2024红队实战操作虚拟机制作.docx

设备摘要室内存16GB:序处理器86新CDDVD(SATA)自动检测IBUSB控制器存在匚显示器自动检测设备摘要里内存16GB处理器8©新CD/DVD(SATA)自动检测国USB控制器存在自动检测FD图形口加速3D图形监视器您将主机设贸用于监视器(V)O指定监视器设罡(5)：监视器数量(N)：任意监视窘的最大分辨率(M):红队实战操作虚拟机制作0x01虚拟机软件配置1 .使用当下最新版本VMWareWorkstationProe下载地址:https:WWW激活码：g。Ogle寻找2 .新建一个根据项目时间长短而定的硬件配置，例如：4核CPU、8G内存、60G硬盘,较长时间项目，可以参数加倍。将使用下列设置创建虚拟机：名称：Windows10×64位置：版本：Workstation17.5.x操作系统：Windows10×64硬盘：120GB,拆分内存：16384MB网络适配器：无其他设备：8个CPU内核，CD/DVD,USB控制器3 .卸载虚拟机上无关设备(声卡、摄像头、蓝牙以及系统完整完毕后的CD/DVD),并关闭加速3D图形硬件连接USB兼容性(0:USB3.1口显示所有USB愉入设备(三)I与虚拟机共享蓝牙设备(B)I44 .使用9H三USB有线网卡组网。通过虚拟机->可移动设备->xxxxx,来把USB网卡加载到指定虚拟机。5 .检杳虚拟机是否关闭共享文件夹、关闭时间同步、禁用Vne等选项。粘贴复制视情况而定。硬件选项设置摘要03常规Windows10×64A电源(3?共享文件夹已禁用3快照<5自动保护已禁用a客户机隔离访问控制未加密IFVMWareTools关闭时间同步三VNC连接已禁用ISBunity要设备视图出自动登录不可用国高级默认/默认Unity窗口效果口显示边框(B)口显示标志（八）在窗口边桩中使用自定义颜色(C)选择颜色（三）应用程序口启用应用程序菜单(E)设用摘要On常效Windows10x64A电源卬共享文件夹已禁用3快照<E)自动保护已禁用客户机隔离国启用拖放(Q)画启用复制粘贴(C)共享传感器输入口方向(Q)口动作(M)环境光（八）啕客户机隔高方访问控制未加密叵IVMwareTools关闭时间同步空VNe连接已禁用3Unity鳍设备视图为自动登录不可用回高级参认做认硬件选项0x02操作系统配置Win101 .镜像下载，自行选择版本，这里我选择的是：en2USWindoWSIOenterpriseItSC2021x64dvdd289cf96.isoISO:https:/massarave.dev/WindOWSItSClinks.html2 .在安装时选择：Windows10EnterpriseN1.TSC2021,原因如下：Windows10EnterpriseN1.TSC2021includesthesamefunctionalityasWindows10Enterprise1.TSC2021,exceptthatitdoesnotincludecertainmediarelatedtechnologies(e.g.,WindowsMediaPlayer,Camera,Music,Movies&TV)ortheSkypeapp.https:WWW.oo-O&OShutUplO+(Administrator)SearchFileActionsViewHelpCurrentUser1.ocalMachineSTATESCTTIhIGRECOMMENDeDPrivacyDisableandresetAdvertisingIDandinfoyesDisabletransmissionoftypinginformationyesDisablesuggestionsinthetimelineyesDisablesuggestionsinStartyesDisabletips,tricks,andsuggestionswhenusingWindowsyesDisableshowingsuggestedcontentintheSettingsappyesDisablethepossibilityofsuggestingtofinishthesetupofthedeviceyesDisableappnotificationslimitedDisableaccesstolocallanguageforbrowserslimitedDisabletextsuggestionswhentypingonthesoftwarekeyboardlimitedDisablesendingUR1.sfromappstoWindowsStorenoyes(三)OSOsoftwareDisablestorageofclipboardhistoryFindnewversionsathttps:/www.oo-software.m/https:QithU1.eDraaoX/Win-Debloat-ToolsSystemTweaksWinDebloatToolsv2023-11-22CustomizeSystemFeaturesSystemDebloatToolsWindowsUpdateEnableDarkThemeApplyTweaks EnableAutomaticWindowsUpdate EnableActivityHistoryUndoTweaks EnableBackgroundAppsRemoveMicrosoftEdgeOptionalFeaturesEnableClipboardHistoryRemoveOneOriveHyper-VRemoveXboxInternetExplorerEnableClipboardSyncAcrossDeViyEnableCortanaEnableHibernateEnable1.egacyContextMenurPrintins-PrintTopoFservices-FeoturesPrlntSnSXPSServkesfeaturesWindowsMediaPlayerWindowsSandboxEnableOldVolumeControlInstallSystemAppsTaskSchedulerEnableOnlineSpeechRecognitionEnablePhone1.inkEnablePhotoViewer EnableSearchAppforUnknownExt.DolbyAudioMicrosoftEdgeOneDhvePaint÷Paint3D FamilySafetyFeaturesServices WindowsSearchIndexingEnableTelemetryPhoneUnkWindowsCapabilitiesQuickAssistSoundRecorderPowerShellISETaskbarWidgetsMiscellaneousFeatures6.关闭杀软WindOWSdefender,组策略ComPUterconfiguration”Administrativetemplates»WindowsComponentsWindowsDefenderAntivirus,将TUITloffWindowsDefenderAntivirus设置为EnabledeJ1.ocWGroupPolicy(d<o<WeAcmmHdp*rm.Q?T.32jMDM2jMe*9ngJMi<rcwftaccountv二22Mt(MenderMClfltlnt*rfc:D*vcControlAEidutacm二MAPS:MactoeDcfnteEtplertGuerd二MP(C尹二NctMOrtcIrapectiOASytfem二QuMMtne_ReltnePrettction一ftemedt)onKcpctftF22Sc*»Ser<yIntcUt9enceUpdatesSfrem匚)Mkrowft(MendrApplicationGuard:MicrowftXtnd«rExploitGuardQJMcrowftEd9uMcretoftScondMyAUtfMrCFdo二Mcr«to<tUMrExpeh«nc«Vrtu4ttM>e二NtfMetbng2jNewsandinterests_2On<DfrrtZj0nkAsMU<e口OoetJPortaWeOptfMFSyrtem.Pr««rCft>onSettingsCJPUfhSie“I,Re11e<OnHcp$cwk«snRSSfMdt0MCPe代MCndef加XMuSTumoffMkrosoft(Mc*tfe<AMmRequrements:AtItMtWMovmVWUDe11pcc：Tbtspo*cyR9turnsoffKcwftXendefAAbfu.Kyowen>bkIMpc<*c>settingMkrMCiftDefendefAMraWusdoesnetrutK.ndwilnotu>nCCnllUtertform>reor(4h«fpc<ent>lunwarnedsc<twreWttan9_ClmIntW<c.:De*eControl二hchMomMAPS一MacrocAOafendttExp40tGuerd:Mp(ngr<一HtwoAlnpct>onSytlem二QurvX>ne一RMMePrctectMn二RefneM>ocRo<tM9fcn:Scur<yMfl9crUpdatesThreatsK>'ou的blthnpdk>>Mttm3Mroc*t04mtfeArtMmtwvrun，(9"改"VWc<befXistilledMilmtutp*oduc1.SUteIfyou8no<corjuretNsP«RySenm9WtMoATldtnMHymn9Mkrotoft(MndfAntninwWyouimuknothf*11tywspwwWtMo*4uto<nab<4ydMbtesMkfOKft(MndrAntninn.Oth4rMc,Mros<Odmde«AntESkmyu<computer3m2endetherPetefltiefyUM411tdK*t*rEfMbtcg"d<MtAf9ttwl时YymyIMdtourwxp<tdCfumppo<teXh9r.Itnreco*vnendedttyou5cthe*zv«44«w«otzmA*mH.：_Tumc£D*fMrtutitobypasspmysevtf:XZpcoyvto<cc6g(c)focconnectinggthen<two.:Dtf<p<oyfofc0nne<u9tothewtwe*.；_RandomoehedukdUfktm；C0nh9redetectionfo<pc<tm叫unwantedappl<M>om.：.AJIqwm11mUwtMiyicttorf<nanmng4k*wyTvSTTeTibtdMotconfiguredNotc0nf9redNot<o<vf*9cdNo<<00119ufedNotconfigtrtdMo<conf9trcdNotco<i<»9up«dNoNoNoNoNoNoNo重启一下，就关闭了defender。7.主机名和mac地址随机化处理（以管理员身份运行，并重启）A.主机名随机化#RandomComputerNameSrandomstr=-join(48.57)+(65.90)Get-Random-count7%char$_)$randomcomputerName="DESKTOP-"+SrandomStrRename-Computer-NewNameSrandomComputerName-Force-PassThruB.MaC地址随机化httDS：ess-SD00fer.bat不管是修改主机名还是MAC地址欺骗都需要重新系统。当然你也可以修改组策略，在每次关机前修改主机名和MaC地址，下次启动起来的时候正好生效。下图是随机主机名，mac地址需要修改上面的bat脚本，并加入关机执行。国1.ocalGroupPolicyEditorFileActionViewHelpI.为时日*IEl国1.ocalComputerPolicyv4ComputerConfiguration>SoftwareSettingsv二WindowsSettings_NameResolutionPolicy.Scripts(StartupZShutdown)>良SecuritySettingsJjlPolicy-basedQoS_AdministrativeTemplatesvaUserConfiguration.SoftwareSettings二WindowsSettings二AdministrativeTemplates恁JScripts(StartupZShutdown)ShutdownNameStartupDisplayPropert.esgShutdownDescription:Containscomputershutdownscripts.ShutdownProperties?XSaptsPowerSheIIScnptsWindowsPowerSheIShutdovwiScriptsfor1.ocalComputer0x03基础环境配置1. pytho3+PythOn2双环境PSC:Users3ohn>pythonPython2.7.18PSC:Users3ohn>cd.PSC:Users>pythonNoglobal/localpythonversionhasbeensetyet.Pleasesettheglobal/localversionbytyping:pyenvglobal3.7.4pyenvlocal3.7.4PSC:Users>cd.3ohnPSC:Users3ohn>cd.'Downloads'PSC:Users3ohn0ow11loads>pythonPython2.7.18PSC:Users3ohnDownloads>cdPSC:UsersJohn>pyenvlocal.nserPSCUsersJohn>pythonNoglobal/localpythonversionhasbeensetyet.Pleasesettheglobal/localversionbytyping：pyenvglobal3.7.4pyenvlocal3.7.4PSCzUsers9ohn>pyenvversions2.7.183.10.11PSCUsersJohn>pyenvlocal3.1.llPSCzUsers3ohn>pythonPython3.l.ll2. Java8+Java11+Java16三环境，配置一键切换脚本.VMw11*Pth¼Xt1r4mrf11wO"cl*J-119MC：8HeXM,c2orlejdfc>16.2C:BaseCnvX×J16.2OTMUJdk17.9CCWrwXK卅X7.O.0rulu-jdk*11.21C:BaxnvXKrulull.M.17<c«-fx-jdkll.t.2l*Mi11x64nd，W17.0Ct8三MavXKrulvl.4.lt.cfxJdk.11-Min«64nd，Wf192CABMefnvXKrulu.74.17.c-<-j<Mt.J92wi11xM3iaZ¾mnMJrnd1Mt1M11c*“5fMUiMamC>>n?一jOracleJDKQllA20https:AlJ)c×411yHMcKiMlvertionsC:WiMowfsystm12>jrw-versionOpenjAversiontt11.9.1M23T"VTSOPefo(XRuntlwInvironwntZulull.6a<17d(buildIX.ll*f-1.T5)OPMMM64ftltServerVRZulull.6tl7CA(buildn.e."tlTS.aixedaod)C:tfirx>owsVsystM2>iecvUsoracle-jdk-17.9JtnvisCMnflngyourefwironmntvariables.TltprocesscouldlongerbutIthtpp<ssfourdiyourfJtnvCtMnfMfortMcurrentshellwton.C三rfvlthisoverwrites-jww1oc1mC:Wluk)wssystMJ2>ava-versionJvwrtion17,.23JT“ITS3va(R)SiIUiRtiwEnvinnwnt(build17.lllTS-Ml)vH9tSp9t(TM)M-ltXErVM(buildedeod.Mrf<)C:MiMowssystMJ2>jnvlocalulu-Jfx.192J&rwitChenginfyourr,IrtraBMCvarlbl<t.TproctcouldtlonfrbwtithappensfoundinyourXthCtMiMow>syta3a11»owyourlocal,vvrt8"Bxvlu-)A<<.M2CIMiMowtyttwU2>java*vrlon)vvfion17.922T117ITSJave(DI)SRuntlMfnvlroMe11t(bvlld17.11-1.TS<21)HOtSpQt(TR)M>tt5<rvrVH(build17.11-ITS-M1.1WwdttMrlAg)C:MiMowtyta32>jnvuwrovJfrwischangingyour11vir0r三9ntvriblet.Tjtproc>couldfJongerbutithpp11<5fourd1yowMhY<mmWttSonHrwwasuntClwlMowt-vr>i<MOPenWversionl.0192"OpenJMurtlMtavi11)Mt(Zulu.74.17-CAwlf64)(buildi.w192-DM)Opl(M64BitSrvkVM(7w)u.74.17-CwlnM)(bull"""2bixdmod>C:wiIMtowstyt12>w3.WindowsTerminal+WS1.+Ubuntu22.04.2T1.SKWindowsRowerSheII×k命令提示符×Op«ntMt»OESKTOP×+VpentestDESKTOP-.$catetcissue.WindowsPowerSbeIIGrlSMt1Ubuntu22.U.21.TSnlF命令提示符Ctri*Slft42pentesteDESKTOP-:SAzureOoudShdlCtfuSwft+3Ubuntu22.0421.TSCtrUShiZ©iQBCtrK夕命令面板CtfUShIfUP?轩