crash.software
Projects
Pull Requests
Issues
Builds
GOAD
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY GOAD Commits 061a5a71
🤬

  • Add ansible provisioning with a docker container method, fix issues about the 1.11.0 community.windows ansible library and the associated impact on the build

  • Loading...
  • Mayfly277 committed 2 years ago
    061a5a71
    1 parent 92012d41
  • ■ ■ ■ ■ ■ ■
    Dockerfile
     1 +FROM ubuntu:22.04
     2 + 
     3 +RUN apt-get update \
     4 + && apt-get install -y python3-pip
     5 + 
     6 +RUN pip install --upgrade pip
     7 +RUN pip install ansible-core==2.12.6
     8 +RUN pip install pywinrm
     9 + 
     10 +RUN apt-get update -y && \
     11 + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     12 + sshpass
     13 + 
     14 +COPY ./ansible/requirements.yml .
     15 + 
     16 +RUN ansible-galaxy install -r requirements.yml
     17 + 
  • ■ ■ ■ ■ ■
    README.md
    skipped 3 lines
    4 4   
    5 5  ## Description
    6 6  GOAD is a pentest active directory LAB project.
    7  -The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
     7 +The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.
    8 8   
    9 9  ## warning
    10  -This lab is extremly vulnerable, do not reuse receipe to build your environement and do not deploy this environment on internet (this is a recommendation, use it as your own risk)
     10 +This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet (this is a recommendation, use it as your own risk)
    11 11  This repository is for pentest practice only.
    12 12   
    13  -## licences
    14  -This lab use free windows VM only (180 days). After that delay enter a licence on each server or rebuild all the lab (may be it's time for an update ;))
     13 +## licenses
     14 +This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))
    15 15   
    16 16  ## Installation
     17 + 
     18 +- Installation is in two part :
     19 + 
     20 +1. providing : it is made with vagrant, it download and run empty windows box.
     21 +2. provisioning : it is made with ansible, it will install all the stuff to make the lab running like an active directory network
     22 + 
     23 +### tldr;
     24 + 
     25 +- You are on linux, you already got virtualbox, vagrant and docker installed on your host and you know what you are doing, just run :
     26 + 
     27 +```bash
     28 +# providing
     29 +vagrant up
     30 +# provisioning
     31 +sudo docker build -t goadansible .
     32 +sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook main.yml
     33 +```
     34 + 
     35 +- Now you can grab a coffee it will take time :)
     36 + 
    17 37  ### Requirements
    18 38  So far the lab has only been tested on a linux machine, but it should work as well on macOS. Ansible has some problems with Windows hosts so I don't know about that.
    19 39   
    skipped 1 lines
    21 41   
    22 42  #### Virtualbox
    23 43   
    24  -- **virtualbox** actually the vms are provided to be run on virtualbox so you need a working virtualbox environement on your computer
     44 +- **virtualbox** actually the vms are provided to be run on virtualbox so you need a working virtualbox environment on your computer
    25 45   
    26 46  #### Vagrant
    27  -- **vagrant** from their official site [vagrant](https://www.vagrantup.com/downloads). The version you can install through your favourite package manager (apt, yum, ...) is probably not the latest one.
     47 +- **vagrant** from their official site [vagrant](https://www.vagrantup.com/downloads). The version you can install through your favorite package manager (apt, yum, ...) is probably not the latest one.
    28 48  - Install vagrant plugin vbguest: `vagrant plugin install vagrant-vbguest` (not needed anymore)
    29 49   
    30 50  - Vagrant install with hashicorp repository example :
    skipped 4 lines
    35 55  sudo apt update && sudo apt install vagrant=2.2.19
    36 56  ```
    37 57   
    38  -#### Ansible
     58 +#### Ansible with docker
     59 + 
     60 +- If you want to do the provisioning from a docker container you could launch the following command to prepare the container
     61 + 
     62 +```bash
     63 +sudo docker build -t goadansible .
     64 +```
     65 + 
     66 +#### Ansible on your host
     67 + 
     68 +- If you want to play ansible from your host you should launch the following commands :
     69 + 
    39 70  - *Create a python >= 3.8 virtualenv*
    40 71   
    41 72  ```bash
    skipped 29 lines
    71 102   
    72 103  ### V2 breaking changes
    73 104  - If you previously install the v1 do not try to update as a lot of things have changed. Just drop your old lab and build the new one (you will not regret it)
    74  -- Chocolatey is no more used and basic tools like git or notepad++ are no more installed by default (as chocolatey regulary crash the install due to hiting rate on multiples builds)
    75  -- ELK is no more installed by default to save ressources but you still can install it separately (see the blueteam/elk part)
    76  -- Dragonstone vm as disapear and there is no more DC replication in the lab to save resources
    77  -- Wintefell is now a domain controler for the subdomain north of the sevenkingdoms.local domain
     105 +- Chocolatey is no more used and basic tools like git or notepad++ are no more installed by default (as chocolatey regularly crash the install due to hitting rate on multiples builds)
     106 +- ELK is no more installed by default to save resources but you still can install it separately (see the blueteam/elk part)
     107 +- Dragonstone vm as disappear and there is no more DC replication in the lab to save resources
     108 +- Wintefell is now a domain controller for the subdomain north of the sevenkingdoms.local domain
    78 109   
    79 110  ### Space use
    80 111  - the lab take environ 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M))
    skipped 12 lines
    93 124  vagrant up # this will create the vms (this command must be run in the folder where the Vagrantfile is present)
    94 125  ```
    95 126   
    96  -- VMs provisionning
     127 +- VMs provisioning
    97 128   - in one command just play :
    98 129   
    99 130  ```bash
    100 131  ansible-playbook main.yml # this will configure the vms in order to play ansible when the vms are ready
    101 132  ```
    102 133   
    103  -- Or you can run playbooks one by one (mostely for debug or if you get trouble during install)
     134 +- To run the provisioning from the docker container run (you should be in the same folder as the Dockerfile):
     135 + 
     136 +```bash
     137 +sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook main.yml
     138 +```
     139 + 
     140 +- Or you can run playbooks one by one (mostly for debug or if you get trouble during install)
    104 141   - The main.yml playbook is build in multiples parts. each parts can be re-run independently but the play order must be keep in cas you want to play one by one :
    105 142   
    106 143  ```
    skipped 21 lines
    128 165  vagrant up # will start the lab
    129 166  ```
    130 167   
    131  -- if you got some errors see the troobleshooting section at the end of the document, but in most case if you get errors during install, don't think and just replay the main playbook (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the main.yml playbook)
     168 +- if you got some errors see the troubleshooting section at the end of the document, but in most case if you get errors during install, don't think and just replay the main playbook (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the main.yml playbook)
    132 169  ```
    133 170  ansible-playbook main.yml
    134 171  ```
    skipped 251 lines
    386 423  ```
    387 424   
    388 425  ### Ansible-playbook
     426 + 
     427 +#### Groups domain error
     428 + 
     429 +- something go wrong with the trust, all the links are not fully establish
     430 +- wait several minutes and relaunch the playbook
     431 +- i really don't know why this append time to time on installation, if you want to investigate and resolve the issue please tell me how.
     432 + 
     433 +```bash
     434 +An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
     435 +failed: [192.168.56.xx] (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\tyron.lannister', 'essos.local\\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "DragonsFriends", "value": ["north.sevenkingdoms.local\\jon.snow", "sevenkingdoms.local\\tyron.lannister", "essos.local\\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials."}
     436 +```
     437 + 
     438 +#### Error Add-Warning
     439 + 
     440 +- You got an "Add-Warning" error during the user installation.
     441 +- Upgrade to community.windows galaxy >= 1.11.0
     442 +- relaunch the ansible playbooks.
     443 + 
     444 +```bash
     445 +An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475
     446 +failed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',
     447 +...
     448 +"msg": "Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."}+
     449 +```
     450 + 
     451 +#### A parameter cannot be found that matches parameter name 'AcceptLicense'
     452 + 
     453 +- If you got this kind of error you got an ansible.windows version >= 1.11.0
     454 +- This version add the parameter AcceptLicense but it is accepted only for PowerShellGet module >= 1.6.0 and this one is not embededded in the vms.
     455 +- Please keep version 1.11.0 and update the lab to get the fix for the PowerShellGet Module version.
     456 + 
     457 +```bash
     458 +fatal: [xxx]: FAILED! => {
     459 + "changed": false,
     460 + "msg": "Problems installing XXXX module: A parameter cannot be found that matches parameter name 'AcceptLicense'.",
     461 + "nuget_changed": false,
     462 + "output": "",
     463 + "repository_changed": false
     464 +}
     465 +```
    389 466   
    390 467  #### old Ansible version
    391 468   
    skipped 96 lines
  • ■ ■ ■ ■ ■
    ad/sevenkingdoms.local/data/config.json
    skipped 179 lines
    180 180   },
    181 181   "multi_domain_groups_member" : {
    182 182   "DragonsFriends" : [
    183  - "north.sevenkingdoms.local\\jon.snow",
    184 183   "sevenkingdoms.local\\tyron.lannister",
    185 184   "essos.local\\daenerys.targaryen"
    186 185   ],
    skipped 237 lines
    424 423   }
    425 424   },
    426 425   "domainlocal" : {
     426 + "AcrossTheNarrowSea" : {
     427 + "path" : "CN=Users,DC=sevenkingdoms,DC=local"
     428 + }
    427 429   }
    428 430   },
    429 431   "multi_domain_groups_member" : {
     432 + "AcrossTheNarrowSea" : [
     433 + "essos.local\\daenerys.targaryen"
     434 + ]
    430 435   },
    431 436   "acls" : {
    432 437   "GenericAll_tywin_cersei" : {"for": "tywin.lannister", "to": "cersei.lannister", "right": "GenericAll", "inheritance": "None"},
    skipped 4 lines
    437 442   "writeproperty-self-membership_stanis_stannis" : {"for": "stannis.baratheon", "to": "Domain Admins", "right": "Ext-Write-Self-Membership", "inheritance": "All"},
    438 443   "forcechangepassword_tywin_jaime" : {"for": "tywin.lannister", "to": "jaime.lannister", "right": "Ext-User-Force-Change-Password", "inheritance": "None"},
    439 444   "write_on_group_pycelle_domadmin" : {"for": "maester.pycelle", "to": "Domain Admins", "right": "WriteOwner", "inheritance": "None"},
     445 + "GenericAll_group_acrrosdom_domadmin" : {"for": "AcrossTheNarrowSea", "to": "Domain Admins", "right": "GenericAll", "inheritance": "None"},
    440 446   "GenericWrite_on_user_jaimie_cersei" : {"for": "jaime.lannister", "to": "cersei.lannister", "right": "GenericWrite", "inheritance": "None"},
    441 447   "Writedacl_tywin_council" : {"for": "tywin.lannister", "to": "Small Council", "right": "WriteDacl", "inheritance": "None"}
    442 448   },
    skipped 105 lines
  • ■ ■ ■ ■ ■
    ansible/requirements.yml
    skipped 1 lines
    2 2  collections:
    3 3   # Install a collection from Ansible Galaxy.
    4 4   - name: ansible.windows
    5  - version: 1.10.0
     5 + version: 1.11.0
    6 6   - name: community.general
    7 7   - name: community.windows
    8  - version: 1.10.0
     8 + version: 1.11.0
     9 + - name: chocolatey.chocolatey
    9 10  # - name: goad.windows
    10 11  # type: dir
    11 12  # source: ./collections/goad/windows
    skipped 1 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/common/tasks/main.yml
    skipped 11 lines
    12 12   https: "{{ad_https_proxy}}"
    13 13   when: http_proxy == "yes"
    14 14   
     15 +- name: Upgrade module PowerShellGet to fix accept license issue on last windows ansible version
     16 + win_shell: |
     17 + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
     18 + Install-PackageProvider -Name NuGet -Force
     19 + Install-Module PowerShellGet -Force
     20 + 
    15 21  - name: Windows | Check for ComputerManagementDsc Powershell module
    16 22   win_psmodule:
    17 23   name: ComputerManagementDsc
    skipped 26 lines
  • ■ ■ ■ ■ ■
    ansible/roles/groups_domains/tasks/main.yml
    1 1  - name: "Reboot and wait for the AD system to restart"
    2 2   win_reboot:
    3 3   test_command: "Get-ADUser -Identity Administrator -Properties *"
     4 + post_reboot_delay: 100
     5 + 
     6 +- name: "synchronizes all domains"
     7 + win_shell: repadmin /syncall /Ade
     8 + become: yes
     9 + become_method: runas
     10 + become_user: "{{domain_username}}"
     11 + vars:
     12 + ansible_become_pass: "{{domain_password}}"
    4 13   
    5 14  - name: "Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}"
    6 15   community.windows.win_domain_group_membership:
    7  - # domain_server: "{{domain_server}}"
     16 + #domain_server: "{{domain_server}}"
    8 17   domain_username: "{{domain_username}}"
    9 18   domain_password: "{{domain_password}}"
    10 19   name: "{{item.key}}"
    skipped 3 lines
    14 23   register: group_membership
    15 24   until: "group_membership is not failed"
    16 25   retries: 3
    17  - delay: 120
     26 + delay: 60
    18 27   
Please wait...
Page is in error, reload to recover