ADLab – Custom designed PowerShell Module To Setup An Energetic Checklist Lab Atmosphere To Follow Penetration Checking out – CLAPPC

Breaking News



The purpose of this module is to automate the deployment of an Energetic Checklist lab for operating in opposition to inside penetration testing.

Credit score to Joe Helle and his PowerShell for Pentesters direction regarding the generation of the attack vectors.

Instructions

Preparation

Not obligatory then again recommended: Switch Module into PSModulePath

Import-Module

Initial Lab Setup

Invoke-DCPrep

This function prepares the prevailing VM/laptop to be used as a space controller for the new wooded area. It devices a static IP maintain, devices the DNS server to be the localhost and renames the computer.

# Get able the prevailing VM with all default values while displaying verbose output
Invoke-DCPrep -Verbose

# Set custom designed hostname and use Google DNS for Internet get admission to
Invoke-DCPrep -Hostname "DC" -NewIPv4DNSServer "8.8.8.8"

# Use custom designed IP and default gateway and display verbose output
Invoke-DCPrep -Verbose -NewIPv4Address "192.168.1.99" -NewIPv4Gateway "192.168.1.1"

Invoke-ForestDeploy

The function installs the AD DS serve as and devices up a brand spanking new Energetic Checklist wooded area, without requiring any client input. Restarts the computer upon of entirety.

# Installs a brand spanking new wooded area with FQDN of "bufu-sec.local" with default DSRM password of "Password!"
Invoke-ForestDeploy -House bufu-sec.local

# Installs a brand spanking new wooded area with FQDN of "bufu-sec.local" with the DSRM password set to "[email protected]!" and displaying debug messages
Invoke-ForestDeploy -House "bufu-sec.local" -DSRMPassword "[email protected]!" -Verbose

Invoke-DNSDeploy

The function begins by way of putting in place the DNS serve as. It then supplies the primary zone and configures the server forwarder.

# Arrange and configure DNS at present host and display verbose output.
Invoke-DNSDeploy -Verbose -NetworkID 192.168.47.0/24 -ZoneFile "192.168.47.2.in-addr.arpa.dns" -ServerForwarder 1.1.1.1

Invoke-DHCPDeploy

The function begins by way of putting in place the DHCP serve as at present device. It then supplies the necesarry protection groups and authorizes the new DHCP server with the world controller. In any case, it configures the new DHCP scope with the supplied values.

# Arrange and configure DHCP on the local DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10

# Arrange and configure DHCP on the specified DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10 -DCFQDN DC01.bufu-sec.local

Content material subject matter

Invoke-ADLabFill

The function begins by way of rising the groups and OUs defined inside the global Groups variable. It then generates 10 client pieces for each OU by way of default.

# Fill wooded area with pieces and display verbose output
Invoke-ADLabConfig -Verbose

# Create 50 consumers for each OU and display verbose output
Invoke-ADLabConfig -Verbose -UserCount 50

Attack Vectors

Set-ASREPRoasting

The function gets a specific amount of random client from the world and devices the DoesNotRequirePreAuth flag for each. Excludes default accounts like Administrator and krbtgt. Makes 5% of consumers ASREP-Roastable by way of default.

# Make 5% of consumers ASREP-Roastable and display verbose output
Set-ASREPRoasting -Verbose

# Make 10 random consumers inside the space ASREP-Roastable
Set-ASREPRoasting -VulnerableUsersCount 10

# Make client bufu ASREP-Roastable and display verbose output
Set-ASREPRoasting -Shoppers bufu -Verbose

# Make supplied file of consumers ASREP-roastable and display verbose output
Set-ASREPRoasting -Shoppers ("bufu", "pepe") -Verbose

Set-Kerberoasting

The function gets a specific amount of random client from the world and offers a SPN for each. Excludes default accounts like Administrator and krbtgt. Makes 5% of consumers kerberoastable by way of default.

# Make 5% of consumers ASREP-Roastable and display verbose output
Set-Kerberoasting -Verbose

# Make 10 random consumers inside the space ASREP-Roastable
Set-Kerberoasting -VulnerableUsersCount 10

# Make client bufu ASREP-Roastable and display verbose output
Set-Kerberoasting -Shoppers bufu -Verbose

# Make supplied file of consumers ASREP-roastable and display verbose output
Set-Kerberoasting -Shoppers ("bufu", "pepe") -Verbose

Set-BadACLs

The function begins by way of granting the Chads team of workers GenericAll rights on the House Admins. It then grants the Degens team of workers GenericALl rights on the Chads team of workers. In any case, it grants GenericAll rights on some consumers from the Degens team of workers to a couple of consumers of the Normies team of workers.

vulnerable ACLs and display verbose output Set-BadACLs -Verbose “>

# Create vulnerable ACLs and display verbose output
Set-BadACLs -Verbose

Set-PSRemoting

The function first configures GPO to allow WinRM over TCP port 5985 to domain-joined methods. It then lets in PS Remoting through GPO.

# Allow PS Remoting and display verbose output
Set-PSRemoting -Verbose




Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X