

C:\windows\system32> netsh advfirewall show allprofiles | find /i "state"

State OFF

State OFF

State OFF

 If the firewall is not off! 

1. Launch an elevated prompt. To do this, click on the "Command Prompt - Run as Administrator" icon on the desktop. Note: The
icon text may be truncated.

2. Type the command below to disable the firewall:

netsh advfirewall set allprofiles state off

3. Confirm the firewall is indeed off by running the command:

netsh advfirewall show allprofiles | find /i "state"

Linux

Open the Terminal and ping 10.130.10.10.

  Command

ping -c 4 10.130.10.10

 Expected Results

sec560@slingshot:~$ ping -c 4 10.130.10.10

PING 10.130.10.10 (10.130.10.10) 56(84) bytes of data.
64 bytes from 10.130.10.10: icmp_seq=1 ttl=128 time=0.467 ms
64 bytes from 10.130.10.10: icmp_seq=2 ttl=128 time=0.297 ms
64 bytes from 10.130.10.10: icmp_seq=3 ttl=128 time=0.277 ms
64 bytes from 10.130.10.10: icmp_seq=4 ttl=128 time=0.334 ms

--- 10.130.10.10 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3080ms
rtt min/avg/max/mdev = 0.277/0.343/0.467/0.077 ms

If the command is unsuccessful, ensure your network interface is properly configured.

Confirm Connectivity between your VMs

1. Find your Linux IP address by running ip -br a show dev eth0 from the terminal.

2. In Windows, ping your Linux IP address.

3. Find your Windows IP address by running ipconfig from the command prompt.

4. In Linux, ping your Windows IP address.

12. Take a Snapshot

Note: If you are using VMware Workstation Player, you will not be able to perform this step.

Windows / VMware Workstation

1. Click Virtual Machines in the VMware Host Client inventory.

2. Click the take snapshot button, it looks like a clock with a plus.
 3. Enter a name for the snapshot. And click "Take Snapshot".

To revert to a snapshot, click the icon with the clock and the left arrow.

MacOS / Fusion

1. Click Virtual Machines in the VMware Host Client inventory.

2. Right-click a virtual machine from the list and select Snapshots.

 Click the camera icon in the top right.
3.

4. Enter a name for the snapshot. And click "Take".

To revert to a snapshot, go to the same menu and double click on a snapshot.

Conclusion

In this lab, we've seen how to extract and configure the Slingshot Linux and Windows 10 image for the 560 course. These
images include all of the tools we'll be using for the class.

• Linux - The tools needed for the class are installed in the /opt directory.

• Windows - The tools needed for the class are installed in the C:\tools directory. There is a link to this directory on
the desktop.

This completes the configuration of your Windows 10 VM and your Slingshot Linux VM for access to networked resources.