crash.software
Projects
Pull Requests
Issues
Builds
GOAD
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY GOAD Commits 56af2a41
🤬
  • ■ ■ ■ ■ ■ ■
    ansible/ad-trusts.yml
    skipped 8 lines
    9 9  - name: Trusts configuration
    10 10   hosts: dc01,dc03
    11 11   roles:
     12 + - { role: 'settings/disable_nat_adapter' , tags: 'disable_nat_adapter'}
    12 13   - { role: 'dns_conditional_forwarder', tags: 'dns_conditional_forwarder' }
    13 14   - { role: 'trusts', tags: 'trust' }
     15 + - { role: 'settings/enable_nat_adapter', tags: 'enable_nat_adapter'}
    14 16   vars:
    15 17   domain: "{{lab.hosts[dict_key].domain}}"
     18 + domain_username: "{{domain}}\\Administrator"
     19 + domain_password: "{{lab.domains[domain].domain_password}}"
    16 20   remote_forest: "{{lab.domains[domain].trust}}"
    17 21   remote_admin: "Administrator@{{remote_forest}}"
    18 22   remote_admin_password: "{{lab.domains[remote_forest].domain_password}}"
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    ansible/hosts
    1 1  [all:vars]
    2 2  ; domain_name : folder inside ad/
    3 3  domain_name=sevenkingdoms.local
     4 +; adapter created by vagrant and vbox
     5 +nat_adapter=Ethernet
     6 +domain_adapter=Ethernet 2
    4 7  ansible_user=vagrant
    5 8  ansible_password=vagrant
    6 9  password=Str0nGPassw0rd123_
    skipped 55 lines
  • ■ ■ ■ ■ ■ ■
    ansible/main.yml
    skipped 15 lines
    16 16  - import_playbook: ad-trusts.yml
    17 17  # import the ad datas : users/groups...
    18 18  - import_playbook: ad-data.yml
    19  -## MSSQL + IIS ----------
    20  -# configure servers vulns (done in the midle of ad install to let time before install relations and acl)
    21  -- import_playbook: servers.yml
    22  -## AD - servers localgroup + rdp + inter domain relations & acl
    23 19  # set the rights and the group domains relations
    24 20  - import_playbook: ad-relations.yml
    25 21  # set adcs
    26 22  - import_playbook: adcs.yml
    27 23  # set the ACL
    28 24  - import_playbook: ad-acl.yml
     25 + 
     26 +## SERVERS ---------
     27 +### MSSQL + IIS ----------
     28 +# configure servers vulns (done in the midle of ad install to let time before install relations and acl)
     29 +- import_playbook: servers.yml
     30 + 
     31 +## SECURITY -----
    29 32  # --------------------------------------------------------------------
    30 33  # specifics security linked to the scenario are here
    31 34  - import_playbook: security.yml
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/child_domain/tasks/main.yml
    1 1  - name: "Set configure dns to {{dns_domain}}"
    2 2   win_dns_client:
    3  - adapter_names: 'Ethernet 2'
     3 + adapter_names: "{{domain_adapter}}"
    4 4   ipv4_addresses:
    5 5   - "{{dns_domain}}"
    6 6   log_path: C:\dns_log.txt
    skipped 47 lines
    54 54  # ansible_become_pass: "{{password}}"
    55 55  # when: not domain_child_log.stat.exists
    56 56   
    57  -- name: disable interface Ethernet before join domain
    58  - win_shell: netsh interface set interface "Ethernet" disable
     57 +- name: "disable interface {{nat_adapter}} before join domain"
     58 + win_shell: netsh interface set interface "{{nat_adapter}}" disable
    59 59   
    60 60  - name: add child domain to parent domain
    61 61   ansible.windows.win_powershell:
    skipped 51 lines
    113 113   win_reboot:
    114 114   when: child_result.changed
    115 115   
    116  -- name: enable interface Ethernet after domain joined
    117  - win_shell: netsh interface set interface "Ethernet" enable
     116 +- name: "enable interface {{nat_adapter}} after domain joined"
     117 + win_shell: netsh interface set interface "{{nat_adapter}}" enable
    118 118   
    119 119  - name: "Install XactiveDirectory"
    120 120   win_psmodule:
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/domain_controller/tasks/main.yml
     1 +- name: "disable interface {{nat_adapter}} before join domain"
     2 + win_shell: netsh interface set interface "{{nat_adapter}}" disable
     3 + 
    1 4  - name: Ensure that domain exists
    2 5   win_domain:
    3 6   domain_netbios_name : "{{netbios_name}}"
    skipped 21 lines
    25 28   reboot_timeout: 900
    26 29   post_reboot_delay: 100
    27 30   when: check_domain_controller.changed
     31 + 
     32 +- name: "enable interface {{nat_adapter}} after domain joined"
     33 + win_shell: netsh interface set interface "{{nat_adapter}}" enable
    28 34   
    29 35  - name: Check for xDnsServer Powershell module
    30 36   win_psmodule:
    skipped 20 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/mssql/tasks/main.yml
    1  -- name: Reboot before install
     1 +- name: Reboot before install (long timeout in case of update)
    2 2   win_reboot:
    3  - reboot_timeout: 600
     3 + reboot_timeout: 1200
    4 4   
    5 5  - name: create a directory for installer download
    6 6   win_file:
    skipped 193 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/settings/disable_nat_adapter/tasks/main.yml
     1 +- name: "disable interface {{nat_adapter}}"
     2 + win_shell: netsh interface set interface "{{nat_adapter}}" disable
     3 + 
  • ■ ■ ■ ■ ■ ■
    ansible/roles/settings/enable_nat_adapter/tasks/main.yml
     1 +- name: "enable interface {{nat_adapter}}"
     2 + win_shell: netsh interface set interface "{{nat_adapter}}" enable
     3 + 
  • ■ ■ ■ ■ ■ ■
    ansible/roles/trusts/tasks/main.yml
     1 +- name: "Prepare to trust flush and renew dns"
     2 + win_shell: |
     3 + ipconfig /flushdns
     4 + ipconfig /renew
     5 + 
    1 6  # source : https://social.technet.microsoft.com/wiki/contents/articles/11911.active-directory-powershell-how-to-create-forest-trust.aspx
    2 7  - name: Add trusts between domain
    3 8   ansible.windows.win_powershell:
    skipped 24 lines
    28 33   RemoteForest: "{{remote_forest}}"
    29 34   RemoteAdmin: "{{remote_admin}}"
    30 35   RemoteAdminPassword: "{{remote_admin_password}}"
     36 + vars:
     37 + ansible_become: yes
     38 + ansible_become_method: runas
     39 + ansible_become_user: "{{domain_username}}"
     40 + ansible_become_password: "{{domain_password}}"
    31 41   register:
    32 42   trust_result
    33 43   
    skipped 1 lines
    35 45   win_reboot:
    36 46   test_command: "Get-ADUser -Identity Administrator -Properties *"
    37 47   when: trust_result.changed
     48 + 
     49 + 
     50 +# $localforest=[System.DirectoryServices.ActiveDirectory.Forest]::getCurrentForest()
     51 +# try {
     52 +# $trustPassword = "TrustP@$$w0rd12"
     53 +# $localForest.CreateLocalSideOfTrustRelationship($RemoteForest,"Bidirectional",$trustPassword)
     54 +# $Ansible.Changed = $true
     55 +# } catch [System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectExistsException] {
     56 +# $Ansible.Changed = $false
     57 + 
     58 +- name: Show trust result
     59 + win_shell: |
     60 + $obj = Get-CimInstance -Class Microsoft_DomainTrustStatus -Namespace root\microsoftactivedirectory
     61 + Write-Output -InputObject $obj
     62 + vars:
     63 + ansible_become: yes
     64 + ansible_become_method: runas
     65 + domain_name: "{{domain}}"
     66 + ansible_become_user: "{{domain_username}}"
     67 + ansible_become_password: "{{domain_password}}"
Please wait...
Page is in error, reload to recover