Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/safebuffer/vulnerable-AD

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/safebuffer/vulnerable-AD

active-directory penetration-testing powershell redteaming vulnerable-activedirectory vulnerable-ad

Last synced: 3 months ago
JSON representation

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Lists

README 

        


  Vulnerable-AD

  





Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab



### Main Features

- Randomize Attacks

- Full Coverage of the mentioned attacks

- you need run the script in DC with Active Directory installed 

- Some of attacks require client workstation

  

### Supported Attacks

- Abusing ACLs/ACEs

- Kerberoasting

- AS-REP Roasting

- Abuse DnsAdmins

- Password in Object Description

- User Objects With Default password (Changeme123!)

- Password Spraying

- DCSync

- Silver Ticket

- Golden Ticket 

- Pass-the-Hash

- Pass-the-Ticket

- SMB Signing Disabled



### Example

```powershell

# if you didn't install Active Directory yet , you can try 

Install-windowsfeature AD-domain-services

Import-Module ADDSDeployment

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true

# if you already installed Active Directory, just run the script !

IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));

Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

```



### TODO

- Play with workstations !

- Click close issue button on github