Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab

3 years ago 604

BOOK THIS SPACE FOR AD

ARTICLE AD

Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.

Main Features

Randomize Attacks Full Coverage of the mentioned attacks you need run the script in DC with Active Directory installed Some of attacks require client workstation

Supported Attacks

Abusing ACLs/ACEs Kerberoasting AS-REP Roasting Abuse DnsAdmins Password in AD User comment Password Spraying DCSync Silver Ticket Golden Ticket Pass-the-Hash Pass-the-Ticket SMB Signing Disabled

Example

# if you didn't install Active Directory yet , you can try Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true # if you already installed Active Directory, just run the script ! IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1")); Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

TODO

Add More realistic scenarios Click close issue button on github

Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab Reviewed by Zion3R on 5:30 PM Rating: 5