Vulnerable-AD

Create a vulnerable active directory that’s allowing you to test most of the active directory attacks in a local lab

Main Features

• Randomize Attacks
• Full Coverage of the mentioned attacks
• you need to run the script in DC with Active Directory installed
• Some of the attacks require client workstation

Supported Attacks

• Abusing ACLs/ACEs
• Kerberoasting
• AS-REP Roasting
• Abuse DnsAdmins
• Password in the AD User comment
• Password Spraying
• DCSync
• Silver Ticket
• Golden Ticket
• Pass-the-Hash
• Pass-the-Ticket
• SMB Signing Disabled

Download

git clone https://github.com/WazeHell/vulnerable-AD.git

Example

# if you didn't install Active Directory yet , you can try 

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true

# if you already installed Active Directory, just run the script !

IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));

Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

Copyright (c) 2020 Hossam

Source: https://github.com/WazeHell/