Vulnerable Active Directory Lab

Vulnerable Active Directory Lab

I'm currently learning pentesting techniques for Active Directory, and I've been sharing my progress on YouTube. Today, I'd like to recommend an incredible tool I found on GitHub that allows us to create a vulnerable Active Directory environment for testing various Active Directory attacks in a local lab. This tool is a PowerShell script that automates user and group creation, assigns improper ACL permissions, leaks information, and makes users kerberoastable and asreproastable, among other vulnerabilities.

It's important to note that this tool is intended for use in a local lab environment, and you should run the script on a Domain Controller with Active Directory installed. Its purpose is for practice, learning, and gaining a better understanding of concepts for pentesting.

Here's the link to the official repository: [Vulnerable-AD Repository]. Additionally, someone forked the repository and made some interesting changes to the script: [Forked Repository with Changes].

I also forked it and added an ASREProast to Zerologon Writeup: [My Fork with Additional Writeup]. My plan is to create writeups that demonstrate various ways to perform attacks in this lab environment.

I highly recommend exploring the entire lab to discover your own path towards achieving Domain Admin status.

Supported Attacks

  • Abusing ACLs/ACEs
  • Kerberoasting
  • AS-REP Roasting
  • Abuse DnsAdmins (...)
  • Password in AD User comment
  • Password Spraying
  • DCSync (...)
  • Silver Ticket (...)
  • Golden Ticket (...)
  • Pass-the-Hash (...)
  • Pass-the-Ticket (...)
  • SMB Signing Disabled
  • Bad WinRM permission
  • Anonymous LDAP query
  • Public SMB Share
  • Zerologon (Check version)


要查看或添加评论,请登录

KEVIN VANEGAS的更多文章

  • LittlePivoting-Dockerlabs Walkthrough / WriteUp

    LittlePivoting-Dockerlabs Walkthrough / WriteUp

    Hello everyone, we continue exploring the Dockerlabs DockerLabs platform that I introduced in my previous video! This…

    5 条评论
  • AS-REP roasting with Crackmapexec/NetExec

    AS-REP roasting with Crackmapexec/NetExec

    This new Crackmapexec/NetExec series is a part of the Active Directory Lab series on my channel . With tools like…

  • Enumeration With BloodHound

    Enumeration With BloodHound

    As a cybersecurity student, I'm constantly seeking ways to expand my knowledge and skill set. Recently, I delved into…

  • Learning About DCSync Attacks in Active Directory

    Learning About DCSync Attacks in Active Directory

    I continued diving into exploitation techniques within Active Directory. Here are the key highlights: 1?? DCSync…

  • Set Up and Test ASREProast and Kerberoasting Attacks

    Set Up and Test ASREProast and Kerberoasting Attacks

    We create a small Active Directory lab using VirtualBox and a Windows Server Standard evaluation. We'll configure it to…

  • My notes on solving 'Return' from Hack The Box.

    My notes on solving 'Return' from Hack The Box.

    > The machine Key Concepts: Windows Remote Management (WinRM), SMB (Server Message Block), Enumeration, Printer Admin…

  • Creating a basic bash script

    Creating a basic bash script

    I'll show you how to create your first Bash script to perform a small fuzzing operation with the goal of gaining access…

  • Linux `find` Command

    Linux `find` Command

    ███████████████████████████████ ███ Linux `find` Command ███…

  • Cross-site WebSocket hijacking (CSWSH) | RC4 encryption

    Cross-site WebSocket hijacking (CSWSH) | RC4 encryption

    ?? Cybersecurity Journey Update: Inkplot Challenge Completed on HackMyVM! ?? Watch the video here: Link to Video I took…

  • Dominating 3 Buffer Overflows on a Single Machine

    Dominating 3 Buffer Overflows on a Single Machine

    During my journey, I encountered a host of vulnerabilities, including local file inclusion, log poisoning, and the…

社区洞察

其他会员也浏览了