Finding Clean Windows ISOs

Throughout Offensive Security's CTP course you may find yourself wanting to build your own home lab with old Windows VMs. I found it difficult to locate Windows ISOs that were both untouched and of the exact version I wanted. This is a method I found to be effective.

  1. Identify the OS and Build you want by running 'winver'. In this example, the OS is Server 2003 and the build number shows:
    3790.srv03_sp1_rtm.050324-1447

  2. By searching for that here we find that the build number corresponds with the only release of SP1 recorded in the wiki and that it was compiled 2005-03-24.

  3. Taking this information I then went to a MSDN archive site, filtered by english for our OS and then selected a SP1 entry from around the same period. This gives us two pieces of information:
    en_windows_server_2003_sp1.iso - dc8dff428406c36412973b036a6451db224ee59e

  4. Search for the filename with search quotes and you'll eventually find a download source from some sketchy website (doesn't matter because we have a checksum to verify against).

  5. Once the download is finished simply verify the integrity of the ISO (example command using shasum on Linux).
    shasum en_windows_server_2003_sp1.iso

Let me know if you have a better way cause this is still mildly painful...