Game Of Active Directory v2 releases: pentest active directory LAB project

GOAD (Game Of Active Directory)

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

LAB Content – sevenkingdoms.local

Servers

This lab is actually composed of three virtual machines:

• kingslanding: DC01 running on Windows Server 2019 (2021.05.15 with windefender enabled by default)
• dragonstone: DC02 running on Windows Server 2016 (2017.12.14 and windefender disabled by default)
• winterfell: Simple Server running on Windows Server 2019 (2020.07.17 with windefender disabled by default)

The lab setup is automated using vagrant and ansible automation tools. You can change the vm version in the Vagrantfile according to Stefan Scherer vagrant repository: https://app.vagrantup.com/StefanScherer

Blueteam :

• elk a kibana is configured on http://192.168.56.50:5601 to follow the lab events
• infos: log encyclopedia: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/

Users/Groups and associated vulnerabilites/scenarios

• STARKS
  • arya.stark: start user: password Needle
  • eddard.stark: DOMAIN ADMIN / NTLM relay with responder
  • catelyn.stark: ACL forcechangepassword on eddard.stark
  • robb.stark: RESPONDER LLMR
  • sansa.stark: ACL writeproperty-self-membership Domain Admins
  • brandon.stark: ASREP_ROASTING
  • rickon.stark: GPO abuse (Edit Settings on “ChangeWallpaperInBlue” GPO)
  • theon.greyjoy:
  • jon.snow: KERBEROASTING
  • hodor: PASSWORD SPRAY (user=password)
• NIGHT WATCH
  • samwell.tarly: Password in ldap description
  • jeor.mormont: ACL writedacl-writeowner on group Night Watch
• LANISTERS
  • tywin.lannister: ACL genericall-on-user cersei.lannister
  • jaime.lannister: ACL genericwrite-on-user cersei.lannister
  • tyron.lannister: ACL self-self-membership-on-group Domain Admins
  • cersei.lannister: DOMAIN ADMIN
• BARATHEON
  • robert.baratheon: DOMAIN ADMIN
  • joffrey.baratheon:
  • renly.baratheon:
  • stannis.baratheon: ACL genericall-on-computer dragonstone
• SMALL COUNCIL
  • petyer.baelish: ACL writeproperty-on-group Domain Admins
  • lord.varys: ACL genericall-on-group Domain Admins
  • maester.pycelle: ACL write owner on group Domain Admins

warning

This lab is extremely vulnerable, do not reuse recipes to build your environment and do not deploy this environment on the internet. This repository is for pentest practice only.

Install