banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。

Setting up a domain environment for the game of active directory (GOAD)

The second version of "Game Of Active directory", project address: https://github.com/Orange-Cyberdefense/GOAD

The domain target environment installs 5 Windows instances (three DCs and two regular domain hosts) through vagrang, as shown in the topology diagram:

image

Some roadmaps provided by the official (vulnerability points):

  • Password-reuse-between-computer-(PTH)
  • Spray-User=-Password
  • Password-in-description
  • SMB-share-anonymous
  • SMB-not-signed
  • Responder
  • Zerologon
  • Windows-defender
  • ASREPRoast
  • Kerberoasting
  • AD-Acl-abuse
  • Unconstraint-delegation
  • Ntlm-relay
  • Constrained-delegation
  • Install-MSSQL
  • MSSQL-trusted-link
  • MSSQL-impersonate
  • Install-IIS
  • Upload-asp-app
  • Multiples-forest
  • Anonymous-RPC-user-listing
  • Child-parent-domain
  • Generate-certificate-and-enable-ldaps
  • ADCS---ESC-1/2/3/4/6/8
  • Certifry
  • Samaccountname/nopac
  • Petitpotam-unauthent
  • Printerbug
  • Drop-the-mic
  • Shadow-credentials
  • Mitm6
  • Add-LAPS
  • GPO-abuse
  • Add-Webdav
  • Add-RDP-bot
  • Add-full-proxmox-integration
  • Add-Gmsa-(receipe-created)
  • Add-azure-support
  • Refactoring-lab-and-providers
  • Protected-Users
  • Account-is-sensitive
  • Add-PPL
  • Add-Gmsa
  • Groups-inside-groups
  • Shares-with-secrets-(all,-sysvol)

pentest_ad_dark_2023_02

Original image:

https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg

Host environment#

Virtual machine based on the targetVMware
Operating systemUbuntu 22.04
Allocated memory24G
Disk space500G

01 Install Ubuntu#

The first step is to install an Ubuntu 22.04 virtual machine based on VMware. The following steps are based on this Ubuntu 22.04 virtual machine.

02 Update#

sudo apt update
sudo apt upgrade

03 Install VirtualBox#

sudo apt install virtualbox

04 Install Vagrant#

wget https://releases.hashicorp.com/vagrant/2.2.19/vagrant_2.2.19_x86_64.deb
sudo apt install ./vagrant_2.2.19_x86_64.deb
vagrant --version

05 Install Python#

sudo apt install python3-pip
pip3 --version

06 Install Python virtual environment#

sudo apt install python3-venv

07 Clone the GOAD V2 repository#

Git tool needs to be installed first

sudo apt-get install git-all

Clone to the user's home directory

cd ~/
git clone https://github.com/Orange-Cyberdefense/GOAD.git

08 Create a Python virtual environment#

python3 -m venv venvGOAD

09 Activate the virtual environment#

cd GOAD/ansible
source ~/venvGOAD/bin/activate

10 Install the Ansible module#

pip install ansible-core
#or 
python3 -m pip install ansible-core==2.12.6

11 Install pywinrm#

pip install pywinrm

12 Install Galaxy dependencies#

ansible-galaxy install -r requirements.yml

13 System installation#

Before installation, you can use the goad.sh script in the GOAD directory to check if the environment is ready

./goad.sh -t check -l GOAD -p virtualbox -m local

Here are the solutions to some installation problems

Problem 1: Proxy

1. ERROR: Could not install packages due to an OSError: Missing dependencies for SOCKS support.
2. fatal: [srv03]: UNREACHABLE! => {"changed": false, "msg": "ssl: Missing dependencies for SOCKS support.", "unreachable": true}

If you encounter socks-related issues, you need to disable the proxy. Since you need to install the operating system, if you use the domestic network to pull, the speed will be very slow. So I set up a proxy in Ubuntu, so that the download speed of the operating system is very fast. You can temporarily turn it off first, and then turn on the proxy when the download speed of the system is too slow.

Solution:

unset ALL_PROXY 
unset all_proxy

Problem 2: VMware does not support virtualization

image

Solution:

You can refer to: Solve the problem that the virtual machine VM opens the virtualization Intel-VT-x/EPT or AMD-V/RVI(V) and the computer blue screens or displays that this platform does not support virtualization

This is because the installation of Docker and Hyper-V on the host system conflicts, so you need to disable the relevant functions of Hyper-V

You can use the following command to check if the virtual machine supports KVM virtualization

sudo apt install -y cpu-checker
sudo kvm-ok

If it is the following output, then it supports KVM and will not report this error

image

If it is a different result, please refer to the above article to resolve it, that is, the following steps

  1. Disable some virtualization functions, and also turn off Hyper-V

image

  1. Disable related services

image

  1. In the virtual machine settings-Processor-Virtualization Engine, select the following options

image

Problem 3: 'base' could not be found

default: Box 'base' could not be found. Attempting to find and install…

Solution:

Go to ~/GOAD/ad/GOAD/provider/virtualbox and execute vagrant up

image

Problem 4: Memory issue

If the pulled system exits abnormally, it means that the memory is not enough

If none of the above problems occur, then start installing the target machine environment, as above

Go to ~/GOAD/ad/GOAD/provider/virtualbox and execute vagrant up

Note: If the speed is too slow, use a proxy

If you have Clash running on your host, you can specify the IP of the host plus port 7890 in the proxy in the network settings of Ubuntu.

14 Celebrate#

After two nights of hard work, I finally see the following results 😭

image

15 References#

Video:
https://www.youtube.com/watch?v=haiTcZpqdQg

Articles:
https://mayfly277.github.io/posts/GOADv2/
https://github.com/quincyntuli/GOAD-v2-Installation-Notes
https://github.com/Orange-Cyberdefense/GOAD

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.