Configuring Your Target Machines
269
Setting Up a Vulnerable Windows XP Installation
To run the examples in this book, you will need to install a licensed copy of
Windows XP on a virtualization platform such as VMware. After you have
completed the installation, log in as Administrator, open the Control Panel,
switch to Classic View, and choose
Windows Firewall
. Select
Off
and click
OK
.
(This may seem unrealistic, but this scenario is more common than you might
imagine in large corporations.)
Next, open Automatic Updates and select
Turn off Automatic Updates
;
then click
OK
. You don’t want Windows to patch vulnerabilities as you’re
trying to learn how to exploit them.
Now configure your installation with a static IP address via the Network
Connections Control Panel. While not required, doing this will save you from
having to recheck the target address every time you launch an exploit.
Configuring Your Web Server on Windows XP
To make things interesting and provide for a larger attack surface, we’ll
enable some additional services.
1.
In the Control Panel, select
Add or Remove Programs
, and then select
Add/Remove Windows Components
. You should be looking at the
Windows Components Wizard
.
2.
Select the checkbox for
Internet Information Services (IIS)
and click
Details
. Then select the checkbox for
File Transfer Protocol (FTP) Service
and click
OK
. Conveniently enough, the FTP service allows anonymous
connections by default.
3.
Select the
Management and Monitoring Tools
checkbox and click
OK
.
By default, this installs the Simple Network Management Protocol (SNMP)
and Windows Management Interface (WMI) SNMP Provider.
4.
Click
Next
to complete the installation and reboot the machine for good
measure.
The combination of these steps adds different services that we test through-
out this book. The IIS server will allow you to run a website and can be down-
loaded from
http://www.secmaniac.com/files/nostarch1.zip
. The FTP service will
allow you to perform FTP-based attacks against the Windows system, and the
SNMP configuration will allow you to test auxiliary modules within Metasploit.
Building a SQL Server
Many database modules within Metasploit and Fast-Track target Microsoft
SQL Server, so you need to install SQL Server 2005 Express, available for free
from Microsoft. As of this writing, you can locate the non–service pack version
of SQL Server Express at
http://www.microsoft.com/.
To install SQL Server
Express, you will need to install Windows Installer 3.1 and the .NET Frame-
work 2.0. You can find links to the resources on this page, and all other URLs
referenced in this book, at
http://www.secmaniac.com/files/nostarch1.zip.