GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → xbufu → ADLab

xbufu / ADLab

Licence: MIT license
Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.

Programming Languages

powershell
5483 projects

Labels

labactivedirectorypowershell-module

Projects that are alternatives of or similar to ADLab

okd4-upi-lab-setup
Building an OKD 4 Home Lab
Stars: ✭ 72 (-49.65%)
Mutual labels:  lab
PSSystemAdministrator
A PowerShell module for managing users and computers and gathering information in a Windows Active Directory environment.
Stars: ✭ 59 (-58.74%)
Mutual labels:  powershell-module
mongodb-3.6-hols
MongoDB 3.6 Hands-On Labs
Stars: ✭ 13 (-90.91%)
Mutual labels:  lab
openshift-on-footloose
Running Openshift on Footloose, docker in docker
Stars: ✭ 27 (-81.12%)
Mutual labels:  lab
lab-cli
Command line utilities and exporting module for Compositor Lab
Stars: ✭ 52 (-63.64%)
Mutual labels:  lab
DNSSuffix
A set of PowerShell tools for managing the computer's primary DNS suffix.
Stars: ✭ 19 (-86.71%)
Mutual labels:  powershell-module
welcome
a virtual hackerspace for open-source contributors 🍿☕
Stars: ✭ 41 (-71.33%)
Mutual labels:  lab
pwsh-prelude
PowerShell “standard” library for supercharging your productivity. Provides a powerful cross-platform scripting environment enabling efficient analysis and sustainable science in myriad contexts.
Stars: ✭ 26 (-81.82%)
Mutual labels:  powershell-module
AutomatedOutlookSignature
PowerShell script to automate the creation of Outlook signatures using Active Directory attributes.
Stars: ✭ 36 (-74.83%)
Mutual labels:  activedirectory
shopify-foundation-theme
Modern Shopify theme using Shopify Theme Lab, Liquid, Vue and Tailwind CSS 🎨
Stars: ✭ 195 (+36.36%)
Mutual labels:  lab
adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin?
Stars: ✭ 862 (+502.8%)
Mutual labels:  activedirectory
OSD
OSD Shared Functions
Stars: ✭ 55 (-61.54%)
Mutual labels:  powershell-module
Octopus-Cmdlets
A suite of PowerShell cmdlets that enable you to simplify and automate your interactions with an Octopus Deploy server.
Stars: ✭ 40 (-72.03%)
Mutual labels:  powershell-module
TfsCmdlets
PowerShell Cmdlets for Azure DevOps and Team Foundation Server
Stars: ✭ 75 (-47.55%)
Mutual labels:  powershell-module
ColorMinePortable
ColorMinePortable
Stars: ✭ 37 (-74.13%)
Mutual labels:  lab
SQLPowerDoc
Hopefully an up to date fork of SQL Power Doc. Newer PS versions and .NET levels. Maybe too ambitious. This repository was cloned from kendalvandyke, the original author of SQLPowerDoc. Codeplex is currently in the process of shutting down. I cloned this project (and its wiki) with the intention of preserving a wonderful tool that I recently dis…
Stars: ✭ 19 (-86.71%)
Mutual labels:  powershell-module
osc2021
Homework submission for student
Stars: ✭ 14 (-90.21%)
Mutual labels:  lab
Home-Lab
This is the network diagrams, configuration guides, and hardware used for my home lab.
Stars: ✭ 62 (-56.64%)
Mutual labels:  lab
PowerColorLS
PowerShell script to display a colorized directory and file listing with icons
Stars: ✭ 35 (-75.52%)
Mutual labels:  powershell-module
PoShLog
🔩 PoShLog is PowerShell cross-platform logging module. It allows you to log structured event data into console, file and much more places easily. It's built upon great C# logging library Serilog - https://serilog.net/
Stars: ✭ 108 (-24.48%)
Mutual labels:  powershell-module
View All Similar Projects ➔

ADLab PowerShell Module

Introduction

The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing.

Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors.

Instructions

Preparation

Optional but recommended: Move Module into PSModulePath

# Display PSModulePath
$env:PSModulePath.split(";")

# Move module to path
Move-Item .\ADLab\ "C:\Windows\system32\WindowsPowerShell\v1.0\Modules\"

Import-Module

# Import global module
Import-Module ADLab

# Import local module
Import-Module .\ADLab.psm1

Initial Lab Setup

Invoke-DCPrep

This function prepares the current VM/computer to be used as a domain controller for the new forest. It sets a static IP address, sets the DNS server to be the localhost and renames the computer.

# Prepare the current VM with all default values while displaying verbose output
Invoke-DCPrep -Verbose

# Set custom hostname and use Google DNS for Internet access
Invoke-DCPrep -Hostname "DC" -NewIPv4DNSServer "8.8.8.8"

# Use custom IP and default gateway and display verbose output
Invoke-DCPrep -Verbose -NewIPv4Address "192.168.1.99" -NewIPv4Gateway "192.168.1.1"

Invoke-ForestDeploy

The function installs the AD DS feature and sets up a new Active Directory forest, without requiring any user input. Restarts the computer upon completion.

# Installs a new forest with FQDN of "bufu-sec.local" with default DSRM password of "Password!"
Invoke-ForestDeploy -Domain bufu-sec.local

# Installs a new forest with FQDN of "bufu-sec.local" with the DSRM password set to "P@ssword!" and displaying debug messages
Invoke-ForestDeploy -Domain "bufu-sec.local" -DSRMPassword "P@ssword!" -Verbose

Invoke-DNSDeploy

The function begins by installing the DNS feature. It then adds the primary zone and configures the server forwarder.

# Install and configure DNS on the current host and display verbose output.
Invoke-DNSDeploy -Verbose -NetworkID 192.168.47.0/24 -ZoneFile "192.168.47.2.in-addr.arpa.dns" -ServerForwarder 1.1.1.1

Invoke-DHCPDeploy

The function begins by installing the DHCP feature on the current machine. It then adds the necesarry security groups and authorizes the new DHCP server with the domain controller. Finally, it configures the new DHCP scope with the supplied values.

# Install and configure DHCP on the local DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10

# Install and configure DHCP on the specified DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10 -DCFQDN DC01.bufu-sec.local

Content

Invoke-ADLabFill

The function begins by creating the groups and OUs defined in the global Groups variable. It then generates 10 user objects for each OU by default.

# Fill forest with objects and display verbose output
Invoke-ADLabConfig -Verbose

# Create 50 users for each OU and display verbose output
Invoke-ADLabConfig -Verbose -UserCount 50

Attack Vectors

Set-ASREPRoasting

The function gets a certain amount of random user from the domain and sets the DoesNotRequirePreAuth flag for each. Excludes default accounts like Administrator and krbtgt. Makes 5% of users ASREP-Roastable by default.

# Make 5% of users ASREP-Roastable and display verbose output
Set-ASREPRoasting -Verbose

# Make 10 random users in the domain ASREP-Roastable
Set-ASREPRoasting -VulnerableUsersCount 10

# Make user bufu ASREP-Roastable and display verbose output
Set-ASREPRoasting -Users bufu -Verbose

# Make supplied list of users ASREP-roastable and display verbose output
Set-ASREPRoasting -Users ("bufu", "pepe") -Verbose

Set-Kerberoasting

The function gets a certain amount of random user from the domain and adds a SPN for each. Excludes default accounts like Administrator and krbtgt. Makes 5% of users kerberoastable by default.

# Make 5% of users ASREP-Roastable and display verbose output
Set-Kerberoasting -Verbose

# Make 10 random users in the domain ASREP-Roastable
Set-Kerberoasting -VulnerableUsersCount 10

# Make user bufu ASREP-Roastable and display verbose output
Set-Kerberoasting -Users bufu -Verbose

# Make supplied list of users ASREP-roastable and display verbose output
Set-Kerberoasting -Users ("bufu", "pepe") -Verbose

Set-BadACLs

The function begins by granting the Chads group GenericAll rights on the Domain Admins. It then grants the Degens group GenericALl rights on the Chads group. Finally, it grants GenericAll rights on some users from the Degens group to some users of the Normies group.

# Create vulnerable ACLs and display verbose output
Set-BadACLs -Verbose

Set-PSRemoting

The function first configures GPO to allow WinRM over TCP port 5985 to domain-joined systems. It then enables PS Remoting through GPO.

# Enable PS Remoting and display verbose output
Set-PSRemoting -Verbose
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].