Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/safebuffer/vulnerable-ad
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
https://github.com/safebuffer/vulnerable-ad
active-directory penetration-testing powershell redteaming vulnerable-activedirectory vulnerable-ad
Last synced: 1 day ago
JSON representation
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
- Host: GitHub
- URL: https://github.com/safebuffer/vulnerable-ad
- Owner: safebuffer
- License: mit
- Created: 2020-06-19T09:30:18.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-04-12T18:06:21.000Z (8 months ago)
- Last Synced: 2024-10-29T17:39:00.284Z (about 2 months ago)
- Topics: active-directory, penetration-testing, powershell, redteaming, vulnerable-activedirectory, vulnerable-ad
- Language: PowerShell
- Homepage:
- Size: 30.3 KB
- Stars: 2,005
- Watchers: 45
- Forks: 388
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
Vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab
### Main Features
- Randomize Attacks
- Full Coverage of the mentioned attacks
- you need run the script in DC with Active Directory installed
- Some of attacks require client workstation
### Supported Attacks
- Abusing ACLs/ACEs
- Kerberoasting
- AS-REP Roasting
- Abuse DnsAdmins
- Password in Object Description
- User Objects With Default password (Changeme123!)
- Password Spraying
- DCSync
- Silver Ticket
- Golden Ticket
- Pass-the-Hash
- Pass-the-Ticket
- SMB Signing Disabled### Example
```powershell
# if you didn't install Active Directory yet , you can try
Install-windowsfeature AD-domain-services
Import-Module ADDSDeployment
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true
# if you already installed Active Directory, just run the script !
IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"
```### TODO
- Play with workstations !
- Click close issue button on github