Post

Setting Up Game Of Active Directory(GOAD) Lab

Posted Updated
Preview Image
By bionic_
4 min read
Setting Up Game Of Active Directory(GOAD) Lab

I recently came across this repo while looking for some Active Directory chalenges. Super impressed by the work the team did here.

Brief Intro

GOAD is a lab environment created by Orange Cyberdefense, for security professionals interested in mastering Active Directory (AD) security. It serves for both offensive and defensive cybersecurity training, providing a realistic AD environment complete with vulnerabilities and misconfigurations commonly found in real world networks. Lets look at what makes this lab really cool:

Key Features:

Pre-Built Lab Environment:

Automated Deployment: GOAD offers a fully automated setup, making it quick and easy to deploy a complex AD environment, complete with domain controllers, workstations, and member servers. This pre-built lab mirrors a typical enterprise AD infrastructure.

Diverse Vulnerabilities:

The lab simulates a realistic AD environment with a variety of common misconfigurations and vulnerabilities, such as:

  • Kerberoasting: Leverage Kerberos to extract password hashes.
  • AS-REP Roasting: Attacking accounts not requiring pre-authentication.
  • Pass-the-Hash: Using obtained password hashes to authenticate.
  • Pass-the-Ticket: Leverage Kerberos tickets to authenticate.
  • NTLM Relay: Relaying NTLM authentication in order to gain unauthorized access.
  • LDAP Relay: Exploiting LDAP protocol to for privilage escalation.
  • AD Certificate Services CS Attacks: Exploiting Certificate Services to elevate privileges.
  • Privilege Escalation Techniques: Exploring various ways to gain higher user privileges the domain.
  • Real-World Simulation: an environment similar to what you would find in a cooporate network.
  • Incident Response Practice: GOAD also supports defensive exercises with monitoring tools like Sysmon, allowing users to practice detecting, responding to, and mitigating AD attacks.

Vulnerabilities Roadmap

This can be read here.

Technical Details about GOAD

  • Automation: GOAD uses Ansible, Terraform, and PowerShell for seamless automation of the deployment process, ensuring consistent lab recreation.
  • Virtualization: Primarily designed for VMware vSphere, but with potential adaptations for other virtualization platforms.
  • Networking: The lab replicates corporate network segmentation, including domain-joined machines and network services typical of an enterprise setting.
  • Blue Team Training: Defensive teams can simulate attacks, refine detection, and improve response strategies.
  • Research and Development: A valuable platform for researchers to develop, test, and evaluate new attack techniques or defensive measures in AD environments.

System Requirements

The documentations suggest a minimum of 24GB RAM for the main lab. I, however, have only 20GB and will opt for the lite version which can spin up 3 vms, 1 forest, 2 domains.

For disk usage, 150GB of space is required. More if you are going to be taking snapshots along the way. My 400GB free storage should do pretty well.

The lab was tested on a linux host and so am I. Windows should also work with some minor tweaks.

Installation and setup

Installation can be done with VirtualBox, VMware, Proxmox or Azure. I will be using VirtualBox.

Install docker

1

sudo apt install virtualbox

This is necessary if you want to install ansible from docker. You can also install ansible locally. But first, lets create a virtual environment using python.

1
2
3
4
5
6

sudo apt install git
git clone git@github.com:Orange-Cyberdefense/GOAD.git
cd GOAD/ansible
sudo apt install python3.8-venv
python3.8 -m virtualenv .venv
source .venv/bin/activate

Now we can install ansible and pywinrm.

1
2
3
4

python3 -m pip install --upgrade pip
python3 -m pip install ansible-core==2.12.6
python3 -m pip install pywinrm
ansible-galaxy install -r ansible/requirements.yml

Note that the –break-system-packages can be added to the pip commands if installing outside a python virtual environment at your own risk.

We can also run the ansible-playbook to launch main.yml playbook.

1

ansible-playbook main.yml

You may encounter some errors similar to the below. To resolve it, try reinstalling ansible.

1
2
3
4

Traceback (most recent call last):
  File "/usr/bin/ansible-playbook", line 5, in <module>
    from ansible.cli.playbook import main
ImportError: cannot import name 'main' from 'ansible.cli.playbook' (/home/bionic/.local/lib/python3.11/site-packages/ansible/cli/playbook.py)

Install virtualbox

1

sudo apt install virtualbox

Install vagrant

Vagrant will be used to manage your virtual machines.

1

sudo apt install vagrant

Install ruby winrm utils

1

gem install winrm winrm-fs winrm-elevated

Failure to installing these will result in vagrant not launching hence the error below:

error

Downloading the lab environment machines on VirtualBox

There is an option to do a local or docker ansible install. I will do a local, just because i set it up.

Vm provider can be set to virtualbox, azure, vmware etc.

Ansible run bethod can be set to local or docker.

Retain the lab as GOAD

1

./goad.sh -t install -l <LAB> -p <PROVIDER> -m <ANSIBLE_RUN_METHOD>

download lab This will definitely take some time. Once done, all the labs should be ready.

Next?

Let the pwnage begin…

Security Testing, Network
tagnetwork AD hacking
This post is licensed under CC BY 4.0 by the author.