Breaking News



The aim of this module is to automate the deployment of an Vigorous File lab for training inside penetration testing.

Credit score rating to Joe Helle and his PowerShell for Pentesters route in regards to the era of the assault vectors.

Directions

Preparation

Now not important then again really helpful: Transfer Module into PSModulePath

# Show PSModulePath
$env:PSModulePath.decrease up(";")

# Transfer module to trail
Transfer-Merchandise .ADLab "C:Windowssystem32WindowsPowerShellv1.0Modules"

Import-Module

# Import world module
Import-Module ADLab

# Import native module
Import-Module .ADLab.psm1

Preliminary Lab Setup

Invoke-DCPrep

This serve as prepares the prevailing VM/pc for use as a house controller for the brand new wooded house. It units a static IP handle, units the DNS server to be the localhost and renames the pc.

# Get able the prevailing VM with all default values whilst appearing verbose output
Invoke-DCPrep -Verbose

# Set customized hostname and use Google DNS for Web get entry to
Invoke-DCPrep -Hostname "DC" -NewIPv4DNSServer "8.8.8.8"

# Use customized IP and default gateway and show verbose output
Invoke-DCPrep -Verbose -NewIPv4Address "192.168.1.99" -NewIPv4Gateway "192.168.1.1"

Invoke-ForestDeploy

The serve as installs the AD DS characteristic and units up a brand new Vigorous File wooded house, with out requiring any client enter. Restarts the pc upon completion.

# Installs a brand new wooded house with FQDN of "bufu-sec.native" with default DSRM password of "Password!"
Invoke-ForestDeploy -House bufu-sec.native

# Installs a brand new wooded house with FQDN of "bufu-sec.native" with the DSRM password set to "[email protected]!" and appearing debug messages
Invoke-ForestDeploy -House "bufu-sec.native" -DSRMPassword "[email protected]!" -Verbose

Invoke-DNSDeploy

The serve as starts by way of putting in the DNS characteristic. It then provides the principle zone and configures the server forwarder.

# Organize and configure DNS nowadays host and show verbose output.
Invoke-DNSDeploy -Verbose -NetworkID 192.168.47.0/24 -ZoneFile "192.168.47.2.in-addr.arpa.dns" -ServerForwarder 1.1.1.1

Invoke-DHCPDeploy

The serve as starts by way of putting in the DHCP characteristic nowadays machine. It then provides the necesarry coverage teams and authorizes the brand new DHCP server with the sector controller. In any case, it configures the brand new DHCP scope with the equipped values.

# Organize and configure DHCP at the native DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10

# Organize and configure DHCP at the specified DC.
Invoke-DHCPDeploy -Verbose -ScopeName "Default" -ScopeID 192.168.47.0 -StartIP 192.168.47.100 -EndIP 192.168.47.200 -SubnetMask 255.255.255.0 -DNSServer 192.168.47.10 -Router 192.168.47.10 -DCFQDN DC01.bufu-sec.native

Content material subject matter matter subject matter

Invoke-ADLabFill

The serve as starts by way of rising the teams and OUs outlined within the world Teams variable. It then generates 10 client items for each and every OU by way of default.

# Fill wooded house with items and show verbose output
Invoke-ADLabConfig -Verbose

# Create 50 customers for each and every OU and show verbose output
Invoke-ADLabConfig -Verbose -UserCount 50

Assault Vectors

Set-ASREPRoasting

The serve as will get a certain amount of random client from the sector and units the DoesNotRequirePreAuth flag for each and every. Excludes default accounts like Administrator and krbtgt. Makes 5% of consumers ASREP-Roastable by way of default.

# Make 5% of consumers ASREP-Roastable and show verbose output
Set-ASREPRoasting -Verbose

# Make 10 random customers within the house ASREP-Roastable
Set-ASREPRoasting -VulnerableUsersCount 10

# Make client bufu ASREP-Roastable and show verbose output
Set-ASREPRoasting -Customers bufu -Verbose

# Make equipped report of consumers ASREP-roastable and show verbose output
Set-ASREPRoasting -Customers ("bufu", "pepe") -Verbose

Set-Kerberoasting

The serve as will get a certain amount of random client from the sector and offers a SPN for each and every. Excludes default accounts like Administrator and krbtgt. Makes 5% of consumers kerberoastable by way of default.

# Make 5% of consumers ASREP-Roastable and show verbose output
Set-Kerberoasting -Verbose

# Make 10 random customers within the house ASREP-Roastable
Set-Kerberoasting -VulnerableUsersCount 10

# Make client bufu ASREP-Roastable and show verbose output
Set-Kerberoasting -Customers bufu -Verbose

# Make equipped report of consumers ASREP-roastable and show verbose output
Set-Kerberoasting -Customers ("bufu", "pepe") -Verbose

Set-BadACLs

The serve as starts by way of granting the Chads personnel GenericAll rights at the House Admins. It then grants the Degens personnel GenericALl rights at the Chads personnel. In any case, it grants GenericAll rights on some customers from the Degens personnel to a couple of customers of the Normies personnel.

<div class=”spotlight highlight-source-powershell position-relative overflow-auto” data-snippet-clipboard-copy-content=”# Create inclined ACLs and show verbose output Set-BadACLs -Verbose “>

# Create inclined ACLs and show verbose output
Set-BadACLs -Verbose

The serve as first configures GPO to permit WinRM over TCP port 5985 to domain-joined ways. It then we could in PS Remoting by way of GPO.




Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X