Class type - Ethical hacking

Author: spelluru

articles/lab-services/TOC.yml

@@ -78,6 +78,8 @@
       href: classroom-labs/class-type-deep-learning-natural-processing.md
     - name: Shell scripting on Linux
       href: classroom-labs/class-type-shell-scripting-linux.md
+    - name: Ethical hacking
+      href: classroom-labs/class-type-ethical-hacking.md
   - name: Classroom labs
     items: 
     - name: Create and configure lab accounts (lab account owner)
@@ -90,6 +92,8 @@
         href: classroom-labs/how-to-connect-peer-virtual-network.md
       - name: Attach or detach a shared image gallery
         href: classroom-labs/how-to-attach-detach-shared-image-gallery.md
+      - name: Enable nested virtualization on a template VM
+        href: classroom-labs/how-to-enable-nested-virtualization-template-vm.md
     - name: Create and configure classroom labs (instructor)
       items:        
       - name: Create and manage classroom labs

articles/lab-services/classroom-labs/class-type-ethical-hacking.md

@@ -0,0 +1,142 @@
+---
+title: Set up an Ethical Hacking lab with Azure Lab Services | Microsoft Docs
+description: Learn how to set up a lab using Azure Lab Services to teach ethical hacking. 
+services: lab-services
+documentationcenter: na
+author: spelluru
+manager: 
+editor: ''
+
+ms.service: lab-services
+ms.workload: na
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 10/04/2019
+ms.author: spelluru
+
+---
+
+# Set up a lab to teach shell scripting on Linux
+This article shows you how to set up a class that focuses on forensics side of ethical hacking. Penetration testing, a practice used by the ethical hacking community, occurs when someone attempts to gain access to the system or network to demonstrate vulnerabilities that a malicious attacker may exploit. 
+
+In an ethical hacking class, students can learn modern techniques for defending against vulnerabilities. Each student gets a Windows Server host virtual machine that has two nested virtual machines – one virtual machine with **Metaspoiltable** image and another machine with [Kali Linux](https://www.kali.org/) image. The Metasploitable virtual machine is used for exploiting purposes and Kali virtual machine provides access to the tools needed to execute forensic tasks.
+
+This article has two main sections. The first section covers how to create the classroom lab. The second section covers how to create the template machine with nested virtualization enabled and with the tools and images needed. In this case, a Metasploitable image and a Kali Linux image on a machine that has Hyper-V enabled to host the images.
+
+## Lab configuration
+To set up this lab, you need an Azure subscription to get started. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/) before you begin. Once you get an Azure subscription, you can either create a new lab account in Azure Lab Services or use an existing account. See the following tutorial for creating a new lab account: [Tutorial to setup a lab account](tutorial-setup-lab-account.md).
+
+Follow [this tutorial](tutorial-setup-classroom-lab.md) to create a new lab and then apply the following settings:
+
+| Virtual machine size | Image |
+| -------------------- | ----- | 
+| Medium (Nested Virtualization) | Windows Server 2019 Datacenter |
+
+## Template machine 
+
+After the template machine is created, start the machine and connect to it to complete the following three major tasks. 
+ 
+1. Set up the machine for nested virtualization. It enables all the appropriate windows features, like Hyper-V, and sets up the networking for the Hyper-V images to be able to communicate with each other and the internet.
+2. Set up the [Kali](https://www.kali.org/) Linux image. Kali is a Linux distribution that includes tools for penetration testing and security auditing.
+3. Set up the Metasploitable image. For this example, the [Metasploitable3](https://github.com/rapid7/metasploitable3) image will be used. This image is created to purposely have security vulnerabilities.
+
+    ![Overall image](../media/class-type-ethical-hacking/overall-image.png)
+
+### Prepare template machine for nested virtualization
+Follow instructions in [this article](how-to-enable-netsted-virtualization-template-vm.md) to prepare your template virtual machine for nested virtualization. 
+
+### Set up a nested virtual machine with Kali Linux Image
+Kali is a Linux distribution that includes tools for penetration testing and security auditing.
+
+1. Download image from [https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/](https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/).  
+    1. Download the **Kali Linux Hyper-V 64 Bit** for Hyper-V.
+    1. Extract the .7z file.  If you don’t already have 7 zip, download it from [https://www.7-zip.org/download.html](https://www.7-zip.org/download.html). Remember the location of the extracted folder as you'll need it later.
+2. Open **Hyper-V Manager** from Administrative Tools.
+1. Select **Action**, and then select **Import Virtual Machine**. 
+1. On the **Locate Folder** page of the **Import Virtual Machine** wizard, choose the location of the extracted folder that holds the Kali Linux image.
+
+    ![Locate Folder dialog](../media/class-type-ethical-hacking/locate-folder.png)
+1. On the **Select Virtual Machine** page, select the Kali Linux image.  In this case, the image is **kali-linux-2019.3-hyperv**.
+
+    ![Select Kali image](../media/class-type-ethical-hacking/select-kali-image.png)
+1.  On the **Choose Import Type** page, select **Copy the virtual machine (create a new unique ID)**.
+
+    ![Choose import type](../media/class-type-ethical-hacking/choose-import-type.png)
+1. Accept the default settings on **Choose Folders for Virtual Machine Files** and **Choose Folders to Store Virtual Hard Disks** pages, and then select **Next**.
+1. On the **Connect Network** page, choose **LabServicesSwitch** created earlier in the **Prepare Template for Nested Virtualization** section of this article, and then select **Next**.
+
+    ![Connect network page](../media/class-type-ethical-hacking/connect-network.png)
+1. Select **Finish** on the **Summary** page. Wait until copy and importing operations are completed. The Kali Linux virtual machine will now be available in Hyper-V.
+1. From **Hyper-V Manager**, choose **Action** -> **Start**, then choose **Action** -> **Connect** to connect to the virtual machine.  
+12.	The default username is `root` and the password is `toor`. 
+
+    > [!NOTE]
+    > If you need to unlock the image, press the CTRL key and drag the mouse upwards.
+
+## Set up a nested virtual machine with Metasploitable Image  
+The Rapid7 Metasploitable image is an image purposely configured with security vulnerabilities. You'll use this image to test and find issues. The following instructions show you how to use a pre-created Metasploitable image. However, if a newer version of the Metasploitable image is needed, see [https://github.com/rapid7/metasploitable3](https://github.com/rapid7/metasploitable3).
+
+1. Navigate to [https://information.rapid7.com/download-metasploitable-2017.html](https://information.rapid7.com/download-metasploitable-2017.html). Fill out the form to download the image and select the **Submit** button.
+1. Select the **Download Metasploitable Now** button.
+1. When the zip file is downloaded, extract the zip file, and remember the location.
+1. Convert the extracted vmdk file to a vhdx file so that you can use with Hyper-V. To do so, open PowerShell with administrative privileges and navigate to the folder where the vmdk file resides, and follow these instructions:
+    1. Download the [Microsoft Virtual Machine Converter](https://www.microsoft.com/download/details.aspx?id=42497), and run mvmc_setup.msi file when prompted.
+    1. Import the PowerShell module.  The default location in which the module is installed is C:\Program Files\Microsoft Virtual Machine Converter\
+
+        ```powershell
+        Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1'
+        ```
+    1. Convert the vmdk to a vhd file that can be used by Hyper-V. This operation may take several minutes.
+    
+        ```powershell
+        ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath .\Metasploitable.vmdk -DestinationLiteralPath .\Metasploitable.vhdx -VhdType DynamicHardDisk -VhdFormat vhdx
+        ```
+    1. Copy the newly created metasploitable.vhdx to C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\. 
+1. Create a new Hyper-V virtual machine.
+    1. Open **Hyper-V Manager**.
+    1. Choose **Action** -> **New** -> **Virtual Machine**.
+    1. On the **Before You Begin** page of the **New Virtual Machine Wizard**, click **Next**.
+    1. On the **Specify Name and Location** page, enter **Metasploitable** for the **name**, and select **Next**.
+
+        ![New VM image wizard](../media/class-type-ethical-hacking/new-vm-wizard-1.png)
+    1. On the **Specify Generation** page, accept the defaults, and select **Next**.
+    1. On the **Assign Memory** page, enter **512 MB** for the **startup memory**, and select **Next**. 
+
+        ![Assign memory page](../media/class-type-ethical-hacking/assign-memory-page.png)
+    1. On the **Configure Networking** page, leave the connection as **Not Connected**. You'll set up the network adapter later.
+    1. On the **Connect Virtual Hard Disk** page, select **Use an existing virtual hard disk**. Browse to the location for the **metasploitable.vhdx** file created in the previous step, and select **Next**. 
+
+        ![Connect virtual network disk page](../media/class-type-ethical-hacking/connect-virtual-network-disk.png)
+    1. On the **Completing the New Virtual Machine Wizard** page, and select **Finish**.
+    1. Once the virtual machine is created, select it in the Hyper-V Manager. Don't turn on the machine yet.  
+    1. Choose **Action** -> **Settings**.
+    1. On the **Settings for Metasploitable** dialog for, select **Add Hardware**. 
+    1. Select **Legacy Network Adapter**, and select **Add**.
+
+        ![Network adapter page](../media/class-type-ethical-hacking/network-adapter-page.png)
+    1. On the **Legacy Network Adapter** page, select **LabServicesSwitch** for the **Virtual Switch** setting, and select **OK**. LabServicesSwitch was created when preparing the template machine for Hyper-V in the **Prepare Template for Nested Virtualization** section.
+
+        ![Legacy Network adapter page](../media/class-type-ethical-hacking/legacy-network-adapter-page.png)
+    1. The Metasploitable image is now ready for use. From **Hyper-V Manager**, choose **Action** -> **Start**, then choose **Action** -> **Connect** to connect to the virtual machine.  The default username is **msfadmin** and the password is **msfadmin**. 
+
+
+The template is now updated and has images needed for an ethical hacking penetration testing class, an image with tools to do the penetration testing and another image with security vulnerabilities to discover. The template image can now be published to the class. Select the **Publish** button on template page to publish the template to the lab.
+  
+
+## Cost  
+If you would like to estimate the cost of this lab, you can use the following example: 
+ 
+For a class of 25 students with 20 hours of scheduled class time and 10 hours of quota for homework or assignments, the price for the lab would be: 25 students * (20 + 10) hours * 55 Lab Units * 0.01 USD per hour = 412.50. FOr more details on pricing, see [Azure Lab Services Pricing](https://azure.microsoft.com/pricing/details/lab-services/).
+
+## Conclusion
+This article walked you through the steps to create a lab for ethical hacking class. It includes steps to set up nested virtualization for creating two virtual machines inside the host virtual machine for penetrating testing.
+
+## Next steps
+Next steps are common to setting up any lab:
+
+- [Add users](tutorial-setup-classroom-lab.md#add-users-to-the-lab)
+- [Set quota](tutorial-setup-classroom-lab.md#set-quotas-for-users)
+- [Set a schedule](tutorial-setup-classroom-lab.md#set-a-schedule-for-the-lab) 
+- [Email registration links to students](tutorial-setup-classroom-lab.md#send-an-email-with-the-registration-link). 
+

articles/lab-services/classroom-labs/how-to-enable-netsted-virtualization-template-vm.md

@@ -0,0 +1,75 @@
+---
+title: Enable nested virtualization on a template VM in Azure Lab Services | Microsoft Docs
+description: Learn how to Enable nested virtualization on a template VM in Azure Lab Services. 
+services: lab-services
+documentationcenter: na
+author: spelluru
+manager: 
+editor: ''
+
+ms.service: lab-services
+ms.workload: na
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: article
+ms.date: 10/04/2019
+ms.author: spelluru
+
+---
+# Enable nested virtualization on a template virtual machine in Azure Lab Services
+This article covers how to set up nested virtualization on a template virtual machine in Azure Lab Services. Nested virtualization is used in Azure Lab Services when each student in a class requires multiple machines.
+ 
+## Considerations
+Before setting up a lab with nested virtualization, here are a few things to take into consideration.
+
+1. When creating a new lab, select **Medium (Nested Virtualization)** or **Large** sizes for the virtual machine size. These virtual machine sizes support nested virtualization.  
+1. Choose a size that will provide good performance for both the host and client virtual machines.  Remember, when using virtualization, the size you choose must be adequate for not just one machine, but the host as well as any client machines that must be run concurrently.
+1. Client virtual machines will not have access to Azure resources, such as DNS servers on the Azure virtual network.  
+1. Host virtual machine requires setup to allow for the client machine to have internet connectivity. 
+1. Client virtual machines are licensed as independent machines. See [Microsoft Licensing](https://www.microsoft.com/licensing/default) for information about licensing for Microsoft operation systems and products. Check licensing agreements for any other software being used before setting up the template machine.
+
+## Set up a template VM to enable nested virtualization
+The steps in this section focus on setting up nested virtualization for Windows Server 2016 or Windows Server 2019. You will use a script to set up template machine with Hyper-V. For an automated solution, see scripts at [Lab Services Hyper-V Scripts](https://github.com/Azure/azure-devtestlab/tree/master/samples/ClassroomLabs/Scripts/HyperV). The following steps will walk you through how to use the script.
+
+1. If you're using Internet Explorer, you may have to add `https://github.com` to the trusted sites list. 
+    1. Open Internet Explorer.
+    1. Select the gear icon, and choose **Internet options**.  
+    1. When the **Internet Options** dialog appears, select **Security**, select **Trusted Sites**, click **Sites** button.
+    1. When the **Trusted sites** dialog appears, add `https://github.com` to the trusted websites list, and select **Close**.
+
+        ![Trusted sites](../media/how-to-enable-nested-virtualization-template-vm/trusted-sites-dialog.png)
+1.  Download the Git repository files as outlined in the following steps.  Alternatively, the Git repository can be cloned from [https://github.com/Azure/azure-devtestlab.git](https://github.com/Azure/azure-devtestlab.git). 
+    1. Go to  [https://github.com/Azure/azure-devtestlab/](https://github.com/Azure/azure-devtestlab/).
+    1. Click the ***Clone or Download** button.
+    1. Click **Download ZIP**.
+    1. Extract the ZIP file
+1. Launch **PowerShell** in **Administrator** mode.
+1. In the PowerShell window, navigate to the folder with the downloaded script. If you're navigating from the top folder of the repository files, the script is located at `azure-devtestlab\samples\ClassroomLabs\Scripts\HyperV\`.
+1. You may have to change the execution policy to successfully run the script. Run the following command:
+    
+    ```powershell
+    Set-ExecutionPolicy bypass -force 
+    ```
+1. Run the script:
+    
+    ```powershell
+    .\SetupForNestedVirtualization.ps1
+    ```
+
+    > [!NOTE]
+    > The script may require the machine to be restarted. Follow instructions from the script and re-run the script until **Script completed** is seen in the output.
+1. Don’t forget to reset the execution policy. Run the following command: 
+
+    ```powershell
+    Set-ExecutionPolicy default -force
+    ```
+
+## Conclusion
+Now your template machine is ready to create Hyper-V virtual machines. See [Create a Virtual Machine in Hyper-V](/windows-server/virtualization/hyper-v/get-started/create-a-virtual-machine-in-hyper-v) for instructions on how to create Hyper-V virtual machines. Also, see [Microsoft Evaluation Center](https://www.microsoft.com/evalcenter/) to check out available operating systems and software.  
+
+## Next steps 
+See the following articles:
+
+- [How to enable nested virtualization in an Azure VM](../../virtual-machines/windows/nested-virtualization.md) 
+- [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
+- [Lab Services Hyper-V scripts](https://github.com/Azure/azure-devtestlab/tree/master/samples/ClassroomLabs/Scripts/HyperV)