Breaking News



The aim of this module is to automate the deployment of an Full of life Tick list lab for running towards within penetration trying out.

Credit score ranking to Joe Helle and his PowerShell for Pentesters path in regards to the era of the assault vectors.

Directions

Preparation

No longer necessary however really useful: Transfer Module into PSModulePath

Import-Module

Preliminary Lab Setup

Invoke-DCPrep

This serve as prepares the present VM/computer for use as a area controller for the brand new wooded space. It gadgets a static IP care for, gadgets the DNS server to be the localhost and renames the pc.

# Get in a position the present VM with all default values whilst showing verbose output
Invoke-DCPrep -Verbose

# Set customized hostname and use Google DNS for Web get right of entry to
Invoke-DCPrep -Hostname "DC" -NewIPv4DNSServer "8.8.8.8"

# Use customized IP and default gateway and show verbose output
Invoke-DCPrep -Verbose -NewIPv4Address "192.168.1.99" -NewIPv4Gateway "192.168.1.1"

Invoke-ForestDeploy

The serve as installs the AD DS function and gadgets up a brand new Full of life Tick list wooded space, with out requiring any consumer enter. Restarts the pc upon finishing touch.

# Installs a brand new wooded space with FQDN of "bufu-sec.native" with default DSRM password of "Password!"
Invoke-ForestDeploy -Area bufu-sec.native

# Installs a brand new wooded space with FQDN of "bufu-sec.native" with the DSRM password set to "[email protected]!" and showing debug messages
Invoke-ForestDeploy -Area "bufu-sec.native" -DSRMPassword "[email protected]!" -Verbose

Invoke-DNSDeploy

The serve as starts by means of setting up the DNS function. It then provides the principle zone and configures the server forwarder.

# Prepare and configure DNS at the moment host and show verbose output.
Invoke-DNSDeploy -Verbose -NetworkID 192.168.47.0/24 -ZoneFile "192.168.47.2.in-addr.arpa.dns" -ServerForwarder 1.1.1.1

Invoke-DHCPDeploy

The serve as starts by means of setting up the DHCP function at the moment instrument. It then provides the necesarry coverage teams and authorizes the brand new DHCP server with the arena controller. Finally, it configures the brand new DHCP scope with the equipped values.

# Prepare and configure DHCP at the native DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10

# Prepare and configure DHCP at the specified DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10 -DCFQDN DC01.bufu-sec.native

Content material subject material material

Invoke-ADLabFill

The serve as starts by means of emerging the teams and OUs outlined throughout the world Teams variable. It then generates 10 consumer items for every OU by means of default.

# Fill wooded space with items and show verbose output
Invoke-ADLabConfig -Verbose

# Create 50 shoppers for every OU and show verbose output
Invoke-ADLabConfig -Verbose -UserCount 50

Assault Vectors

Set-ASREPRoasting

The serve as will get a certain quantity of random consumer from the arena and gadgets the DoesNotRequirePreAuth flag for every. Excludes default accounts like Administrator and krbtgt. Makes 5% of customers ASREP-Roastable by means of default.

# Make 5% of customers ASREP-Roastable and show verbose output
Set-ASREPRoasting -Verbose

# Make 10 random shoppers throughout the area ASREP-Roastable
Set-ASREPRoasting -VulnerableUsersCount 10

# Make consumer bufu ASREP-Roastable and show verbose output
Set-ASREPRoasting -Consumers bufu -Verbose

# Make equipped document of customers ASREP-roastable and show verbose output
Set-ASREPRoasting -Consumers ("bufu", "pepe") -Verbose

Set-Kerberoasting

The serve as will get a certain quantity of random consumer from the arena and provides a SPN for every. Excludes default accounts like Administrator and krbtgt. Makes 5% of customers kerberoastable by means of default.

# Make 5% of customers ASREP-Roastable and show verbose output
Set-Kerberoasting -Verbose

# Make 10 random shoppers throughout the area ASREP-Roastable
Set-Kerberoasting -VulnerableUsersCount 10

# Make consumer bufu ASREP-Roastable and show verbose output
Set-Kerberoasting -Consumers bufu -Verbose

# Make equipped document of customers ASREP-roastable and show verbose output
Set-Kerberoasting -Consumers ("bufu", "pepe") -Verbose

Set-BadACLs

The serve as starts by means of granting the Chads group of workers GenericAll rights at the Area Admins. It then grants the Degens group of workers GenericALl rights at the Chads group of workers. Finally, it grants GenericAll rights on some shoppers from the Degens group of workers to a few shoppers of the Normies group of workers.

inclined ACLs and show verbose output Set-BadACLs -Verbose “>

# Create inclined ACLs and show verbose output
Set-BadACLs -Verbose

Set-PSRemoting

The serve as first configures GPO to permit WinRM over TCP port 5985 to domain-joined strategies. It then shall we in PS Remoting via GPO.

# Permit PS Remoting and show verbose output
Set-PSRemoting -Verbose




Leave a Reply

Your email address will not be published.

Donate Us

X