background image

Configuring Your Target Machines

269

Setting Up a Vulnerable Windows XP Installation

To run the examples in this book, you will need to install a licensed copy of 
Windows XP on a virtualization platform such as VMware. After you have 
completed the installation, log in as Administrator, open the Control Panel, 
switch to Classic View, and choose 

Windows Firewall

. Select 

Off

 and click 

OK

(This may seem unrealistic, but this scenario is more common than you might 
imagine in large corporations.)

Next, open Automatic Updates and select 

Turn off Automatic Updates

then click 

OK

. You don’t want Windows to patch vulnerabilities as you’re 

trying to learn how to exploit them.

Now configure your installation with a static IP address via the Network 

Connections Control Panel. While not required, doing this will save you from 
having to recheck the target address every time you launch an exploit.

Configuring Your Web Server on Windows XP

To make things interesting and provide for a larger attack surface, we’ll 
enable some additional services.

1.

In the Control Panel, select 

Add or Remove Programs

, and then select 

Add/Remove Windows Components

. You should be looking at the 

Windows Components Wizard

.

2.

Select the checkbox for 

Internet Information Services (IIS)

 and click 

Details

. Then select the checkbox for 

File Transfer Protocol (FTP) Service

 

and click 

OK

. Conveniently enough, the FTP service allows anonymous 

connections by default.

3.

Select the 

Management and Monitoring Tools

 checkbox and click 

OK

By default, this installs the Simple Network Management Protocol (SNMP) 
and Windows Management Interface (WMI) SNMP Provider.

4.

Click 

Next

 to complete the installation and reboot the machine for good 

measure.

The combination of these steps adds different services that we test through-

out this book. The IIS server will allow you to run a website and can be down-
loaded from 

http://www.secmaniac.com/files/nostarch1.zip

. The FTP service will 

allow you to perform FTP-based attacks against the Windows system, and the 
SNMP configuration will allow you to test auxiliary modules within Metasploit.

Building a SQL Server

Many database modules within Metasploit and Fast-Track target Microsoft 
SQL Server, so you need to install SQL Server 2005 Express, available for free 
from Microsoft. As of this writing, you can locate the non–service pack version 
of SQL Server Express at 

http://www.microsoft.com/. 

To install SQL Server 

Express, you will need to install Windows Installer 3.1 and the .NET Frame-
work 2.0. You can find links to the resources on this page, and all other URLs 
referenced in this book, at 

http://www.secmaniac.com/files/nostarch1.zip.