# Setting Up Home Lab ## Preamble This begins as a desire to set up a home lab where I could practice, and later, teach this style of setup and Active Directory Penetration Testing. Inspiration came from DerronC's [video](https://youtu.be/ael3g9RIX-U?si=Ah3n0HE54tBXFh4C). The initial plan was to install ESXi as a VM on VMware Workstation and then virtualise the AD cyber range in ESXi using DerronC's topography.  However, ESXi proved to be challenging in terms of compatiblity with detecing storage, storage drivers and other options (I probably shouldn't be using a decade-old SATA HDD... but still🤪). After 2 days of mucking about with ESXi (since the networking aspect seemed easy -> **Foreshadowing!**) I decided to switch over and try Proxmox. With Proxmox, I decided to install it on bare-metal, just the way nature intended it. And after some finagling that greyed more than a few hairs (I didn't know that getting multiple networks up within Proxmox was going to be an absolute pain in the ass), we ended up with a network diagram that looks somewhat like this:  The greatest thing about this network diagram is that I forgot to save it properly and am going to have to recreate it for when I add things to the range. Lucky me. On the [bright side](https://www.youtube.com/watch?v=L2Wx230gYJw), this means I can make a better network diagram. Anyway, on to the setup portion. ## Hardware - Beelink SER5 Mini PC ```zsh Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 48 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 12 On-line CPU(s) list: 0-11 Vendor ID: AuthenticAMD BIOS Vendor ID: Advanced Micro Devices, Inc. Model name: AMD Ryzen 5 5560U with Radeon Graphics BIOS Model name: AMD Ryzen 5 5560U with Radeon Graphics Unknown CPU @ 2.3GHz BIOS CPU family: 107 CPU family: 25 Model: 80 Thread(s) per core: 2 Core(s) per socket: 6 Socket(s): 1 Stepping: 0 CPU(s) scaling MHz: 36% CPU max MHz: 4062.0000 CPU min MHz: 400.0000 ``` - 1TB NVMe SSD - 32GB DDR4 RAM - AMD Ryzen 5 5560U CPU - 6 Cores - 12 Threads ## Installing Proxmox - Downloaded PVE v8 - Flashed to USB using Balena Etcher - Installed on Beelink SER5 Do not be like me. Remember to reset the boot order to boot from the disk and not the USB. Otherwise, you might face an "error" where you think the reinstall failed and you reinstall proxmox MULTIPLE times. ## Accessing PVE Web UI from anywhere - Acquired a domain name from namecheap - Used NetworkChuck's Tutorial to setup a [Zero Trust Cloudflare tunnel](#CloudflareSetup) so I can access my PVE Web UI relatively safely from anywhere. ## Networking - Used 0xBEN's guides - Removed Linux Bridge vmbr0 and replaced it with OVS Bridge vmbr0 - Used OVS IntPorts for vlan subnetting ## Configurations VLAN Configurations - WAN: - vtnet0 - 192.168.1.101/24 - LAN: - vtnet1 - 10.0.0.0/24 - Addr. Pool 10.0.0.11 - 10.0.0.244 - OPT1: - vtnet1.666 - 10.6.6.0/24 - Addr. Pool 10.6.6.11 - 10.6.6.244 - OPT2: - vtnet1.999 - 10.9.9.0/24 - Addr. Pool 10.9.9.11 - 10.9.9.244 Firewall Aliases - RFC1918 - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 - 169.254.0.0/16 - 127.0.0.0/8 - Kali - 10.0.0.2 Network Regions - WAN - Connect main network to router - LAN - Internal Network administered by pfSense - OPT1: SEC_EGRESS - Internet-facing insecure VMs - OPT2: SEC_ISOLATED - Isolated Insecure VMs Firewall Rules - WAN - Allow access to pfSense Web Console - FROM: WAN Subnets - TO: This Firewall (self) - Allow Home Network to Internal LAN - FROM: WAN Subnets - TO: LAN Subnets - SEC_EGRESS - Allow pakcets to Local Gateway - FROM: SEC_EGRESS Subnets - TO: SEC_EGRESS Address - Allow pakcets to Kali VM - FROM: SEC_EGRESS Subnets - TO: Kali (Alias) - Allow pakcets to Internet - FROM: SEC_EGRESS Subnets - TO: !RFC1918 (Alias) - Block everything else - FROM: Any - TO: Any - SEC_ISOLATED - Allow packets to Kali VM - FROM: SEC_ISOLATED Subnets - TO: Kali (Alias) ## pivot machine setup Vulnerable app  Priv Esc app  Web server  Sysinternals Autologon  ## DC setup - Create Usernames - Add to groups - i.e. lord_business to IT Admins and Domain Admins - Create ASREProastable accounts by disabling preauth - Kerbroastable account - `Set-ADUser -Identity "svc_iis" -ServicePrincipalNames @{Add="HTTP/webserver.oscp.lab"}` - We can double check this with `setspn -l svc_iis`  - Create folder backups in C drive - Share folder - In Security settings disable inheritance  - Remove Users  - Add Service Accounts group, and give modify permissions  ## Instructionals and Sources Here be the different sources I used that led to success in what I wanted to achieve. - [TechHut's Pi-Hole Tutorial](https://youtu.be/xtMFcVx3cHU?si=3IHajDBYzHgumCSq) - <a name="CloudflareSetup">[NetworkChuck's CloudFlare tutorial](https://youtu.be/ey4u7OUAF3c?si=wvFg59-zgbtORCtr) - Some things are outdated, like where cloudflare has their Zero Trust options. But the main idea is still the same.</a> - Various videos from Learn Linux TV's great [Proxmox Full Course](https://youtube.com/playlist?list=PLT98CRl2KxKHnlbYhtABg6cF50bYa8Ulo&si=SAecMC7oYrJA5dWL) - The single best resource that answered most of my problems was this series of guides by [0xBEN](https://benheater.com/) - [Proxmox VE 8: Converting a Laptop into a Bare Metal Server](https://benheater.com/bare-metal-proxmox-laptop/) - [Creating a pfSense Firewall for our lab](https://benheater.com/proxmox-lab-pfsense-firewall/) - [Creating a Kali Linux VM](https://benheater.com/proxmox-lab-kali-linux-vm/) - [Proxmox Troubleshooting](https://benheater.com/proxmox-lab-troubleshooting-proxmox/) - [Running Windows Guests in Proxmox](https://benheater.com/proxmox-lab-windows-guest-best-practices/) - [Adding an Active Directory Forest to Our Proxmox Lab](https://benheater.com/proxmox-lab-active-directory-lab/) - [Hacking the AD Lab](https://benheater.com/hack-your-proxmox-ad-lab/) Answered all my issues with subnetting and vlans and bridging ❤️❤️❤️.