From db799e6ac077140c5feee584ac8b6d3d993028d5 Mon Sep 17 00:00:00 2001
From: Mayfly277 <mayfly277@gmail.com>
Date: Tue, 15 Oct 2024 00:29:36 +0200
Subject: [PATCH] Deployed a88fbd3 with MkDocs version: 1.6.1

---
 installation/windows/index.html | 4 ----
 search/search_index.json        | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/installation/windows/index.html b/installation/windows/index.html
index d74636f1..c8c7c1b9 100644
--- a/installation/windows/index.html
+++ b/installation/windows/index.html
@@ -1306,10 +1306,6 @@
 
 
 <h1 id="windows"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 12V6.75l6-1.32v6.48zm17-9v8.75l-10 .15V5.21zM3 13l6 .09v6.81l-6-1.15zm17 .25V22l-10-1.91V13.1z"/></svg></span> Windows</h1>
-<div class="admonition info">
-<p class="admonition-title">Info</p>
-<p>To use GOAD on windows you will need WSL.</p>
-</div>
 <ul>
 <li>First you will prepare your windows host for an hypervisor</li>
 <li>Second you will choose between <ul>
diff --git a/search/search_index.json b/search/search_index.json
index bba14f6b..ce13058b 100644
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Game Of Active Directory","text":"<p>Welcome to GOAD (v3) documentation !</p> <p>Game Of Active Directory is a free pentest active directory LAB(s) project (1).</p> <ol> <li>GOAD is free if you use your own computer, obviously we will not pay your electricity bill and your cloud provider invoice ;)</li> </ol> <p>The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice </p> <p>Note</p> <p>GOAD main labs (GOAD/GOAD-Light/SCCM) are not pro labs environments (like those you can find on HTB). Theses labs give you an environment to practice a lot of vulnerability and missconfig exploitations. Sure you can use them like pro labs, but it will certainly be too easy due to the number of vulns. Consider more GOAD like a DVWA but for Active Directory. If you want a chall deploy the lab NHA.</p> <p>Warning</p> <p>This lab is extremely vulnerable, do not reuse recipe to build your production environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk).</p> <p>Windows Licenses</p> <p>This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))</p>"},{"location":"changelog/","title":"Road Map","text":""},{"location":"changelog/#v1","title":"v1","text":"<ul> <li> SMB share anonymous</li> <li> SMB not signed</li> <li> Responder</li> <li> Zerologon</li> <li> Windows defender</li> <li> ASREPRoast</li> <li> Kerberoasting</li> <li> AD Acl abuse </li> <li> Unconstraint delegation</li> <li> Ntlm relay</li> </ul>"},{"location":"changelog/#v2","title":"v2","text":"<ul> <li> Password reuse between computer (PTH)</li> <li> Spray User = Password</li> <li> Password in description</li> <li> Constrained delegation</li> <li> Install MSSQL</li> <li> MSSQL trusted link</li> <li> MSSQL impersonate</li> <li> Install IIS</li> <li> Upload asp app</li> <li> Multiples forest</li> <li> Anonymous RPC user listing</li> <li> Child parent domain</li> <li> Generate certificate and enable ldaps</li> <li> ADCS - ESC 1/2/3/4/6/8</li> <li> Certifry</li> <li> Samaccountname/nopac</li> <li> Petitpotam unauthent</li> <li> Printerbug</li> <li> Drop the mic</li> <li> Shadow credentials</li> <li> Mitm6</li> <li> Add LAPS</li> <li> GPO abuse</li> <li> Add Webdav</li> <li> Add RDP bot</li> <li> Add full proxmox integration</li> <li> Add Gmsa (receipe created)</li> <li> Add azure support</li> <li> Refactoring lab and providers</li> <li> Protected Users</li> <li> Account is sensitive</li> <li> Add PPL</li> <li> Add Gmsa</li> <li> Groups inside groups</li> <li> Shares with secrets (all, sysvol)</li> <li> Sccm (see SCCM lab)</li> </ul>"},{"location":"changelog/#v3","title":"v3","text":"<ul> <li> aws support</li> <li> ludus support</li> <li> windows install compatibility</li> <li> extension support</li> <li> multiple instance management</li> <li> extension exchange</li> <li> extension ludus</li> <li> extension elk</li> <li> extension ws01</li> <li> extension exchange add a bot to read mails</li> <li> extension attackbox</li> <li> extension VPN</li> <li> extension guacamole</li> <li> extension linux VM enrolled</li> <li> Add Applocker to ws01</li> <li> Wsus (to add on sccm)</li> <li> ADCS add vulns</li> </ul>"},{"location":"instances/","title":"\ud83c\uddee instances","text":"<p>When you create a lab, goad will create an instance folder. All the instances are stored in the workspace/ folder inside goad.</p> <pre><code>workspace/\n    .\n    \u251c\u2500\u2500 6caf1a-goad-light-azure              # Instance ID\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 exchange_inventory               # extension inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 instance.json                    # instance json file (name, status, etc..)\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory                        # provider inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 provider                         # provider folder\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 jumpbox.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 linux.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 main.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 network.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 outputs.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 terraform.tfstate\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 terraform.tfstate.backup\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 variables.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 windows.tf\n    \u2502\u00a0\u00a0 \u2514\u2500\u2500 ssh_keys                         # the keys generated by this instance\n    \u2502\u00a0\u00a0     \u2514\u2500\u2500 ubuntu-jumpbox.pem\n    \u251c\u2500\u2500 7b12f1-goad-light-vmware             # another instance\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 instance.json\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory_disable_vagrant\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 provider\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 Vagrantfile\n    \u2502\u00a0\u00a0 \u2514\u2500\u2500 ssh_keys\n</code></pre>"},{"location":"instances/#instance-creation","title":"instance creation","text":"<ul> <li>On instance folder creation (when you run <code>install</code> or <code>create_empty</code>), the provider files inside the template/ folder are copied into the instance. <li>These files are merged with the datas inside <code>ad/&lt;lab&gt;/providers/&lt;provider&gt;/</code> folder and the datas inside <code>extensions/&lt;extension&gt;/providers/&lt;provider&gt;/</code></li> <li> <p>The merged result is present in the <code>workspace/&lt;instance_id&gt;/provider/</code> folder and contain all the recipes to create the infrastructure</p> </li> <li> <p>inventories files are also copied from <code>ad/&lt;lab&gt;/provider/&lt;provider&gt;/inventory</code> and <code>extensions/&lt;extension&gt;/inventory</code> (see provisioning for more information in provisioning)</p> </li>"},{"location":"provisioning/","title":"provisioning","text":"<p>This page describe how the provisioning is done with goad. The provisioning of the LABS is done with Ansible for all providers.</p> <ul> <li>First the GOAD install script create an instance folder in the workspace folder.</li> </ul>"},{"location":"provisioning/#lab-data","title":"Lab data","text":"<p>The data of each lab are stored in the json file : <code>ad/&lt;lab&gt;/data/config.json</code>, this file is loaded by each playbook to get all the lab variables (this is done by the data.yml playbook call by all the over playbooks)</p>"},{"location":"provisioning/#extension-data","title":"Extension data","text":"<p>If an extension need data it will be stored in <code>extensions/&lt;extension&gt;/data/config.json</code> but the loading must be done by extension install.yml playbook.</p> <ul> <li>Example with the exchange install.yml file :</li> </ul> <pre><code># read local configuration file\n- name: \"Read local config file\"\n  hosts: domain:extensions\n  connection: local\n  vars_files:\n    - \"../data/config.json\"\n  tasks:\n    - name: merge lab variable with local config\n      set_fact:\n        lab: \"{{ lab|combine(lab_extension, recursive=True) }}\"\n</code></pre>"},{"location":"provisioning/#inventories","title":"Inventories","text":"<p>Ansible work with inventories. Inventories files contains all the hosts declaration and some variables.</p> <ul> <li> <p>The lab inventory file (<code>ad/&lt;lab&gt;/data/inventory</code>) is not modified/moved and contain all the main variables and hosts association, this file stay as this and is not modified. It contains the lab building logic.</p> </li> <li> <p>The provider inventory file (<code>ad/&lt;lab&gt;/provider/&lt;provider&gt;/inventory</code>) is modified with the settings and copied into the workspace folder (<code>workspace/&lt;instance_id&gt;/inventory</code>) , this file contains variable specific to the provider and the host ip declaration</p> </li> <li> <p>The extension(s) inventory file(s) (<code>extensions/&lt;extension&gt;/inventory</code>) is modified with the settings and copied into the workspace folder (<code>workspace/&lt;instance_id&gt;/inventory_&lt;extension&gt;</code>) , this file contains variable specific to the extension and the extension host ip declaration</p> </li> <li> <p>The global inventory file <code>globalsettings.ini</code>contains some global variable with some user settings.</p> </li> </ul> <p>The inventory files are given to ansible in this order : - lab inventory file - workspace provider inventory file - workspace extension(s) inventory file(s) - globalsettings.ini file</p> <p>The order is important as it determine the override order. hosts declarations are merged between all inventory and variables with the same name are override if the same variable is declared. </p> <ul> <li>Example : if i setup dns_server_forwarder=8.8.8.8 in the lab inventory file and dns_server_forwarder=1.1.1.1 in the globalsettings.ini file, the final value for ansible wll be dns_server_forwarder=1.1.1.1</li> </ul>"},{"location":"provisioning/#playbooks","title":"playbooks","text":"<ul> <li>Labs playbook are stored on the ansible/ folder</li> <li>Extension playbook is stored in <code>extension/&lt;extension&gt;/ansible/install.yml</code></li> <li> <p>The extension folder can call the main goad roles by using a special ansible.cfg file.</p> </li> <li> <p>Example of the exchange ansible.cfg file <pre><code>[defaults]\n...\n; add default roles folder into roles_path\nroles_path = ./roles:../../../ansible/roles\n</code></pre></p> </li> </ul>"},{"location":"provisioning/#labs-build","title":"labs build","text":"<ul> <li>Instead of call a global main.yml playbook with all the different tasks to do the goad script call each playbook one by one.</li> <li>In this way, there is a fallback mecanism to retry each playbook 3 times before consider it as failed.</li> <li>The list and order of the playbooks played are stored in the playbooks.yml file at the start of the project.</li> </ul>"},{"location":"questions/","title":"Frequent asked questions","text":"<p>How can i change the default keyboard layout ?</p> <p>edit globalsettings.ini files and change the variable <code>keyboard_layouts</code></p> <p>How can i change the folder where vagrant download the boxes ?</p> <p>vagrant download the boxes by default on ~/.vagrant.d/ folder. Set up the VAGRANT_HOME environment variable to change this location.</p> <p>How can i change the folder where virtualbox create the box ?</p> <p>Go to virtualbox preferences and change the virtualbox vm location folder.</p> <p>I already got a lab installed with v2, is v3 will use it ?</p> <p>Sorry no, the v3 of GOAD doesn't look for already installed lab. Best way to migrate is trash your old lab and build a new one.</p> <p>Can i use goad to create a course for my student ?</p> <p>Sure GOAD is a GPL project. Feel free to reuse it to give course. Just don't forget to give credits to the project ;)</p>"},{"location":"references/","title":"References","text":"<p>\ud83d\udea7 TODO TO BE COMPLETED</p> <ul> <li> <p>Mayfly's blog : </p> <ul> <li>GOAD writeups</li> <li>SCCM writeups</li> <li>Proxmox Install</li> </ul> </li> <li> <p>NHA WriteUp :</p> <ul> <li>crypt0ace's blog NHA writeup</li> </ul> </li> <li> <p>Podcast</p> <ul> <li>Hackn'speak episode 0x1B (FR)</li> </ul> </li> <li> <p>YouTube</p> <ul> <li>Game Of Active Directory With Elastic by I.T security labs</li> <li>HackTheClown Playlist on GOAD-Light</li> <li>Game of Active Directory enumeration by qdada</li> </ul> </li> </ul>"},{"location":"thx/","title":"Special Thanks to","text":"<ul> <li>@KenjiEndo15 for all his work on the SCCM ansible roles and his contribution to the SCCM Lab</li> <li>aleemladha for exchange and ludus ansible roles</li> <li>Erik @badsectorlabs for his advises and tests during the Ludus provider creation</li> <li>@ArnC_CarN for his PR on the aws provider</li> <li>@Sant0rryu for his help during ADCS vulnerabilities creation</li> <li>All the Orange Cyberdefense Toulouse team for the beta tests on the NHA lab ;)</li> <li>Julien Arrault (For the Azure recipes creation)</li> <li>Thomas Rollain (For his tests &amp; some vulns writing during v1 creation)</li> <li>Quentin Galliou (For his tests during v1 creation)</li> </ul> <p>And of course to all the project contributors !</p>"},{"location":"thx/#enterprise","title":"Enterprise","text":"<ul> <li>Orange Cyberdefense</li> </ul>"},{"location":"troobleshoot/","title":"troubleshoot","text":"<p>Tip</p> <p>In most case if you get errors during install, don't think.  Select the failed instance \u0300<code>load &lt;instance_id&gt;</code> and just replay the install with <code>provision_lab</code> to relaunch all or <code>provision_lab_from &lt;playbook&gt;</code> if you know the last failed playbook  (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the install)</p> <p>\ud83d\udea7 TODO refresh me with new goad version :)</p>"},{"location":"troobleshoot/#vagrant-up-winrm-digest-initialization-failed-initialization-error","title":"vagrant up - WinRM - digest initialization failed : Initialization Error","text":"<pre><code>DC01: WinRM username: vagrant\nDC01: WinRM execution_time_limit: PT2H\nDC01: WinRM transport: negotiate\nAn error occurred executing a remote WinRM command.\n\nShell: Cmd\nCommand: hostname\nMessage: Digest initialization failed: initialization error\n</code></pre> <ul> <li>solution 1: change vagrantfile to not use ssl (https://github.com/Orange-Cyberdefense/GOAD/issues/68)<ul> <li>add this lines in vagrantfile to not use ssl :     <pre><code>config.winrm.transport = \"plaintext\"\nconfig.winrm.basic_auth_only = true\n</code></pre></li> </ul> </li> <li> <p>solution 2: allow legacy algorithm (https://github.com/Orange-Cyberdefense/GOAD/issues/11)</p> <ul> <li>add to /etc/ssl/openssl.conf : <pre><code>[provider_sect]\ndefault = default_sect\nlegacy = legacy_sect\n\n[default_sect]\nactivate = 1\n\n[legacy_sect]\nactivate = 1\n</code></pre></li> </ul> </li> <li> <p>solution 3: downgrade the vagrant version (<code>sudo apt install vagrant=2.2.19</code>)</p> </li> </ul>"},{"location":"troobleshoot/#vagrant-up-cannot-load","title":"vagrant up - cannot load","text":"<pre><code>&lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require': cannot load such file -- winrm (LoadError)\n    from &lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:9:in `block in &lt;top (required)&gt;'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/lib/vagrant/util/silence_warnings.rb:8:in `silence!'\n</code></pre> <ul> <li>solution : </li> <li><code>gem install winrm</code></li> <li><code>gem install winrm-fs</code></li> </ul>"},{"location":"troobleshoot/#vagrant-up-cannot-load-such-file-winrm-elevated-loaderror","title":"vagrant up - cannot load such file -- winrm-elevated (LoadError)","text":"<pre><code>&lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require': cannot load such file -- winrm-elevated (LoadError)\n        from &lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require'\n        from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:12:in `&lt;top (required)&gt;'\n        ...\n</code></pre> <ul> <li>solution : <code>gem install winrm-elevated</code></li> </ul>"},{"location":"troobleshoot/#ansible-persistent-unreachable-error","title":"ansible persistent \"unreachable error\"","text":"<ul> <li>Unreachable means ansible can't contact the vms. </li> <li>Maybe the vms didn't got the right ip? (try to connect with vagrant/vagrant on vm and look the ip)</li> <li>Or you got a firewall on the vm which do provisioning which block winrm connection ?</li> <li>or maybe it is a vagrant issue : https://github.com/Orange-Cyberdefense/GOAD/issues/12</li> <li>You could try to switch on port 5985 to connect without ssl as suggest here : https://github.com/Orange-Cyberdefense/GOAD/issues/98 by uncomment the lines in the inventory file you use <pre><code># ansible_winrm_transport=basic\n# ansible_port=5985\n</code></pre></li> </ul>"},{"location":"troobleshoot/#the-naming-context-specified-for-this-replication-operation-is-invalid","title":"The naming context specified for this replication operation is invalid","text":"<pre><code>TASK [groups_domains : synchronizes all domains] *******************************************************************************************************************************************************************************************************************************\nchanged: [dc03]\nchanged: [dc01]\nfatal: [dc02]: FAILED! =&gt; {\"changed\": true, \"cmd\": \"repadmin /syncall /Ade\", \"delta\": \"0:00:01.090773\", \"end\": \"2023-10-18 09:30:26.016579\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2023-10-18 09:30:24.925805\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Syncing all NC's held on winterfell.\\r\\r\\nSyncing partition: DC=north,DC=sevenkingdoms,DC=local\\r\\r\\nCALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\\r\\r\\n    The RPC server is unavailable.\\r\\r\\n\\r\\r\\nSyncAll exited with fatal Win32 error: 8440 (0x20f8):\\r\\r\\n    The naming context specified for this replication operation is invalid.\\r\\r\\n\", \"stdout_lines\": [\"Syncing all NC's held on winterfell.\", \"\", \"Syncing partition: DC=north,DC=sevenkingdoms,DC=local\", \"\", \"CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\", \"\", \"    The RPC server is unavailable.\", \"\", \"\", \"\", \"SyncAll exited with fatal Win32 error: 8440 (0x20f8):\", \"\", \"    The naming context specified for this replication operation is invalid.\", \"\"]}\n</code></pre> <ul> <li>relaunch install</li> </ul>"},{"location":"troobleshoot/#vagrant-up-vagrant-cant-use-the-requested-machine-because-it-is-locked","title":"vagrant up - Vagrant can't use the requested machine because it is locked","text":"<pre><code>==&gt; GOAD-SRV03: Configuring and enabling network interfaces...\nVagrant can't use the requested machine because it is locked! This\nmeans that another Vagrant process is currently reading or modifying\nthe machine. Please wait for that Vagrant process to end and try\nagain. Details about the machine are shown below:\n</code></pre> <ul> <li>solution : relaunch the provisioning on the broken computer : </li> <li>exemple : <pre><code>cd ~/GOAD/ad/GOAD/providers/virtualbox\nvagrant reload GOAD-SRV03 --provisioning\n</code></pre></li> <li>and than relaunch the install script</li> </ul>"},{"location":"troobleshoot/#the-server-has-rejected-the-client-credentials","title":"The server has rejected the client credentials","text":"<pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [dc02] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\\\daenerys.targaryen']}) =&gt; {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"AcrossTheSea\", \"value\": [\"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: The server has rejected the client credentials.\"}\n</code></pre> <ul> <li>something go wrong with the trust, all the links are not fully establish</li> <li>wait several minutes and relaunch the install</li> </ul>"},{"location":"troobleshoot/#groups-domain-error","title":"Groups domain error","text":"<ul> <li>something go wrong with the trust, all the links are not fully establish</li> <li>wait several minutes and relaunch the playbook</li> <li>i really don't know why this append time to time on installation, if you want to investigate and resolve the issue please tell me how.</li> </ul> <pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [192.168.56.xx] (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\\\tyron.lannister', 'essos.local\\\\daenerys.targaryen']}) =&gt; {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"DragonsFriends\", \"value\": [\"north.sevenkingdoms.local\\\\jon.snow\", \"sevenkingdoms.local\\\\tyron.lannister\", \"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials.\"}\n</code></pre>"},{"location":"troobleshoot/#error-add-warning","title":"Error Add-Warning","text":"<ul> <li>You got an \"Add-Warning\" error during the user installation.</li> <li>Upgrade to community.windows galaxy &gt;= 1.11.0</li> <li>relaunch the ansible playbooks.</li> </ul> <pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475\nfailed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',\n...\n\"msg\": \"Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.\"}+\n</code></pre>"},{"location":"troobleshoot/#a-parameter-cannot-be-found-that-matches-parameter-name-acceptlicense","title":"A parameter cannot be found that matches parameter name 'AcceptLicense'","text":"<ul> <li>If you got this kind of error you got an ansible.windows version &gt;=  1.11.0</li> <li>This version add the parameter AcceptLicense but it is accepted only for PowerShellGet module &gt;= 1.6.0 and this one is not embedded in the vms.</li> <li>Please keep version 1.11.0 and update the lab to get the fix for the PowerShellGet Module version.</li> </ul> <pre><code>fatal: [xxx]: FAILED! =&gt; {\n    \"changed\": false,\n    \"msg\": \"Problems installing XXXX module: A parameter cannot be found that matches parameter name 'AcceptLicense'.\",\n    \"nuget_changed\": false,\n    \"output\": \"\",\n    \"repository_changed\": false\n}\n</code></pre>"},{"location":"troobleshoot/#old-ansible-version","title":"old Ansible version","text":"<pre><code>ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.\n\nThe error appears to have been in '/home/hrrb0032/Documents/mission/GOAD/roles/domain_controller/tasks/main.yml': line 8, column 3, but maybe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n- name: disable enhanced exit codes\n^ here\n</code></pre> <p>solution : upgrade Ansible</p>"},{"location":"troobleshoot/#old-ansiblewindows-version","title":"old ansible.windows version","text":"<pre><code>ERROR! couldn't resolve module/action 'win_powershell'. This often indicates a misspelling, missing collection, or incorrect module path.\n</code></pre> <ul> <li>solution: reinstall ansible.windows module : <pre><code>ansible-galaxy collection install ansible.windows --force\n</code></pre></li> </ul>"},{"location":"troobleshoot/#winrm","title":"winrm","text":"<pre><code>PLAY [DC01 - kingslanding] *******************************************************\n\n\n\nTASK [Gathering Facts] ***********************************************************\nfatal: [192.168.56.10]: FAILED! =&gt; {\"msg\": \"winrm or requests is not installed: No module named winrm\"}\n\n\n\nPLAY RECAP ***********************************************************************\n192.168.56.10              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \n</code></pre> <p>solution : pip install pywinrm</p>"},{"location":"troobleshoot/#winrm-send-input-timeout","title":"winrm send input timeout","text":"<pre><code>TASK [Gathering Facts] ****************************************************************************************************************************************************\n[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMOperationTimeoutError\nok: [192.168.56.11]\n</code></pre> <p>solution : wait or if crashed then re-run install</p>"},{"location":"troobleshoot/#domain-controller-ensure-users-are-present","title":"Domain controller : ensure Users are present","text":"<p><pre><code>TASK [domain_controller : Ensure that Users presents in ou=&lt;kingdom&gt;,dc=SEVENKINGDOMS,dc=local] ***************************************************************************\nAn exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()\nfailed: [192.168.56.10] (item={u'key': u'lord.varys', u'value': {u'city': u\"King's Landing\", u'password': u'_W1sper_$', u'name': u'Lord Varys', u'groups': u'Small Council', u'path': u'OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local'}}) =&gt; {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": {\"key\": \"lord.varys\", \"value\": {\"city\": \"King's Landing\", \"groups\": \"Small Council\", \"name\": \"Lord Varys\", \"password\": \"_W1sper_$\", \"path\": \"OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local\"}}, \"msg\": \"Unhandled exception while executing module: An unspecified error has occurred\"}\n</code></pre>  solution : re-run install</p>"},{"location":"troobleshoot/#mssql-unable-to-install-sql-server","title":"mssql : Unable to install SQL Server","text":"<pre><code>TASK [mssql : Install the database]\nfatal: [192.168.56.22]: FAILED! =&gt; {\"attempts\": 3, \"changed\": true, \"cmd\": \"c:\\\\setup\\\\mssql\\\\sql_installer.exe /configurationfile=c:\\\\setup\\\\mssql\\\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\\\setup\\\\mssql\\\\media /QUIET /HIDEPROGRESSBAR\", \"delta\": \"0:00:34.891185\", \"end\": \"2022-08-17 21:26:53.976793\", \"msg\": \"non-zero return code\", \"rc\": 2226323458, \"start\": \"2022-08-17 21:26:19.085608\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Microsoft (R) SQL Server Installer\\r\\nCopyright (c) 2019 Microsoft.  All rights reserved.\\r\\n\\r\\nDownloading install package...\\r\\n\\r\\n\\r\\nOperation finished with result: Failure\\r\\n\\r\\nOops...\\r\\n\\r\\nUnable to install SQL Server (setup.exe).\\r\\n\\r\\n      Exit code (Decimal): -2068643838\\r\\n      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\\r\\n\\r\\n  SQL SERVER INSTALL LOG FOLDER\\r\\n      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\\r\\n\\r\\n\", \"stdout_lines\": [\"Microsoft (R) SQL Server Installer\", \"Copyright (c) 2019 Microsoft.  All rights reserved.\", \"\", \"Downloading install package...\", \"\", \"\", \"Operation finished with result: Failure\", \"\", \"Oops...\", \"\", \"Unable to install SQL Server (setup.exe).\", \"\", \"      Exit code (Decimal): -2068643838\", \"      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\", \"\", \"  SQL SERVER INSTALL LOG FOLDER\", \"      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\", \"\"]}\n</code></pre> <p>solution : re-run installer</p>"},{"location":"troobleshoot/#vagrant-not-working-on-ubuntu-2204","title":"vagrant: Not working on Ubuntu 22.04","text":"<p>I was using the version of Vagrant in the Ubuntu repo, and then tried to use the version 2.4.0 and 2.3.4 binaries from hashicorp, but kept on running into this error:</p> <p><pre><code>The guest machine entered an invalid state while waiting for it\nto boot. Valid states are 'starting, running'. The machine is in the\n'poweroff' state. Please verify everything is configured\nproperly and try again.\n\nIf the provider you're using has a GUI that comes with it,\nit is often helpful to open that and watch the machine, since the\nGUI often has more helpful error messages than Vagrant can retrieve.\nFor example, if you're using VirtualBox, run `vagrant up` while the\nVirtualBox GUI is open.\n\nThe primary issue for this error is that the provider you're using\nis not properly configured. This is very rarely a Vagrant issue.\n</code></pre> Solution : install vagrant from the hashicorp repo</p>"},{"location":"troobleshoot/#proxmox-error-creating-vm-403-permission-check-failed-sdnzoneslocalnetworkvmbr310-sdnuse","title":"proxmox: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use)","text":"<p>The error may look similar to below: <pre><code>==&gt; proxmox-iso.windows: Error creating VM: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use), \nerror status: {\"data\":null} (params: ......\n</code></pre></p> <p>It may be fixed by delegating the SDN.Use privilege to the packer user <pre><code>pveum role modify Packer -privs \"VM.Config.Disk VM.Config.CPU VM.Config.Memory Datastore.AllocateTemplate Datastore.Audit Datastore.AllocateSpace Sys.Modify VM.Config.Options VM.Allocate VM.Audit VM.Console VM.Config.CDROM VM.Config.Cloudinit VM.Config.Network VM.PowerMgmt VM.Config.HWType VM.Monitor SDN.Use\"\n</code></pre></p>"},{"location":"troobleshoot/#proxmox-proxmox-isowindows-error-creating-vm-error-creating-vm-unable-to-create-vm-103-unsupported-format-qcow2","title":"proxmox: ==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2'","text":"<p>The error may look similar to below: <pre><code>root@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==&gt; proxmox-iso.windows: Retrieving additional ISO\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==&gt; proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 =&gt; /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Creating VM\n==&gt; proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2' at /usr/share/perl5/PVE/Storage/LvmThinPlugin.pm line 87., error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug: ide2:local:iso/windows_server_2019.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2 net0:virtio=5E:5D:24:C4:0F:DA,bridge=vmbr3,tag=10 numa:false onboot:false ostype:win10 pool:GOAD sata0:vms:40,discard=ignore,format=qcow2 scsihw:lsi sockets:1 startup: tags: vmid:103])......\n</code></pre></p> <p>Filesystems such as ZFS (and others) do not support qcow2. From my reading the best approach is to use an ext4 filesystem and modify <code>config.auto.pkrvars.hcl</code> with the newly created ext4 volume.</p> <pre><code>root@goadprovisioning:~/GOAD/packer/proxmox# vi config.auto.pkrvars.hcl\n...\nproxmox_vm_storage      = \"ext4-qcow2\"\n...\nroot@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==&gt; proxmox-iso.windows: Retrieving additional ISO\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==&gt; proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 =&gt; /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Creating VM\n==&gt; proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==&gt; proxmox-iso.windows: Starting VM\n</code></pre> <ul> <li>another solution is to switch to raw : <code>proxmox_vm_storage      = \"raw\"</code></li> </ul>"},{"location":"troobleshoot/#proxmox-packer-error-creating-vm-volume-localisowindows_xxxiso-does-not-exist","title":"proxmox - packer error creating vm :  volume 'local:iso/windows_XXX.iso' does not exist","text":"<pre><code>==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 116 - volume 'local:iso/windows_server2019_XXX_en-us.iso' does not exist, error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug\n: ide2:local:iso/windows_server2019_XXX_en-us.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2-uptodate net0:virtio=DA:CB:EB:85:08:0E,bridge=vmbr3,tag=10,firewall=false onboot:false ostype:win10 pool:Templates sata0:local:80,format=q\ncow2 scsihw:lsi sockets:1 startup: tags: vmid:116])   \n</code></pre> <p>verify your iso files inside proxmox and be sure the iso you want to use exist in proxmox</p>"},{"location":"troobleshoot/#ansible-adapter-name-error","title":"ansible adapter name error","text":"<pre><code>No MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet'\n\nor \n\nNo MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet2 '\n</code></pre> <ul> <li>connect to the vm and run ipconfig, verify the adapter name are the same as described in the inventory file.</li> <li>if not change them to match the inventory name in the vm.</li> </ul>"},{"location":"troobleshoot/#unreachable-proxmox-ansible","title":"unreachable - proxmox, ansible","text":"<pre><code>fatal: [dc01]: UNREACHABLE! =&gt; {\"changed\": false, \"msg\": \"ssl: HTTPSConnectionPool(host='192.168.10.40', port=5986): Max retries exceeded with url: /wsman\n</code></pre> <ul> <li>may be the vm is not well ready after the terraform creation. retry the install.</li> <li>if you still get the error connect to the vm and verify the static ip is corresponding with the one expect.</li> </ul>"},{"location":"vulnerabilities/","title":"Vulnerabilities","text":"<p>vulnerabilities</p>"},{"location":"developpers/provisioning/","title":"Provisioning","text":""},{"location":"developpers/provisioning/#provisioning","title":"Provisioning","text":"<ul> <li>The provisioning is always done with ansible, more detail on the ansible provisioning here : Ansible provisioning</li> </ul>"},{"location":"developpers/structure/","title":"Structure","text":""},{"location":"developpers/structure/#lab-organization","title":"Lab organization","text":"<ul> <li>The lab configuration is located on the ad/ folder</li> <li>Each Ad folder correspond to a lab and contains the following files :</li> </ul> <pre><code>ad/\n  labname/            # The lab name must be the same as the variable : domain_name from the data/inventory\n    data/\n      config.json     # The json file containing all the variables and configuration of the lab\n      inventory       # The global lab inventory (provider independent) (this should no contains variables)\n    files/            # This folder contains files you want to copy on your vms\n    scripts/          # This folder contains ps1 scripts you want to play on your vm (Must be added in the \"scripts\" entries of your vms)\n    providers/        # Your lab available provider\n      vmware/\n        inventory     # specific vmware inventory\n        Vagrantfile   # specific vmware vagrantfile\n      virtualbox/\n        inventory     # specific virtualbox inventory\n        Vagrantfile   # specific virtualbox vagrantfile\n      proxmox/\n        terraform/    # specific proxmox terraform recipe\n        inventory     # specific proxmox inventory\n      azure/\n        terraform/    # specific azure terraform recipe\n        inventory     # specific azure inventory\n</code></pre>"},{"location":"extensions/","title":"Extensions","text":"<ul> <li>exchange : Add an exchange to GOAD or GOAD-Light lab</li> <li>ws01 : Add an hardened workstation to GOAD or GOAD-Light lab</li> <li>wazuh : Add wazuh EDR to visualize alerts</li> <li>elk : Add an ELK to collect and read the logs</li> </ul>"},{"location":"extensions/elk/","title":"elk","text":"<ul> <li>Extension name : <code>elk</code></li> <li>Compatibility  : <code>*</code></li> <li>Providers : virtualbox/azure/vmware/aws/ludus</li> <li> <p>Add a machine  : elk  (ip_range.50)</p> </li> <li> <p>Kibana is configured on http://{{ip_range}}.50:5601 to follow the lab events</p> </li> <li>Infos : log encyclopedia : https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/</li> <li>Install filebeat agent on domain computer machines</li> </ul>"},{"location":"extensions/elk/#prerequisites","title":"prerequisites","text":"<ul> <li> <p>You need <code>sshpass</code> for the elk installation <pre><code>sudo apt install sshpass\n</code></pre></p> </li> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d ubuntu-22.04-x64-server\nludus templates build\n</code></pre></p> </li> </ul>"},{"location":"extensions/elk/#install","title":"Install","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the elk extension <pre><code>install_extension elk\n</code></pre></p> </li> </ul>"},{"location":"extensions/exchange/","title":"exchange","text":"<p>Thanks!</p> <p>Credits and huge thanks to aleemladha for his exchange role and his help to test the extension.</p> <ul> <li>Extension name : <code>exchange</code></li> <li>Compatibility  : GOAD, GOAD-Light</li> <li>Providers : virtualbox/azure/vmware/aws/ludus/proxmox</li> <li>Add a machine  : srv01 (the-eyrie.sevenkingdoms.local)  (ip_range.21)</li> </ul> <p>resources</p> <p>Exchange is really HUGE, it will add a vm with at least 12Gb of RAM be sure your computer support it before install</p> <p>impacts</p> <p>Modify the ad schema and add a computer (warning the exchange machine is really heavy)</p>"},{"location":"extensions/exchange/#prerequisites","title":"Prerequisites","text":"<ul> <li>GOAD or GOAD-Light installation</li> </ul>"},{"location":"extensions/exchange/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the exchange extension <pre><code>install_extension exchange\n</code></pre></p> </li> </ul>"},{"location":"extensions/wazuh/","title":"wazuh","text":"<p>Thanks!</p> <p>Credits and huge thanks to aleemladha for the ansible role. https://github.com/Orange-Cyberdefense/GOAD/pull/215</p> <ul> <li>Extension name : <code>wazuh</code></li> <li>Description : Add wazuh free EDR server and agent on all the domain computers + soc fortress rules (https://github.com/socfortress/Wazuh-Rules)</li> <li>Compatibility  : *</li> <li>Providers : virtualbox/azure/vmware/aws/ludus </li> <li>Add a machine  : wazuh (ip_range.51)</li> </ul> <p>impacts</p> <p>add a wazuh machine and a wazuh agent on all windows machine\"</p>"},{"location":"extensions/wazuh/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d ubuntu-22.04-x64-server\nludus templates build\n</code></pre></p> </li> <li> <p>A lab installed</p> </li> </ul>"},{"location":"extensions/wazuh/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the exchange extension <pre><code>install_extension wazuh\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/","title":"ws01","text":"<ul> <li>Extension name : <code>ws01</code></li> <li>Description : Add a Windows 10 workstation to the lab GOAD or GOAD Light in the domain sevenkingdoms.local</li> <li>Compatibility  : GOAD, GOAD-Light</li> <li> <p>Providers : virtualbox/azure/vmware/aws/ludus/proxmox</p> </li> <li> <p>Add a machine  : {{lab_name}}-WS01 (casterlyrock.sevenkingdoms.local)  (ip_range.31)</p> </li> </ul> <p>rearm</p> <p>The vm is not armed by default (90 days trials), connect to the vm with vagrant/vagrant and run as admin <code>slmgr -rearm</code> to rearm the box. (need a restart)</p> <p>aws</p> <p>AWS doesn't got any windows 10 so for aws the vm is a windows server 2019</p>"},{"location":"extensions/ws01/#lab-info","title":"Lab info","text":"<ul> <li> <p>Lab infos:</p> <ul> <li>hostname: casterlyrock </li> <li>Users:<ul> <li>Administrators :<ul> <li>tywin.lannister</li> <li>jaime.lannister</li> </ul> </li> <li>RDP Users:<ul> <li>Lannister group</li> </ul> </li> </ul> </li> </ul> </li> <li> <p>Features :</p> <ul> <li>run_as_ppl</li> <li>powershell restricted</li> <li>asr rules :<ul> <li>block lsass stealing</li> <li>block PSExec and WMI</li> </ul> </li> </ul> </li> </ul>"},{"location":"extensions/ws01/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>GOAD or GOAD-Light installation</p> </li> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d win10-21h1-x64-enterprise\nludus templates build\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the ws01 extension <pre><code>install_extension ws01\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/#thanks","title":"thanks","text":"<ul> <li>asr rules implementation : https://github.com/zuesdevil (https://github.com/Orange-Cyberdefense/GOAD/pull/172)</li> </ul>"},{"location":"installation/","title":"\ud83d\ude80 Installation","text":"<p>In the last version, GOAD use no more bash for the installation/management script. The goad management script is now written in  python to permit more flexibility and cover the needs to create a Windows WSL support.</p> <ul> <li> <p>First prepare you system for GOAD execution:</p> <ul> <li> Linux</li> <li> Windows</li> </ul> </li> <li> <p>Installation depend of the provider you use, please follow the appropriate guide :</p> <ul> <li> Install with Virtualbox</li> <li> Install with VmWare</li> <li> Install with Proxmox</li> <li> Install with Azure</li> <li> Install with Aws</li> <li>\ud83c\udfdf\ufe0f Install with Ludus</li> </ul> </li> </ul>"},{"location":"installation/#tldr-quick-install","title":"TLDR - quick install","text":"TLDR :  ubuntu 22.04 quick install <pre><code># Install vbox\nsudo apt install virtualbox\n\n# Install vagrant\nwget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\necho \"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\nsudo apt update &amp;&amp; sudo apt install vagrant\n\n# Install Vagrant plugins\nvagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n\n# Add some dependencies\nsudo apt install sshpass lftp rsync openssh-client python3.10-venv\n\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n# verify installation\n./goad.sh -t check -l GOAD -p virtualbox\n\n# install\n./goad.sh -t install -l GOAD -p virtualbox\n\n# launch goad in interactive mode\n./goad.sh\n</code></pre>"},{"location":"installation/#dependencies","title":"Dependencies","text":"<ul> <li>Goad in  python come with a lot of dependencies as you can see in the <code>requirements.yml</code> file on the root of the project.</li> <li>If you don't want to run the provisioning from your python venv but only from docker you can use <code>goad_docker.sh</code> script instead of <code>goad.sh</code>. This will run the ansible with the docker method instead of local or runner.</li> </ul> <p>This are the python dependencies used by goad :</p> <ul> <li> <p>Mandatory for  goad.py: <pre><code>rich\npsutil\nJinja2\npyyaml\n</code></pre></p> </li> <li> <p>Mandatory for  ansible inside goad (for provisioning method local or runner) : <pre><code># Ansible\nansible_runner\nansible-core==2.12.6\npywinrm\n</code></pre></p> </li> <li> <p>Mandatory for  azure provider : <pre><code># AZURE\nazure-identity\nazure-mgmt-compute\nazure-mgmt-network\n</code></pre></p> </li> <li> <p>Mandatory for  aws provider : <pre><code># AWS\nboto3\n</code></pre></p> </li> <li> <p>Mandatory for  proxmox provider: <pre><code># Proxmox\nproxmoxer\nrequests\n</code></pre></p> </li> <li> <p>You can launch goad without installing all the pip package but for that you will have to disable some dependencies with the <code>-d</code> arguments: <pre><code>-d vmware     : disable vmware provider\n-d virtualbox : disable virtualbox provider\n-d azure      : disable azure provider\n-d aws        : disable azure provider\n-d proxmox    : disable proxmox provider\n-d ludus      : disable ludus provider\n-d local      : disable local provisioning method (if you use docker only)\n-d runner     : disable ansible runner provisioning method (if you use docker only)\n-d remote     : disable remote provisioning method\n-d docker     : disable docker provisioning method\n</code></pre></p> </li> </ul>"},{"location":"installation/#installation_1","title":"Installation","text":"<ul> <li> <p>Installation is in three parts :</p> <ul> <li>Templating : this will create the template to use (needed only for proxmox and ludus)</li> <li>Providing : this will instantiate the virtual machines depending on your provider</li> <li>Provisioning : it is always made with ansible, it will install all the stuff to create the lab</li> </ul> </li> <li> <p>GOAD script cover the providing and provisioning part</p> </li> <li> <p>The install script take multiple parameters:</p> <ul> <li><code>-p</code>  : the provider to use (vmware/virtualbox/proxmox/ludus/azure/aws)</li> <li><code>-l</code>  : the lab to install (GOAD/GOAD-Light/SCCM/NHA/MINILAB)</li> <li><code>-m</code>  : the method of installation (local/runner/docker/remote), most of the time don't change it</li> <li><code>-ip</code> : the ip range to use</li> </ul> </li> <li> <p>The easy way is just launch <code>./goad.sh</code> and use help <code>?</code>in the interactive prompt</p> </li> </ul>"},{"location":"installation/#configuration-files","title":"Configuration files","text":""},{"location":"installation/#homegoadgoadini","title":"$HOME/.goad/goad.ini","text":"<ul> <li> <p>On the first launch goad create a global configuration file at : <code>$HOME/.goad/goad.ini</code> this file contains some default configuration and some parameters needed by some providers.</p> </li> <li> <p>If you change the <code>[default]</code> config it will change the default selection when goad start</p> </li> <li>Others configurations are related to specific providers</li> </ul> <pre><code>[default]\n; lab: goad / goad-light / minilab / nha / sccm\nlab = GOAD\n; provider : virtualbox / vmware / aws / azure / proxmox\nprovider = vmware\n; provisioner method : local / remote\nprovisioner = local\n; ip_range (3 first ip digits)\nip_range = 192.168.56\n\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n\n[azure]\naz_location = westeurope\n\n[proxmox]\npm_api_url = https://192.168.1.1:8006/api2/json\npm_user = infra_as_code@pve\npm_node = GOAD\npm_pool = GOAD\npm_full_clone = false\npm_storage = local\npm_vlan = 10\npm_network_bridge = vmbr3\npm_network_model = e1000\n\n[proxmox_templates_id]\nwinserver2019_x64 = 102\nwinserver2016_x64 = 103\nwinserver2019_x64_utd = 104\nwindows10_22h2_x64 = 105\n\n[ludus]\n; api key must not have % if you have a % in it, change it by a %%\nludus_api_key = change_me\nuse_impersonation = yes\n</code></pre>"},{"location":"installation/#global-configuration-globalsettingsini","title":"Global configuration : globalsettings.ini","text":"<ul> <li>Goad got a global configuration file : <code>globalsettings.ini</code> used by the ansible provisioning</li> <li>This file is an ansible inventory file.</li> <li>This file is always added at the end of the ansible inventory file list so you can override values here</li> <li>You can change it before running the installation to modify :<ul> <li>keyboard_layouts</li> <li>proxy configuration</li> <li>add a route to the vm</li> <li>change the default dns_forwarder</li> <li>disable ssl for winrm communication</li> </ul> </li> </ul>"},{"location":"installation/linux/","title":"Linux","text":"<ul> <li>First you will prepare your host for an hypervisor</li> <li>Second you will prepare your python environment</li> </ul>"},{"location":"installation/linux/#prepare-your-provider","title":"Prepare your Provider","text":"Virtualbox Vmware workstation Azure Aws Proxmox\ud83c\udfdf\ufe0f  Ludus <ul> <li> <p>Vagrant</p> <ul> <li>In order to download vm and create them on virtualbox you need to install vagrant</li> <li>https://developer.hashicorp.com/vagrant/install#linux</li> </ul> </li> <li> <p>Virtualbox</p> <ul> <li>Install virtualbox <pre><code>sudo apt install virtualbox\n</code></pre></li> </ul> </li> <li> <p>Install vagrant plugins <pre><code>vagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n</code></pre></p> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>Tip</p> <p>Vmware workstation is now free for personal use !</p> <ul> <li> <p>Vagrant</p> <ul> <li>In order to download vm and create them on virtualbox you need to install vagrant</li> <li>https://developer.hashicorp.com/vagrant/install#linux</li> </ul> </li> <li> <p>Vmware workstation</p> <ul> <li>Install vmware workstation https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro</li> </ul> </li> <li> <p>Install vagrant vmware utility : https://developer.hashicorp.com/vagrant/install/vmware</p> </li> <li> <p>Install the following vagrant plugins:     <pre><code>vagrant plugin install vagrant-reload vagrant-vmware-desktop winrm winrm-fs winrm-elevated\n</code></pre></p> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <ul> <li>Azure CLI<ul> <li>Install azure cli     https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux</li> <li>Connect to azure :     <pre><code>az login\n</code></pre></li> </ul> </li> <li>Terraform<ul> <li>The installation to Azure use terraform so you will have to install it: https://developer.hashicorp.com/terraform/install</li> </ul> </li> </ul> <ul> <li> <p>AWS CLI</p> <ul> <li>Install aws cli      https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions</li> <li> <ul> <li>Go to IAM &gt; User &gt; your user &gt; Security credentials</li> <li>Click the Create access key button</li> <li>Create a group \"[goad]\" in credentials file ~/.aws/credentials     <pre><code>[goad]\naws_access_key_id = changeme\naws_secret_access_key = changeme\n</code></pre></li> <li>Be sure to chmod 400 the file</li> </ul> <p>Create an aws access key and secret for goad usage</p> <p>credentials in plain text</p> <p>Storing credentials in plain text is always a bad idea, but aws cli work like that be sure to restrain the right access to this file</p> </li> </ul> </li> <li> <p>Terraform</p> <ul> <li>The installation to Aws use terraform so you will have to install it: https://developer.hashicorp.com/terraform/install</li> </ul> </li> </ul> <ul> <li>Proxmox install is very complex and use a lot of steps</li> <li>A complete guide to proxmox installation is available here : https://mayfly277.github.io/categories/proxmox/</li> </ul> <ul> <li>To add GOAD on Ludus please use goad directly on the server.</li> <li> <p>By now goad can work only directly on the server and not from a workstation client.</p> </li> <li> <p>Install Ludus : https://docs.ludus.cloud/docs/quick-start/install-ludus/</p> </li> <li> <p>Be sure to create an administrator user and keep his api key</p> </li> <li> <p>Once your installation is complete on ludus server (debian 12) and your user is created do :</p> </li> </ul> <pre><code>git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\n...&gt;exit\nvim ~/.goad/goad.ini # add the api_key in the config file (keep impersonate to yes and use an admin user)\n./goad.sh -p ludus\n...&gt;set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\n...&gt;install\n</code></pre>"},{"location":"installation/linux/#prepare-your-python-environment-for-goadpy","title":"Prepare your python environment for goad.py","text":"ClassicProvisioning with docker <ul> <li> <p> To run the Goad installation/management script you will need :</p> <ul> <li>Python (version between 3.8 and 3.11) with venv module installed</li> </ul> </li> <li> <p>Install the python3-venv corresponding to your python version </p> </li> </ul> <pre><code>sudo apt install python&lt;version&gt;-venv\n</code></pre> <ul> <li>Example:</li> </ul> <pre><code>sudo apt install python3.10-venv\n</code></pre> <p>Python version</p> <p>Be sure to use a python version between python3.8 and python 3.11. Others python versions are not supported by now due to incompatibility with the fixed version in the requirements.</p> <p>Info</p> <p>With this method ansible-core will not be installed locally on your venv</p> <ul> <li> be sure you have docker installed on your os for the provisioning part (ansible will be run from the container)</li> <li> <p> To run the Goad installation/management script you will need :</p> <ul> <li>Python (version &gt;= 3.8) with venv module installed</li> </ul> </li> <li> <p>Install the python3-venv corresponding to your python version </p> </li> </ul> <pre><code>sudo apt install python&lt;version&gt;-venv\n</code></pre> <ul> <li>Example:</li> </ul> <pre><code>sudo apt install python3.10-venv\n</code></pre> <ul> <li>Run goad with <code>./goad_docker.sh</code> instead of <code>./goad.sh</code> to install the dependencies without the ansible part (local and runner provisioning method will not be available)</li> </ul>"},{"location":"installation/windows/","title":"Windows","text":"<p>Info</p> <p>To use GOAD on windows you will need WSL.</p> <ul> <li>First you will prepare your windows host for an hypervisor</li> <li>Second you will choose between <ul> <li>install debian 12 with WSL to run goad install script</li> <li>Or prepare your windows host (install with a provisioning machine)</li> </ul> </li> </ul>"},{"location":"installation/windows/#prepare-windows-host","title":"Prepare Windows Host","text":"Virtualbox Vmware Workstation Aws Azure Promox\ud83c\udfdf\ufe0f  Ludus <p>If you want to use virtualbox as a hypervisor to create your vm.</p> <ul> <li> <p>VAGRANT</p> <p>If you want to create the lab on your windows computer you will need vagrant. Vagrant will be responsible to automate the process of vm download and creation.</p> <ul> <li>Download and install visual c++ 2019   : https://aka.ms/vs/17/release/vc_redist.x64.exe</li> <li>Install vagrant : https://developer.hashicorp.com/vagrant/install</li> </ul> </li> <li> <p>Virtualbox</p> <ul> <li> <p>Install virtualbox &lt;= 7.0 (vagrant support only to vbox7.0 at the time of writing) : https://www.virtualbox.org/wiki/Download_Old_Builds_7_0</p> </li> <li> <p>Install the following vagrant plugins:</p> </li> </ul> <pre><code>vagrant.exe plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n</code></pre> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>If you want to use vmware workstation as an hypervisor to create your vm.</p> <p>Tip</p> <p>Vmware workstation is now free for personal use !</p> <ul> <li> <p>VAGRANT</p> <p>If you want to create the lab on your windows computer you will need vagrant. Vagrant will be responsible to automate the process of vm download and creation.</p> <ul> <li>Download and install visual c++ 2019   : https://aka.ms/vs/17/release/vc_redist.x64.exe</li> <li>Install vagrant : https://developer.hashicorp.com/vagrant/install</li> </ul> </li> <li> <p>Vmware Workstation</p> <ul> <li>Install vmware workstation : https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro</li> </ul> <p>vmware workstation install bug</p> <p>if you got an error about groups and permission during vmware workstation install consider running this in an administrator cmd prompt: <pre><code>net localgroup /add \"Users\"\nnet localgroup /add \"Authenticated Users\"\n</code></pre></p> <ul> <li> <p>Install vagrant vmware utility : https://developer.hashicorp.com/vagrant/install/vmware</p> </li> <li> <p>Install the following vagrant plugins:</p> </li> </ul> <pre><code>vagrant.exe plugin install vagrant-reload vagrant-vmware-desktop winrm winrm-fs winrm-elevated\n</code></pre> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>Nothing to prepare on windows host, install and prepare wsl and next follow linux install from your wsl console : see aws linux install</p> <p>Nothing to prepare on windows host, install and prepare wsl and next linux install from your wsl console see azure linux install</p> <p>Not supported, you will have to create a provisioning machine on your proxmox and run goad from then (see proxmox linux install)</p> <p>Not supported, you will have to act from your ludus server (see ludus linux install)</p>"},{"location":"installation/windows/#prepare-python-environment","title":"Prepare python environment","text":"With WSLWith Python on windows host <p>Now your host environment is ready for virtual machine creation. Now we will install WSL to run the goad installation script.</p> <p>wsl version</p> <p>New Linux installations, installed using the wsl --install command, will be set to WSL 2 by default. The wsl --set-version command can be used to downgrade from WSL 2 to WSL 1 or to update previously installed Linux distributions from WSL 1 to WSL 2. To see whether your Linux distribution is set to WSL 1 or WSL 2, use the command: <code>wsl -l -v</code>. To change versions, use the command: <code>wsl --set-version &lt;distro name&gt; &lt;wsl_version&gt;</code> replacing  with the name of the Linux distribution that you want to update.  As an example: <code>wsl --set-version Debian 1</code> will set your Debian distribution to use WSL 1. <p>use wsl version1</p> <p>by now wsl was tested succefully with version 1 </p>"},{"location":"installation/windows/#install-wsl","title":"Install WSL","text":"<ul> <li>First install wsl on your environment https://learn.microsoft.com/en-us/windows/wsl/install</li> <li>Next go to the microsoft store and install debian (debian12)</li> </ul>"},{"location":"installation/windows/#prepare-wsl-distribution","title":"Prepare WSL distribution","text":"<ul> <li> <p>Open debian console then :</p> <ul> <li> <p>Verify you are using python version &lt;= 11 <pre><code>python3 --version\n</code></pre></p> </li> <li> <p>Install python packages <pre><code>sudo apt update\nsudo apt install python3 python3-pip python3-venv libpython3-dev\n</code></pre></p> </li> </ul> </li> <li> <p>Next you can clone and run goad</p> </li> </ul> <pre><code>cd /mnt/c/whatever_folder_you_want\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n./goad.sh\n</code></pre> <p>For vmware or virtualbox only</p> <p>This mode doesn't need WSL but it is only if you plan to install goad locally on vmware or virtualbox</p> <ul> <li> <p>Prerequistes:</p> <ul> <li> python on your windows (tested ok with python 3.10) </li> <li> git</li> </ul> </li> <li> <p>Clone the goad project: <code>git clone https://github.com/Orange-Cyberdefense/GOAD</code></p> </li> <li>Checkout the v3-beta branch :      <pre><code>cd GOAD\ngit checkout -b v3-beta origin/v3-beta\n</code></pre></li> <li>Install python dependencies (choose the noansible file) :      <pre><code>pip install -r noansible_requirements.yml\n</code></pre></li> <li>Launch goad with vm provisioning method :      <pre><code>py goad.py -m vm\n</code></pre></li> </ul>"},{"location":"labs/","title":"Labs","text":"<ul> <li> <p>Practice lab(s) :</p> <ul> <li>GOAD : 5 vms, 2 forests, 3 domains (full goad lab)</li> <li>GOAD-Light : 3 vms, 1 forest, 2 domains (smaller goad lab for those with a smaller pc)</li> <li>SCCM : 4 vms, 1 forest, 1 domain, with microsoft configuration manager installed</li> </ul> </li> <li> <p>Challenge lab :</p> <ul> <li>NHA : A challenge with 5 vms and 2 domains. no schema provided, you will have to find out how break it.</li> </ul> </li> <li> <p>POC lab :</p> <ul> <li>MINILAB: 2 vms, 1 forest, 1 domain (basic lab with one DC (windows server 2019) and one Workstation (windows 10))</li> </ul> </li> </ul>"},{"location":"labs/GOAD-Light/","title":"GOAD-Light","text":"<p>This is a light version of goad without the essos domain. This lab was build for computer with less performance (min ~20GB).</p> <p></p> <p>Missing scenarios:</p> <ul> <li>cross forest exploitation (no more external forest)</li> <li>mssql trusted link</li> <li>some old computer vulnerabilities (zero logon, petitpotam unauthent,...)</li> <li>ESC4, ESC2/3</li> </ul>"},{"location":"labs/GOAD-Light/#servers","title":"Servers","text":"<p>This lab is actually composed of five virtual machines:</p> <p>domain : sevenkingdoms.local</p> <ul> <li>kingslanding : DC01  running on Windows Server 2019 (with windefender enabled by default)</li> </ul> <p>domain : north.sevenkingdoms.local</p> <ul> <li>winterfell   : DC02  running on Windows Server 2019 (with windefender enabled by default)</li> <li>castelblack  : SRV02 running on Windows Server 2019 (with windefender disabled by default)</li> </ul>"},{"location":"labs/GOAD-Light/#usersgroups-and-associated-vulnerabilitesscenarios","title":"Users/Groups and associated vulnerabilites/scenarios","text":"<ul> <li>You can find a lot of the available scenarios on https://mayfly277.github.io/categories/ad/</li> </ul> <p>NORTH.SEVENKINGDOMS.LOCAL</p> <ul> <li>STARKS:              RDP on WINTERFELL AND CASTELBLACK<ul> <li>arya.stark:        Execute as user on mssql</li> <li>eddard.stark:      DOMAIN ADMIN NORTH/ (bot 5min) LLMRN request to do NTLM relay with responder</li> <li>catelyn.stark:     </li> <li>robb.stark:        bot (3min) RESPONDER LLMR</li> <li>sansa.stark:       </li> <li>brandon.stark:     ASREP_ROASTING</li> <li>rickon.stark:      </li> <li>theon.greyjoy:</li> <li>jon.snow:          mssql admin / KERBEROASTING / group cross domain / mssql trusted link</li> <li>hodor:             PASSWORD SPRAY (user=password)</li> </ul> </li> <li>NIGHT WATCH:         RDP on CASTELBLACK<ul> <li>samwell.tarly:     Password in ldap description / mssql execute as login                     GPO abuse (Edit Settings on \"STARKWALLPAPER\" GPO)</li> <li>jon.snow:          (see starks)</li> <li>jeor.mormont:      (see mormont)</li> </ul> </li> <li>MORMONT:             RDP on CASTELBLACK<ul> <li>jeor.mormont:      ACL writedacl-writeowner on group Night Watch</li> </ul> </li> <li>AcrossTheSea :       cross forest group</li> </ul> <p>SEVENKINGDOMS.LOCAL</p> <ul> <li>LANISTERS<ul> <li>tywin.lannister:   ACL forcechangepassword on jaime.lanister</li> <li>jaime.lannister:   ACL genericwrite-on-user joffrey.baratheon</li> <li>tyron.lannister:   ACL self-self-membership-on-group Small Council</li> <li>cersei.lannister:  DOMAIN ADMIN SEVENKINGDOMS</li> </ul> </li> <li>BARATHEON:           RDP on KINGSLANDING<ul> <li>robert.baratheon:  DOMAIN ADMIN SEVENKINGDOMS</li> <li>joffrey.baratheon: ACL Write DACL on tyron.lannister</li> <li>renly.baratheon:</li> <li>stannis.baratheon: ACL genericall-on-computer kingslanding / ACL writeproperty-self-membership Domain Admins</li> </ul> </li> <li>SMALL COUNCIL :      ACL add Member to group dragon stone / RDP on KINGSLANDING<ul> <li>petyer.baelish:    ACL writeproperty-on-group Domain Admins</li> <li>lord.varys:        ACL genericall-on-group Domain Admins / Acrossthenarrossea</li> <li>maester.pycelle:   ACL write owner on group Domain Admins</li> </ul> </li> <li>DRAGONSTONE :        ACL Write Owner on KINGSGUARD</li> <li>KINGSGUARD :         ACL generic all on user stannis.baratheon</li> <li>AccorsTheNarrowSea:       cross forest group</li> </ul>"},{"location":"labs/GOAD-Light/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":"<ul> <li> <p>SEVENKINGDOMS</p> <ul> <li>DC01 : kingslanding.sevenkingdoms.local (Windows Server 2019) (SEVENKINGDOMS DC)<ul> <li>Admins : robert.baratheon (U), cersei.lannister (U)</li> <li>RDP: Small Council (G)</li> </ul> </li> </ul> </li> <li> <p>NORTH</p> <ul> <li> <p>DC02 : winterfell.north.sevenkingdoms.local (Windows Server 2019) (NORTH DC)</p> <ul> <li>Admins : eddard.stark (U), catelyn.stark (U), robb.stark (U)</li> <li>RDP: Stark(G)</li> </ul> </li> <li> <p>SRV02 : castelblack.essos.local (Windows Server 2019) (IIS, MSSQL, SMB share)</p> <ul> <li>Admins: jeor.mormont (U)</li> <li>RDP: Night Watch (G), Mormont (G), Stark (G)</li> <li>IIS : allow asp upload, run as NT Authority/network</li> <li>MSSQL:<ul> <li>admin : jon.snow</li> <li>impersonate : <ul> <li>execute as login : samwel.tarlly -&gt; sa</li> <li>execute as user : arya.stark -&gt; dbo</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul>"},{"location":"labs/GOAD/","title":"GOAD","text":"<p>GOAD is the first and main lab of this project. It contains 3 domains and 2 forest.</p> <p></p>"},{"location":"labs/GOAD/#servers","title":"Servers","text":"<p>This lab is actually composed of five virtual machines:</p> <p>domain sevenkingdoms.local</p> <ul> <li>kingslanding : DC01  running on Windows Server 2019 (with windefender enabled by default)</li> </ul> <p>domain north.sevenkingdoms.local</p> <ul> <li>winterfell   : DC02  running on Windows Server 2019 (with windefender enabled by default)</li> <li>castelblack  : SRV02 running on Windows Server 2019 (with windefender disabled by default)</li> </ul> <p>domain essos.local</p> <ul> <li>meereen      : DC03  running on Windows Server 2016 (with windefender enabled by default)</li> <li>braavos      : SRV03 running on Windows Server 2016 (with windefender enabled by default)</li> </ul>"},{"location":"labs/GOAD/#writeup","title":"WRITEUP","text":"<ul> <li>All the writeups of the Game Of Active Directory lab are available on mayfly's blog : https://mayfly277.github.io/categories/goad/</li> </ul>"},{"location":"labs/GOAD/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":"<ul> <li> <p>SEVENKINGDOMS / sevenkingdoms.local</p> <ul> <li>DC01 : kingslanding.sevenkingdoms.local (Windows Server 2019) (SEVENKINGDOMS DC)<ul> <li>Admins : robert.baratheon (U), cersei.lannister (U)</li> <li>RDP: Small Council (G)</li> </ul> </li> </ul> </li> <li> <p>NORTH / north.sevenkingdoms.local</p> <ul> <li> <p>DC02 : winterfell.north.sevenkingdoms.local (Windows Server 2019) (NORTH DC)</p> <ul> <li>Admins : eddard.stark (U), catelyn.stark (U), robb.stark (U)</li> <li>RDP: Stark(G)</li> </ul> </li> <li> <p>SRV02 : castelblack.essos.local (Windows Server 2019) (IIS, MSSQL, SMB share)</p> <ul> <li>Admins: jeor.mormont (U)</li> <li>RDP: Night Watch (G), Mormont (G), Stark (G)</li> <li>IIS : allow asp upload, run as NT Authority/network</li> <li>MSSQL:<ul> <li>admin : jon.snow</li> <li>impersonate : <ul> <li>execute as login : samwel.tarlly -&gt; sa</li> <li>execute as user : arya.stark -&gt; dbo</li> </ul> </li> <li>link :<ul> <li>to braavos : jon.snow -&gt; sa</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> <li> <p>ESSOS / essos.local</p> <ul> <li> <p>DC03  : meereen.essos.local (Windows Server 2016) (ESSOS DC)</p> <ul> <li>Admins: daenerys.targaryen (U)</li> <li>RDP: Targaryen (G)</li> </ul> </li> <li> <p>SRV03 : braavos.essos.local (Windows Server 2016) (MSSQL, SMB share)</p> <ul> <li>Admins: khal.drogo (U)</li> <li>RDP: Dothraki (G)</li> <li>MSSQL :<ul> <li>admin : khal.drogo</li> <li>impersonate :<ul> <li>execute as login : jorah.mormont -&gt; sa</li> </ul> </li> <li>link:<ul> <li>to castelblack: jorah.mormont -&gt; sa</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul>"},{"location":"labs/GOAD/#usersgroups-and-associated-scenarios","title":"Users/Groups and associated scenarios","text":"<ul> <li>Graph of some scenarios is available here : </li> </ul> <p>NORTH.SEVENKINGDOMS.LOCAL</p> <ul> <li>STARKS:              RDP on WINTERFELL AND CASTELBLACK<ul> <li>arya.stark:        Execute as user on mssql, pass on all share</li> <li>eddard.stark:      DOMAIN ADMIN NORTH/ (bot 5min) LLMRN request to do NTLM relay with responder</li> <li>catelyn.stark:     </li> <li>robb.stark:        bot (3min) RESPONDER LLMR / lsass present user</li> <li>sansa.stark:       keywalking password / unconstrained delegation</li> <li>brandon.stark:     ASREP_ROASTING</li> <li>rickon.stark:      pass spray WinterYYYY</li> <li>jon.snow:          mssql admin / KERBEROASTING / mssql trusted link</li> <li>hodor:             PASSWORD SPRAY (user=password)</li> </ul> </li> <li>NIGHT WATCH:         RDP on CASTELBLACK<ul> <li>samwell.tarly:     Password in ldap description / mssql execute as login                     GPO abuse (Edit Settings on \"STARKWALLPAPER\" GPO)</li> <li>jon.snow:          (see starks)</li> <li>jeor.mormont:      (see mormont)</li> </ul> </li> <li>MORMONT:             RDP on CASTELBLACK<ul> <li>jeor.mormont:      Admin castelblack, pass in sysvol script</li> </ul> </li> <li>AcrossTheSea :       cross forest group</li> </ul> <p>SEVENKINGDOMS.LOCAL</p> <ul> <li>LANISTERS<ul> <li>tywin.lannister:   ACE forcechangepassword on jaime.lanister, password on sysvol cyphered</li> <li>jaime.lannister:   ACE genericwrite-on-user joffrey.baratheon</li> <li>tyron.lannister:   ACE self membership on small council</li> <li>cersei.lannister:  DOMAIN ADMIN SEVENKINGDOMS</li> </ul> </li> <li>BARATHEON:           RDP on KINGSLANDING<ul> <li>robert.baratheon:  DOMAIN ADMIN SEVENKINGDOMS, protected user</li> <li>joffrey.baratheon: ACE Write DACL on tyron.lannister</li> <li>renly.baratheon:   WriteDACL on container, sensitive user</li> <li>stannis.baratheon: ACE genericall-on-computer kingslanding </li> </ul> </li> <li>SMALL COUNCIL :      ACE add Member to group dragon stone / RDP on KINGSLANDING<ul> <li>petyer.baelish:    </li> <li>lord.varys:        ACE genericall-on-group Domain Admins and sdholder</li> <li>maester.pycelle:   </li> </ul> </li> <li>DRAGONSTONE :        ACE Write Owner on group KINGSGUARD</li> <li>KINGSGUARD :         ACE generic all on user stannis.baratheon</li> <li>AccorsTheNarrowSea:       cross forest group</li> </ul> <p>ESSOS.LOCAL</p> <ul> <li>TARGERYEN<ul> <li>missande :          ASREP roasting, generic all on khal</li> <li>daenerys.targaryen: DOMAIN ADMIN ESSOS</li> <li>viserys.targaryen:  ACE write property on jorah.mormont</li> <li>jorah.mormont:      mssql execute as login / mssql trusted link / Read LAPS Password</li> </ul> </li> <li>DOTHRAKI<ul> <li>khal.drogo:         mssql admin / GenericAll on viserys (shadow credentials) / GenericAll on ECS4</li> </ul> </li> <li>DragonsFriends:       cross forest group</li> <li>Spys:                 cross forest group / Read LAPS password  / ACL generic all jorah.mormont</li> </ul>"},{"location":"labs/MINILAB/","title":"MINI lab","text":"<ul> <li>The MINI lab is just a sample presented during an Article on the MISC magazine.</li> <li>This is just a simple basic LAB with one DC (windows server 2019) and one Workstation (windows 10)</li> </ul>"},{"location":"labs/NHA/","title":"NINJA HACKER ACADEMY","text":"<ul> <li>NINJA HACKER ACADEMY (NHA) is written as a training challenge where GOAD was written as a lab with a maximum of vulns.</li> <li>You should find your way in to get domain admin on the 2 domains (academy.ninja.lan and ninja.hack)</li> <li> <p>Starting point is on srv01 : 192.168.58.21</p> </li> <li> <p>Flags are disposed on each machine, try to grab all. Be careful all the machines are up to date with defender enabled.</p> </li> <li>Some exploits needs to modify path so this lab is not very multi-players compliant (unless you do it as a team ;))</li> <li> <p>Obviously do not cheat by looking at the passwords and flags in the recipe files, the lab must start without user to full compromise. </p> </li> <li> <p>Install :</p> </li> </ul> <pre><code>./goad.sh -t install -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>Once install finish disable vagrant user to avoid using it :</li> </ul> <pre><code>./goad.sh -t disablevagrant -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>Now do a reboot of all the machine to avoid unintended secrets stored : </li> </ul> <pre><code>./goad.sh -t stop -l NHA -p virtualbox -m docker\n./goad.sh -t start -l NHA -p virtualbox -m docker\n</code></pre> <p>And you are ready to play ! :)</p> <ul> <li>If you need to re-enable vagrant</li> </ul> <pre><code>./goad.sh -t enablevagrant -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>If you want to create a write up of the chall, no problem, have fun. Please ping me on X (@M4yFly) or Discord, i will be happy to read it :)</li> </ul> <p>Tip</p> <p>No bruteforce, if not in rockyou do not waste your time and your cpu/gpu cycle.</p>"},{"location":"labs/SCCM/","title":"SCCM lab","text":"<p>Thanks!</p> <p>Thanks a lot to my colleague Issam (@KenjiEndo15), who start the project and provide me a lot of ansible roles to start from !</p> <p></p>"},{"location":"labs/SCCM/#servers","title":"Servers","text":"<p>4 virtual machines with Windows Server 2019</p> <ul> <li>DC :  Domain Controler </li> <li>MECM : mecm primary site serer</li> <li>MSSQL : mecm sql server</li> <li>CLIENT : mecm client computer</li> </ul> <p>All vms got defender activated</p>"},{"location":"labs/SCCM/#prerequisites","title":"Prerequisites","text":"<ul> <li>The prerequisites for the lab are the same as GOAD lab (virtualbox/vmware, python, ansible,...)</li> <li>The lab take 16GB for the vagrant image + 100GB for the 4 vms</li> <li>The installation take environ 2,5 hours (with fiber connection)</li> <li>The lab download multiple files during the install (windows iso, mecm installation package, mssql installation package, ...), be sure to have a good internet connection.</li> </ul>"},{"location":"labs/SCCM/#writeup","title":"Writeup","text":"<ul> <li>A writeup on SCCM exploitation is available here : https://mayfly277.github.io/categories/sccm/</li> </ul>"},{"location":"labs/SCCM/#proxmox-installation","title":"proxmox installation","text":"<ul> <li>In order to use the proxmox provider follow this :</li> </ul> <p>1) create a template with the windows_server2019_proxmox_cloudinit_uptodate.pkvars.hcl packer file (guide here: https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/) (note the id after the creation)</p> <p>2) create the variable file (ad/SCCM/providers/proxmox/terraform/variables.tf) by coping the template (ad/SCCM/providers/proxmox/terraform/variables.tf.template) and change the value according to your proxmox environnement</p> <p>3) on the provisioning computer : <pre><code>./goad.sh -t check -l SCCM -p proxmox -m local\n./goad.sh -t install -l SCCM -p proxmox -m local\n</code></pre></p> <p>4) if something goes wrong (restart of the vms during install, etc...), you can rerun only ansible with -a <pre><code>./goad.sh -t install -l SCCM -p proxmox -m local -a\n</code></pre></p>"},{"location":"providers/","title":"\ud83c\udfd7 Providers","text":"<ul> <li> <p>Providers are used to create and deploy the lab virtual machine.</p> </li> <li> <p>Goad actually support the following providers:</p> <ul> <li> <p>On your own computer :</p> <ul> <li> Virtualbox</li> <li> VmWare</li> </ul> </li> <li> <p>Cloud :</p> <ul> <li> Azure</li> <li> Aws</li> </ul> </li> <li> <p>Hypervisor :</p> <ul> <li> Proxmox</li> <li>\ud83c\udfdf\ufe0f Ludus</li> </ul> </li> </ul> </li> </ul> <p>The architecture is slightly different depending on the provider. Please consult the provider you use to understand the behavior.</p>"},{"location":"providers/aws/","title":"Aws","text":"<p>Thanks!</p> <p>Thx to @ArnC_CarN for the initial work on the aws provider</p> <p>The architecture is quite the same than the Azure deployment.</p> <p></p> <p>Warning</p> <p>LLMNR, NBTNS and other poisoning network attacks will not work in aws environment. Only network coerce attacks will work.</p>"},{"location":"providers/aws/#prerequisites","title":"Prerequisites","text":"<ul> <li>Terraform</li> <li>AWS CLI</li> </ul>"},{"location":"providers/aws/#aws-configuration","title":"AWS configuration","text":"<p>You need to configre AWS cli. Use a key with enough privileges on the tenant.</p> <pre><code>aws configure\n</code></pre> <ul> <li> <p>Create an aws access key and secret for goad usage</p> <ul> <li>Go to IAM &gt; User &gt; your user &gt; Security credentials</li> <li>Click the Create access key button</li> <li>Create a group \"[goad]\" in credentials file ~/.aws/credentials     <pre><code>[goad]\naws_access_key_id = changeme\naws_secret_access_key = changeme\n</code></pre></li> <li>Be sure to chmod 400 the file</li> </ul> <p>credentials in plain text</p> <p>Storing credentials in plain text is always a bad idea, but aws cli work like that be sure to restrain the right access to this file</p> </li> </ul>"},{"location":"providers/aws/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for aws:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n</code></pre> <ul> <li>If you want to use a different region and zone you can modify it.</li> </ul>"},{"location":"providers/aws/#installation","title":"Installation","text":"<pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p aws\n# Install\n./goad.sh -t install -l GOAD -p aws\n</code></pre> <p>or from the interactive console :</p> <pre><code>GOAD/aws/remote/192.168.56.X &gt; install\n</code></pre>"},{"location":"providers/aws/#startstopstatus","title":"start/stop/status","text":"<ul> <li>You can see the status of the lab with the command <code>status</code></li> <li>You can also start and stop the lab with the command <code>start</code> and <code>stop</code></li> </ul>"},{"location":"providers/aws/#vms-ami","title":"VMs ami","text":"<ul> <li>The vm used for goad are defined in the lab terraform file : <code>ad/&lt;lab&gt;/providers/aws/windows.tf</code></li> <li>This file is containing information about each vm in use</li> </ul> <pre><code>\"dc01\" = {\n  name               = \"dc01\"\n  domain             = \"sevenkingdoms.local\"\n  windows_sku        = \"2019-Datacenter\"\n  ami                = \"ami-018ebfbd6b0a4c605\"\n  instance_type      = \"t2.medium\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n}\n</code></pre>"},{"location":"providers/aws/#how-it-works","title":"How it works ?","text":"<ul> <li>On the installation goad script will create a folder into <code>goad/workspaces/&lt;instance_folder&gt;</code></li> <li>This folder will contain the terraform scripts and some of the ansible inventories</li> <li>Goad will create the cloud infrastructure with terraform.</li> <li>The lab is created (not provisioned yet) and a \"jumpbox\" vm is also created</li> <li>Next the needed sources will be pushed to the jumpbox using <code>ssh</code> and <code>rsync</code></li> <li>The jumpbox ssh_key is stored on <code>goad/workspaces/&lt;instance_folder&gt;/ssh_keys</code></li> <li>The jumpbox is prepared to run ansible</li> <li>The provisioning is launch with ssh remotely on the jumpbox</li> </ul>"},{"location":"providers/aws/#install-step-by-step","title":"Install step by step","text":"<pre><code>GOAD/aws/remote/192.168.56.X &gt; create_empty # create empty instance\nGOAD/aws/remote/192.168.56.X &gt; load &lt;instance_id&gt;\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provide # play terraform\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; sync_source_jumpbox # sync jumpbox source\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; prepare_jumpbox # install dependencies on jumpbox\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provision_lab # run ansible\n</code></pre>"},{"location":"providers/aws/#tips","title":"Tips","text":"<ul> <li>To connect to the jumpbox VM you can use <code>ssh_jumpbox</code> in the goad interactive console</li> <li>To setup a socks proxy you can use <code>ssh_jumpbox_proxy &lt;proxy_port&gt;</code> in the goad interactive console</li> <li>All aws elements are tagged with <code>&lt;lab_name&gt;-&lt;lab_instance_id&gt;</code></li> </ul>"},{"location":"providers/azure/","title":"Azure","text":"<p>Thanks!</p> <p>Thx to Julien Arault for the initial work on the azure provider</p> <p></p> <p>Warning</p> <p>LLMNR, NBTNS and other poisoning network attacks will not work in azure environment. Only network coerce attacks will work.</p>"},{"location":"providers/azure/#prerequisites","title":"Prerequisites","text":"<ul> <li>Terraform</li> <li>Azure CLI</li> </ul>"},{"location":"providers/azure/#azure-configuration","title":"Azure configuration","text":"<p>You need to login to Azure with the CLI.</p> <pre><code>az login\n</code></pre>"},{"location":"providers/azure/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for azure:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[azure]\naz_location = westeurope\n</code></pre> <ul> <li>If you want to use a different location you can modify it.</li> </ul>"},{"location":"providers/azure/#installation","title":"Installation","text":"<pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p azure\n# Install\n./goad.sh -t install -l GOAD -p azure\n</code></pre> <p>or from the interactive console :</p> <pre><code>GOAD/azure/remote/192.168.56.X &gt; install\n</code></pre>"},{"location":"providers/azure/#startstopstatus","title":"start/stop/status","text":"<ul> <li>You can see the status of the lab with the command <code>status</code></li> <li>You can also start and stop the lab with the command <code>start</code> and <code>stop</code></li> </ul> <p>Info</p> <p>The command <code>stop</code> use deallocate, it take a long time to run but it is not only stopping the vms, it will deallocate them. By doing that, you will stop paying from them (but you still paying storage) and can save some money.</p>"},{"location":"providers/azure/#vms-sku","title":"VMs sku","text":"<ul> <li>The vm used for goad are defined in the lab terraform file : <code>ad/&lt;lab&gt;/providers/azure/windows.tf</code></li> <li>This file is containing information about each vm in use</li> </ul> <pre><code>\"dc01\" = {\n  name               = \"dc01\"\n  publisher          = \"MicrosoftWindowsServer\"\n  offer              = \"WindowsServer\"\n  windows_sku        = \"2019-Datacenter\"\n  windows_version    = \"17763.4377.230505\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n  size               = \"Standard_B2s\"\n}\n</code></pre>"},{"location":"providers/azure/#how-it-works","title":"How it works ?","text":"<ul> <li>On the installation goad script will create a folder into <code>goad/workspaces/&lt;instance_folder&gt;</code></li> <li>This folder will contain the terraform scripts and some of the ansible inventories</li> <li>Goad will create the cloud infrastructure with terraform.</li> <li>The lab is created (not provisioned yet) and a \"jumpbox\" vm is also created</li> <li>Next the needed sources will be pushed to the jumpbox using <code>ssh</code> and <code>rsync</code></li> <li>The jumpbox ssh_key is stored on <code>goad/workspaces/&lt;instance_folder&gt;/ssh_keys</code></li> <li>The jumpbox is prepared to run ansible</li> <li>The provisioning is launch with ssh remotely on the jumpbox</li> </ul>"},{"location":"providers/azure/#install-step-by-step","title":"Install step by step","text":"<pre><code>GOAD/azure/remote/192.168.56.X &gt; create_empty # create empty instance\nGOAD/azure/remote/192.168.56.X &gt; load &lt;instance_id&gt;\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provide # play terraform\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; sync_source_jumpbox # sync jumpbox source\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; prepare_jumpbox # install dependencies on jumpbox\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provision_lab # run ansible\n</code></pre>"},{"location":"providers/azure/#tips","title":"Tips","text":"<ul> <li>To connect to the jumpbox VM you can use <code>ssh_jumpbox</code> in the goad interactive console</li> <li> <p>To setup a socks proxy you can use <code>ssh_jumpbox_proxy &lt;proxy_port&gt;</code> in the goad interactive console</p> </li> <li> <p>If the command <code>destroy</code> or <code>delete</code> fails, you can delete the resource group using the CLI <pre><code>az group delete --name GOAD\n</code></pre></p> </li> </ul>"},{"location":"providers/ludus/","title":"\ud83c\udfdf\ufe0f Ludus","text":"<p>Thanks!</p> <p>Huge shootout to @badsectorlabs for Ludus and Erik for his support and tests during the ludus provider creation</p> <p>Install on ludus server only</p> <p>To add GOAD on Ludus please use goad directly on the server. By now goad can work only directly on the server and not from a workstation client.</p> <ul> <li> <p>Install Ludus : https://docs.ludus.cloud/docs/quick-start/install-ludus/</p> </li> <li> <p>Be sure to create an admin user and keep his api key</p> </li> <li>Once your installation is complete on ludus server (debian 12) and your user is created do :</li> </ul> <pre><code>git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\nexit\n</code></pre>"},{"location":"providers/ludus/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for ludus:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[ludus]\nludus_api_key = changeme\nuse_impersonation = yes\n</code></pre> <ul> <li>change the api_key with the one of your admin user</li> </ul>"},{"location":"providers/ludus/#install","title":"Install","text":"<pre><code>./goad.sh -p ludus\nGOAD/ludus/local &gt; set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\nGOAD/ludus/local &gt; install\n</code></pre> <ul> <li>The installation will create a new simple_user to generate the pool we will call him \"lab_user\" the id of this user will be <code>lab_name&lt;6alphanumeric_digit&gt;</code></li> <li>Next this \"lab_user\" will be impersonate to launch all the ludus deployment command</li> <li>At the end the \"lab_user\" will share access to our user</li> <li>This way we can manage multiple lab instance with goad on the same ludus server.</li> </ul> <p>Info</p> <p>On ludus the config ip_range is not used and is ignored. The ips will be setup automatically during the lab installation</p>"},{"location":"providers/proxmox/","title":"Proxmox","text":"<ul> <li>A complete guide to proxmox installation is available here : https://mayfly277.github.io/categories/proxmox/</li> </ul>"},{"location":"providers/proxmox/#prerequisites","title":"Prerequisites","text":"<ul> <li>Packer</li> <li>Terraform</li> </ul>"},{"location":"providers/proxmox/#installation","title":"Installation","text":"<ul> <li>Once you have prepared your provisioning vm (you can use the scripts/setup_proxmox.sh for prerequistes installation)</li> <li> <p>And once your prerequisites are ready see https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/ to prepare the template for proxmox</p> </li> <li> <p>You can run the automatic installation</p> </li> </ul> <pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p proxmox\n# Install\n./goad.sh -t install -l GOAD -p proxmox\n</code></pre>"},{"location":"providers/virtualbox/","title":"Virtualbox","text":""},{"location":"providers/virtualbox/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>Providing</p> <ul> <li>Virtualbox</li> <li>Vagrant</li> <li>Vagrant plugins:<ul> <li>vagrant-reload</li> <li>vagrant-vbguest </li> <li>winrm</li> <li>winrm-fs</li> <li>winrm-elevated</li> </ul> </li> </ul> </li> <li> <p>Provisioning</p> <ul> <li>Python3 (version between [3.8, 3.11])</li> <li>goad requirements</li> <li>ansible-galaxy goad requirements</li> </ul> </li> </ul>"},{"location":"providers/virtualbox/#check-dependencies","title":"Check dependencies","text":"<pre><code>./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X &gt; check\n</code></pre> <p>Info</p> <p>If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.</p> <p>Note</p> <p>check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)</p>"},{"location":"providers/virtualbox/#install","title":"Install","text":"<ul> <li>To install run the goad script and launch install or use the goad script arguments</li> </ul> <pre><code>./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X &gt; set_lab &lt;lab&gt;  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/virtualbox/local/192.168.56.X &gt; set_ip_range &lt;ip_range&gt;  # here choose the  ip range you want to use ex: 192.168.56\nGOAD/virtualbox/local/192.168.56.X &gt; install\n</code></pre> <ul> <li>or all in command line with arguments</li> </ul> <pre><code>./goad.sh -t install -p virtualbox -l &lt;lab&gt; -ip &lt;ip_range_to_use&gt;\n</code></pre>"},{"location":"providers/vmware/","title":"Vmware","text":"<p>Quote</p> <p>\"Virtualbox c'est no way\" @mpgn</p>"},{"location":"providers/vmware/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>Providing </p> <ul> <li>Vmware workstation</li> <li>Vagrant</li> <li>Vmware utility driver</li> <li>Vagrant plugins:<ul> <li>vagrant-reload</li> <li>vagrant-vmware-desktop</li> <li>winrm</li> <li>winrm-fs</li> <li>winrm-elevated</li> </ul> </li> </ul> </li> <li> <p>Provisioning</p> <ul> <li>Python3 (version between [3.8, 3.11])</li> <li>goad requirements</li> <li>ansible-galaxy goad requirements</li> </ul> </li> </ul>"},{"location":"providers/vmware/#check-dependencies","title":"check dependencies","text":"<pre><code>./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X &gt; check\n</code></pre> <p>Info</p> <p>If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.</p> <p>Note</p> <p>check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)</p>"},{"location":"providers/vmware/#install","title":"Install","text":"<ul> <li>To install run the goad script and launch install or use the goad script arguments</li> </ul> <pre><code>./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X &gt; set_lab &lt;lab&gt;  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/vmware/local/192.168.56.X &gt; set_ip_range &lt;ip_range&gt;  # here choose the  ip range you want to use ex: 192.168.56 (only the first three digits)\nGOAD/vmware/local/192.168.56.X &gt; install\n</code></pre> <ul> <li>or all in command line with arguments</li> </ul> <pre><code>./goad.sh -t install -p vmware -l &lt;lab&gt; -ip &lt;ip_range_to_use&gt;\n</code></pre>"},{"location":"usage/","title":"Usage","text":"<ul> <li> <p>Goad script can be run in two ways.</p> <ul> <li>argument_mode : launch goad.sh with arguments to launch one task</li> <li>interactive_mode : launch an interactive console to manage multiple labs and instances.</li> </ul> </li> <li> <p>The easy way to use goad is just launch <code>./goad.sh</code> and use <code>?</code> in the interactive console to get some help.</p> </li> </ul>"},{"location":"usage/goad_args/","title":"Argument mode","text":"<ul> <li>Launch goad.py script (or goad.sh wrapper) with arguments</li> </ul> <pre><code>usage: goad.py [-h] [-t TASK] [-l LAB] [-p PROVIDER] [-ip IP_RANGE] [-m METHOD] [-i INSTANCE] [-e EXTENSIONS] [-a ANSIBLE_ONLY] [-r RUN_PLAYBOOK]\n\nDescription : goad lab management console.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t TASK, --task TASK  tasks available : (install/start/stop/restart/destroy/status/show)\n  -l LAB, --lab LAB     lab to use (default: GOAD)\n  -p PROVIDER, --provider PROVIDER\n                        provider to use (default: vmware)\n  -ip IP_RANGE, --ip_range IP_RANGE\n                        ip range to use (default: 192.168.56)\n  -m METHOD, --method METHOD\n                        deploy method to use (default: local)\n  -i INSTANCE, --instance INSTANCE\n                        use a specific instance (use default if not selected)\n  -e EXTENSIONS, --extensions EXTENSIONS\n                        extensions to use\n  -a ANSIBLE_ONLY, --ansible_only ANSIBLE_ONLY\n                        run only provisioning (ansible) on instance (-i) (for task install only)\n  -r RUN_PLAYBOOK, --run_playbook RUN_PLAYBOOK\n                        run only one ansible playbook on instance (-i) (for task install only)\n\nExample :\n - Install GOAD on virtualbox : python3 goad.py -t install -l GOAD -p virtualbox\n - Launch GOAD interactive console : python3 goad.py\n</code></pre>"},{"location":"usage/goad_console/","title":"GOAD interactive mode","text":"<p>Launch goad interactive mode</p> <p></p>"},{"location":"usage/goad_console/#enter-interactive-mode","title":"Enter interactive mode","text":"<p>To enter interactive mode just launch goad without the <code>-t</code> parameter</p> <pre><code>./goad.sh\n</code></pre>"},{"location":"usage/goad_console/#no-lab-instance-selected","title":"No lab instance selected","text":"<pre><code>*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall / create ........................ install the selected lab and create a lab instance\ncreate_empty ............................ prepare a lab instance folder without providing and provisioning\nlist .................................... list lab instances\nload &lt;instance_id&gt; ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nlabs .................................... show all labs and available providers\nset_lab &lt;lab&gt; ........................... set the lab to use\nset_provider &lt;provider&gt; ................. set the provider to use\nset_provisioning_method &lt;method&gt; ........ set the provisioning method\nset_ip_range &lt;range&gt; .................... set the 3 first digit of the ip to use (ex: 192.168.56)\n</code></pre>"},{"location":"usage/goad_console/#check","title":"check","text":"<p>Will check the lab dependencies</p> <pre><code>check\n</code></pre> <p></p>"},{"location":"usage/goad_console/#install","title":"install","text":"<p>Install the lab with the current select <code>config</code></p> <pre><code>install\n</code></pre> <ul> <li>This will:<ul> <li>create an instance folder into workspaces/</li> <li>run vagrant/terraform/ludus depending on the provider to create the machines</li> <li>synchronize source to jumpbox if provider is aws or azure</li> <li>provision jumpbox if provider is aws or azure</li> <li>run the ansible provisioning </li> </ul> </li> </ul> <p></p>"},{"location":"usage/goad_console/#create_empty","title":"create_empty","text":"<p>Create an empty instance folder (into the workspaces/ folder)</p> <pre><code>create_empty\n</code></pre> <p></p>"},{"location":"usage/goad_console/#list","title":"list","text":"<p>List instances</p> <p>alias : <code>ls</code></p> <pre><code>list\n</code></pre> <p></p>"},{"location":"usage/goad_console/#load","title":"load","text":"<p>Select an instance by his name</p> <p>alias : <code>use</code>, <code>cd</code></p> <pre><code>load &lt;instance name&gt;\n</code></pre> <p></p>"},{"location":"usage/goad_console/#config","title":"config","text":"<p>show current configuration</p> <pre><code>config\n</code></pre> <p></p>"},{"location":"usage/goad_console/#labs","title":"labs","text":"<p>show available labs</p> <pre><code>labs\n</code></pre> <p></p>"},{"location":"usage/goad_console/#set_lab","title":"set_lab","text":"<p>Choose the lab to use (GOAD/GOAD-Light/NHA/SCCM/MINILAB)</p> <pre><code>set_lab &lt;lab_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#set_provider","title":"set_provider","text":"<p>Choose the provider to use (virtualbox/vmware/aws/azure/ludus/proxmox)</p> <pre><code>set_provider &lt;lab_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#set_provisioning_method","title":"set_provisioning_method","text":"<p>Choose the provisioning method (local/runner/docker/remote) (most of the time you don't have to change it)</p> <pre><code>set_provisioning &lt;provisioning_method&gt;\n</code></pre> <ul> <li>local : launch ansible with subprocess (default for vbox/vmware/proxmox/ludus)</li> <li>runner : launch ansible with ansible runner</li> <li>remote : launch ansible through ssh using jumpbox (default for azure/aws)</li> <li>docker : user the docker container to launch ansible (docker container must be built first <code>sudo docker build -t goadansible .</code>)</li> </ul>"},{"location":"usage/goad_console/#set_ip_range","title":"set_ip_range","text":"<p>Set the ip range you want to use (Three first digit, example : 192.168.10)</p> <pre><code>set_ip_range &lt;ip_range&gt;\n</code></pre>"},{"location":"usage/goad_console/#instance-selected","title":"Instance selected","text":"<pre><code>*** Manage Lab instance commands ***\nstatus .................................. show current status\nstart ................................... start lab\nstop .................................... stop lab\ndestroy ................................. destroy lab\n\n*** Manage one vm commands ***\nstart_vm &lt;vm_name&gt; ...................... start selected virtual machine\nstop_vm &lt;vm_name&gt; ....................... stop selected virtual machine\nrestart_vm &lt;vm_name&gt; .................... restart selected virtual machine\ndestroy_vm &lt;vm_name&gt; .................... destroy selected virtual machine\n\n*** Extensions ***\nlist_extensions ......................... list extensions\ninstall_extension &lt;extension&gt; ........... install extension (providing + provisioning)\nprovision_extension &lt;extension&gt; ......... provision extension (provisioning only)\n\n*** JumpBox ***\nprepare_jumpbox ......................... install package on the jumpbox for provisioning\nsync_source_jumpbox ..................... sync source of the jumpbox\nssh_jumpbox ............................. connect to jump box with ssh\nssh_jumpbox_proxy &lt;proxy_port&gt; .......... connect to jump box with ssh and start a socks proxy\n\n*** Providing (Vagrant/Terrafom) ***\nprovide ................................. run only the providing (vagrant/terraform)\n\n*** Provisioning (Ansible) ***\nprovision &lt;playbook&gt; .................... run specific ansible playbook\nprovision_lab ........................... run all the current lab ansible playbooks\nprovision_lab_from &lt;playbook&gt; ........... run all the current lab ansible playbooks from specific playbook to the end\n\n*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall ................................. install the current instance (provide + prepare_jumpbox + provision_lab\nset_as_default .......................... set instance as default\nupdate_instance_files ................... update lab instance files\nlist .................................... list lab instances\nload &lt;instance_id&gt; ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nunload .................................. unload current instance\ndelete .................................. delete the currently selected lab instance\n</code></pre>"},{"location":"usage/goad_console/#status","title":"status","text":"<p>Give the current lab status</p> <pre><code>status\n</code></pre>"},{"location":"usage/goad_console/#start","title":"start","text":"<p>Start the current lab instance</p> <pre><code>start\n</code></pre>"},{"location":"usage/goad_console/#stop","title":"stop","text":"<p>Stop the current lab instance</p> <pre><code>stop\n</code></pre>"},{"location":"usage/goad_console/#destroy","title":"destroy","text":"<p>Danger</p> <p>Destroy the current lab instance vms</p> <pre><code>destroy\n</code></pre>"},{"location":"usage/goad_console/#start_vm","title":"start_vm","text":"<p>Start a vm</p> <pre><code>start_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#stop_vm","title":"stop_vm","text":"<p>Stop a vm</p> <pre><code>stop_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#restart_vm","title":"restart_vm","text":"<p>Restart a vm (start and stop)</p> <pre><code>restart_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#destroy_vm","title":"destroy_vm","text":"<p>Danger</p> <p>Destroy a vm</p> <pre><code>destroy_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#list_extensions","title":"list_extensions","text":"<p>List available extensions</p> <pre><code>list_extensions\n</code></pre>"},{"location":"usage/goad_console/#install_extension","title":"install_extension","text":"<p>Add an extension to the lab (providing + provisioning)</p> <p>Warning</p> <p>An installed extension can't be deleted</p> <pre><code>install_extension &lt;extension_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#provision_extension","title":"provision_extension","text":"<p>Launch provisioning (ansible) for the extension</p> <pre><code>provision_extension &lt;extension_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#prepare_jumpbox","title":"prepare_jumpbox","text":"<p>Prepare jumpbox : run the preparation script on the jumpbox (install dependencies)</p> <pre><code>prepare_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#sync_source_jumpbox","title":"sync_source_jumpbox","text":"<p>Rsync goad source with the jumpbox</p> <pre><code>sync_source_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#ssh_jumpbox","title":"ssh_jumpbox","text":"<p>SSH into the jumpbox</p> <pre><code>ssh_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#ssh_jumpbox_proxy","title":"ssh_jumpbox_proxy","text":"<p>SSH into the jumpbox with a socks proxy option (-D)</p> <pre><code>ssh_jumpbox_proxy &lt;socks_proxy_port&gt;\n</code></pre>"},{"location":"usage/goad_console/#provide","title":"provide","text":"<p>Launch providing (machine creation)</p> <pre><code>provide\n</code></pre>"},{"location":"usage/goad_console/#provision","title":"provision","text":"<p>Launch specific playbook  (use playbook in ansible/ folder) </p> <pre><code>provision &lt;playbook.yml&gt;\n</code></pre>"},{"location":"usage/goad_console/#provision_lab","title":"provision_lab","text":"<p>Launch all the lab provisioning  (install labs on machines with ansible)</p> <pre><code>provision_lab\n</code></pre>"},{"location":"usage/goad_console/#provision_lab_from","title":"provision_lab_from","text":"<p>Launch the lab provisioning from a specific playbook (use playbook in ansible/ folder)</p> <p>Tip</p> <p>useful if the install crash to not redo all the provisioning</p> <pre><code>provision_lab_from &lt;playbook.yml&gt;\n</code></pre>"},{"location":"usage/goad_console/#check_1","title":"check","text":"<p>Launch the check (same as without instance) <pre><code>check\n</code></pre></p>"},{"location":"usage/goad_console/#install_1","title":"install","text":"<p>Launch the install (useful if you created an empty instance) <pre><code>install\n</code></pre></p>"},{"location":"usage/goad_console/#set_as_defualt","title":"set_as_defualt","text":"<p>Set the current instance as default (automatically loaded on goad start) <pre><code>set_as_defualt\n</code></pre></p>"},{"location":"usage/goad_console/#update_instance_files","title":"update_instance_files","text":"<p>Recreate the files inside the workspace folder <pre><code>update_instance_files\n</code></pre></p>"},{"location":"usage/goad_console/#list_1","title":"list","text":"<p>List instances</p> <p>alias : <code>ls</code></p> <pre><code>list\n</code></pre>"},{"location":"usage/goad_console/#load_1","title":"load","text":"<p>Select an instance by his name (here change the current instance)</p> <p>alias : <code>use</code>, <code>cd</code></p> <pre><code>load &lt;instance name&gt;\n</code></pre>"},{"location":"usage/goad_console/#config_1","title":"config","text":"<p>Show current configuration <pre><code>config\n</code></pre></p>"},{"location":"usage/goad_console/#unload","title":"unload","text":"<p>Unload the instance (alias <code>cd ..</code>) <pre><code>unload\n</code></pre></p>"},{"location":"usage/goad_console/#delete","title":"delete","text":"<p>Danger</p> <p>delete the current instance lab and vms</p> <pre><code>delete\n</code></pre>"}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Game Of Active Directory","text":"<p>Welcome to GOAD (v3) documentation !</p> <p>Game Of Active Directory is a free pentest active directory LAB(s) project (1).</p> <ol> <li>GOAD is free if you use your own computer, obviously we will not pay your electricity bill and your cloud provider invoice ;)</li> </ol> <p>The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice </p> <p>Note</p> <p>GOAD main labs (GOAD/GOAD-Light/SCCM) are not pro labs environments (like those you can find on HTB). Theses labs give you an environment to practice a lot of vulnerability and missconfig exploitations. Sure you can use them like pro labs, but it will certainly be too easy due to the number of vulns. Consider more GOAD like a DVWA but for Active Directory. If you want a chall deploy the lab NHA.</p> <p>Warning</p> <p>This lab is extremely vulnerable, do not reuse recipe to build your production environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk).</p> <p>Windows Licenses</p> <p>This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))</p>"},{"location":"changelog/","title":"Road Map","text":""},{"location":"changelog/#v1","title":"v1","text":"<ul> <li> SMB share anonymous</li> <li> SMB not signed</li> <li> Responder</li> <li> Zerologon</li> <li> Windows defender</li> <li> ASREPRoast</li> <li> Kerberoasting</li> <li> AD Acl abuse </li> <li> Unconstraint delegation</li> <li> Ntlm relay</li> </ul>"},{"location":"changelog/#v2","title":"v2","text":"<ul> <li> Password reuse between computer (PTH)</li> <li> Spray User = Password</li> <li> Password in description</li> <li> Constrained delegation</li> <li> Install MSSQL</li> <li> MSSQL trusted link</li> <li> MSSQL impersonate</li> <li> Install IIS</li> <li> Upload asp app</li> <li> Multiples forest</li> <li> Anonymous RPC user listing</li> <li> Child parent domain</li> <li> Generate certificate and enable ldaps</li> <li> ADCS - ESC 1/2/3/4/6/8</li> <li> Certifry</li> <li> Samaccountname/nopac</li> <li> Petitpotam unauthent</li> <li> Printerbug</li> <li> Drop the mic</li> <li> Shadow credentials</li> <li> Mitm6</li> <li> Add LAPS</li> <li> GPO abuse</li> <li> Add Webdav</li> <li> Add RDP bot</li> <li> Add full proxmox integration</li> <li> Add Gmsa (receipe created)</li> <li> Add azure support</li> <li> Refactoring lab and providers</li> <li> Protected Users</li> <li> Account is sensitive</li> <li> Add PPL</li> <li> Add Gmsa</li> <li> Groups inside groups</li> <li> Shares with secrets (all, sysvol)</li> <li> Sccm (see SCCM lab)</li> </ul>"},{"location":"changelog/#v3","title":"v3","text":"<ul> <li> aws support</li> <li> ludus support</li> <li> windows install compatibility</li> <li> extension support</li> <li> multiple instance management</li> <li> extension exchange</li> <li> extension ludus</li> <li> extension elk</li> <li> extension ws01</li> <li> extension exchange add a bot to read mails</li> <li> extension attackbox</li> <li> extension VPN</li> <li> extension guacamole</li> <li> extension linux VM enrolled</li> <li> Add Applocker to ws01</li> <li> Wsus (to add on sccm)</li> <li> ADCS add vulns</li> </ul>"},{"location":"instances/","title":"\ud83c\uddee instances","text":"<p>When you create a lab, goad will create an instance folder. All the instances are stored in the workspace/ folder inside goad.</p> <pre><code>workspace/\n    .\n    \u251c\u2500\u2500 6caf1a-goad-light-azure              # Instance ID\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 exchange_inventory               # extension inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 instance.json                    # instance json file (name, status, etc..)\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory                        # provider inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 provider                         # provider folder\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 jumpbox.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 linux.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 main.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 network.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 outputs.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 terraform.tfstate\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 terraform.tfstate.backup\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 variables.tf\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 windows.tf\n    \u2502\u00a0\u00a0 \u2514\u2500\u2500 ssh_keys                         # the keys generated by this instance\n    \u2502\u00a0\u00a0     \u2514\u2500\u2500 ubuntu-jumpbox.pem\n    \u251c\u2500\u2500 7b12f1-goad-light-vmware             # another instance\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 instance.json\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 inventory_disable_vagrant\n    \u2502\u00a0\u00a0 \u251c\u2500\u2500 provider\n    \u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 Vagrantfile\n    \u2502\u00a0\u00a0 \u2514\u2500\u2500 ssh_keys\n</code></pre>"},{"location":"instances/#instance-creation","title":"instance creation","text":"<ul> <li>On instance folder creation (when you run <code>install</code> or <code>create_empty</code>), the provider files inside the template/ folder are copied into the instance. <li>These files are merged with the datas inside <code>ad/&lt;lab&gt;/providers/&lt;provider&gt;/</code> folder and the datas inside <code>extensions/&lt;extension&gt;/providers/&lt;provider&gt;/</code></li> <li> <p>The merged result is present in the <code>workspace/&lt;instance_id&gt;/provider/</code> folder and contain all the recipes to create the infrastructure</p> </li> <li> <p>inventories files are also copied from <code>ad/&lt;lab&gt;/provider/&lt;provider&gt;/inventory</code> and <code>extensions/&lt;extension&gt;/inventory</code> (see provisioning for more information in provisioning)</p> </li>"},{"location":"provisioning/","title":"provisioning","text":"<p>This page describe how the provisioning is done with goad. The provisioning of the LABS is done with Ansible for all providers.</p> <ul> <li>First the GOAD install script create an instance folder in the workspace folder.</li> </ul>"},{"location":"provisioning/#lab-data","title":"Lab data","text":"<p>The data of each lab are stored in the json file : <code>ad/&lt;lab&gt;/data/config.json</code>, this file is loaded by each playbook to get all the lab variables (this is done by the data.yml playbook call by all the over playbooks)</p>"},{"location":"provisioning/#extension-data","title":"Extension data","text":"<p>If an extension need data it will be stored in <code>extensions/&lt;extension&gt;/data/config.json</code> but the loading must be done by extension install.yml playbook.</p> <ul> <li>Example with the exchange install.yml file :</li> </ul> <pre><code># read local configuration file\n- name: \"Read local config file\"\n  hosts: domain:extensions\n  connection: local\n  vars_files:\n    - \"../data/config.json\"\n  tasks:\n    - name: merge lab variable with local config\n      set_fact:\n        lab: \"{{ lab|combine(lab_extension, recursive=True) }}\"\n</code></pre>"},{"location":"provisioning/#inventories","title":"Inventories","text":"<p>Ansible work with inventories. Inventories files contains all the hosts declaration and some variables.</p> <ul> <li> <p>The lab inventory file (<code>ad/&lt;lab&gt;/data/inventory</code>) is not modified/moved and contain all the main variables and hosts association, this file stay as this and is not modified. It contains the lab building logic.</p> </li> <li> <p>The provider inventory file (<code>ad/&lt;lab&gt;/provider/&lt;provider&gt;/inventory</code>) is modified with the settings and copied into the workspace folder (<code>workspace/&lt;instance_id&gt;/inventory</code>) , this file contains variable specific to the provider and the host ip declaration</p> </li> <li> <p>The extension(s) inventory file(s) (<code>extensions/&lt;extension&gt;/inventory</code>) is modified with the settings and copied into the workspace folder (<code>workspace/&lt;instance_id&gt;/inventory_&lt;extension&gt;</code>) , this file contains variable specific to the extension and the extension host ip declaration</p> </li> <li> <p>The global inventory file <code>globalsettings.ini</code>contains some global variable with some user settings.</p> </li> </ul> <p>The inventory files are given to ansible in this order : - lab inventory file - workspace provider inventory file - workspace extension(s) inventory file(s) - globalsettings.ini file</p> <p>The order is important as it determine the override order. hosts declarations are merged between all inventory and variables with the same name are override if the same variable is declared. </p> <ul> <li>Example : if i setup dns_server_forwarder=8.8.8.8 in the lab inventory file and dns_server_forwarder=1.1.1.1 in the globalsettings.ini file, the final value for ansible wll be dns_server_forwarder=1.1.1.1</li> </ul>"},{"location":"provisioning/#playbooks","title":"playbooks","text":"<ul> <li>Labs playbook are stored on the ansible/ folder</li> <li>Extension playbook is stored in <code>extension/&lt;extension&gt;/ansible/install.yml</code></li> <li> <p>The extension folder can call the main goad roles by using a special ansible.cfg file.</p> </li> <li> <p>Example of the exchange ansible.cfg file <pre><code>[defaults]\n...\n; add default roles folder into roles_path\nroles_path = ./roles:../../../ansible/roles\n</code></pre></p> </li> </ul>"},{"location":"provisioning/#labs-build","title":"labs build","text":"<ul> <li>Instead of call a global main.yml playbook with all the different tasks to do the goad script call each playbook one by one.</li> <li>In this way, there is a fallback mecanism to retry each playbook 3 times before consider it as failed.</li> <li>The list and order of the playbooks played are stored in the playbooks.yml file at the start of the project.</li> </ul>"},{"location":"questions/","title":"Frequent asked questions","text":"<p>How can i change the default keyboard layout ?</p> <p>edit globalsettings.ini files and change the variable <code>keyboard_layouts</code></p> <p>How can i change the folder where vagrant download the boxes ?</p> <p>vagrant download the boxes by default on ~/.vagrant.d/ folder. Set up the VAGRANT_HOME environment variable to change this location.</p> <p>How can i change the folder where virtualbox create the box ?</p> <p>Go to virtualbox preferences and change the virtualbox vm location folder.</p> <p>I already got a lab installed with v2, is v3 will use it ?</p> <p>Sorry no, the v3 of GOAD doesn't look for already installed lab. Best way to migrate is trash your old lab and build a new one.</p> <p>Can i use goad to create a course for my student ?</p> <p>Sure GOAD is a GPL project. Feel free to reuse it to give course. Just don't forget to give credits to the project ;)</p>"},{"location":"references/","title":"References","text":"<p>\ud83d\udea7 TODO TO BE COMPLETED</p> <ul> <li> <p>Mayfly's blog : </p> <ul> <li>GOAD writeups</li> <li>SCCM writeups</li> <li>Proxmox Install</li> </ul> </li> <li> <p>NHA WriteUp :</p> <ul> <li>crypt0ace's blog NHA writeup</li> </ul> </li> <li> <p>Podcast</p> <ul> <li>Hackn'speak episode 0x1B (FR)</li> </ul> </li> <li> <p>YouTube</p> <ul> <li>Game Of Active Directory With Elastic by I.T security labs</li> <li>HackTheClown Playlist on GOAD-Light</li> <li>Game of Active Directory enumeration by qdada</li> </ul> </li> </ul>"},{"location":"thx/","title":"Special Thanks to","text":"<ul> <li>@KenjiEndo15 for all his work on the SCCM ansible roles and his contribution to the SCCM Lab</li> <li>aleemladha for exchange and ludus ansible roles</li> <li>Erik @badsectorlabs for his advises and tests during the Ludus provider creation</li> <li>@ArnC_CarN for his PR on the aws provider</li> <li>@Sant0rryu for his help during ADCS vulnerabilities creation</li> <li>All the Orange Cyberdefense Toulouse team for the beta tests on the NHA lab ;)</li> <li>Julien Arrault (For the Azure recipes creation)</li> <li>Thomas Rollain (For his tests &amp; some vulns writing during v1 creation)</li> <li>Quentin Galliou (For his tests during v1 creation)</li> </ul> <p>And of course to all the project contributors !</p>"},{"location":"thx/#enterprise","title":"Enterprise","text":"<ul> <li>Orange Cyberdefense</li> </ul>"},{"location":"troobleshoot/","title":"troubleshoot","text":"<p>Tip</p> <p>In most case if you get errors during install, don't think.  Select the failed instance \u0300<code>load &lt;instance_id&gt;</code> and just replay the install with <code>provision_lab</code> to relaunch all or <code>provision_lab_from &lt;playbook&gt;</code> if you know the last failed playbook  (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the install)</p> <p>\ud83d\udea7 TODO refresh me with new goad version :)</p>"},{"location":"troobleshoot/#vagrant-up-winrm-digest-initialization-failed-initialization-error","title":"vagrant up - WinRM - digest initialization failed : Initialization Error","text":"<pre><code>DC01: WinRM username: vagrant\nDC01: WinRM execution_time_limit: PT2H\nDC01: WinRM transport: negotiate\nAn error occurred executing a remote WinRM command.\n\nShell: Cmd\nCommand: hostname\nMessage: Digest initialization failed: initialization error\n</code></pre> <ul> <li>solution 1: change vagrantfile to not use ssl (https://github.com/Orange-Cyberdefense/GOAD/issues/68)<ul> <li>add this lines in vagrantfile to not use ssl :     <pre><code>config.winrm.transport = \"plaintext\"\nconfig.winrm.basic_auth_only = true\n</code></pre></li> </ul> </li> <li> <p>solution 2: allow legacy algorithm (https://github.com/Orange-Cyberdefense/GOAD/issues/11)</p> <ul> <li>add to /etc/ssl/openssl.conf : <pre><code>[provider_sect]\ndefault = default_sect\nlegacy = legacy_sect\n\n[default_sect]\nactivate = 1\n\n[legacy_sect]\nactivate = 1\n</code></pre></li> </ul> </li> <li> <p>solution 3: downgrade the vagrant version (<code>sudo apt install vagrant=2.2.19</code>)</p> </li> </ul>"},{"location":"troobleshoot/#vagrant-up-cannot-load","title":"vagrant up - cannot load","text":"<pre><code>&lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require': cannot load such file -- winrm (LoadError)\n    from &lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:9:in `block in &lt;top (required)&gt;'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/lib/vagrant/util/silence_warnings.rb:8:in `silence!'\n</code></pre> <ul> <li>solution : </li> <li><code>gem install winrm</code></li> <li><code>gem install winrm-fs</code></li> </ul>"},{"location":"troobleshoot/#vagrant-up-cannot-load-such-file-winrm-elevated-loaderror","title":"vagrant up - cannot load such file -- winrm-elevated (LoadError)","text":"<pre><code>&lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require': cannot load such file -- winrm-elevated (LoadError)\n        from &lt;internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb&gt;:85:in `require'\n        from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:12:in `&lt;top (required)&gt;'\n        ...\n</code></pre> <ul> <li>solution : <code>gem install winrm-elevated</code></li> </ul>"},{"location":"troobleshoot/#ansible-persistent-unreachable-error","title":"ansible persistent \"unreachable error\"","text":"<ul> <li>Unreachable means ansible can't contact the vms. </li> <li>Maybe the vms didn't got the right ip? (try to connect with vagrant/vagrant on vm and look the ip)</li> <li>Or you got a firewall on the vm which do provisioning which block winrm connection ?</li> <li>or maybe it is a vagrant issue : https://github.com/Orange-Cyberdefense/GOAD/issues/12</li> <li>You could try to switch on port 5985 to connect without ssl as suggest here : https://github.com/Orange-Cyberdefense/GOAD/issues/98 by uncomment the lines in the inventory file you use <pre><code># ansible_winrm_transport=basic\n# ansible_port=5985\n</code></pre></li> </ul>"},{"location":"troobleshoot/#the-naming-context-specified-for-this-replication-operation-is-invalid","title":"The naming context specified for this replication operation is invalid","text":"<pre><code>TASK [groups_domains : synchronizes all domains] *******************************************************************************************************************************************************************************************************************************\nchanged: [dc03]\nchanged: [dc01]\nfatal: [dc02]: FAILED! =&gt; {\"changed\": true, \"cmd\": \"repadmin /syncall /Ade\", \"delta\": \"0:00:01.090773\", \"end\": \"2023-10-18 09:30:26.016579\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2023-10-18 09:30:24.925805\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Syncing all NC's held on winterfell.\\r\\r\\nSyncing partition: DC=north,DC=sevenkingdoms,DC=local\\r\\r\\nCALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\\r\\r\\n    The RPC server is unavailable.\\r\\r\\n\\r\\r\\nSyncAll exited with fatal Win32 error: 8440 (0x20f8):\\r\\r\\n    The naming context specified for this replication operation is invalid.\\r\\r\\n\", \"stdout_lines\": [\"Syncing all NC's held on winterfell.\", \"\", \"Syncing partition: DC=north,DC=sevenkingdoms,DC=local\", \"\", \"CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\", \"\", \"    The RPC server is unavailable.\", \"\", \"\", \"\", \"SyncAll exited with fatal Win32 error: 8440 (0x20f8):\", \"\", \"    The naming context specified for this replication operation is invalid.\", \"\"]}\n</code></pre> <ul> <li>relaunch install</li> </ul>"},{"location":"troobleshoot/#vagrant-up-vagrant-cant-use-the-requested-machine-because-it-is-locked","title":"vagrant up - Vagrant can't use the requested machine because it is locked","text":"<pre><code>==&gt; GOAD-SRV03: Configuring and enabling network interfaces...\nVagrant can't use the requested machine because it is locked! This\nmeans that another Vagrant process is currently reading or modifying\nthe machine. Please wait for that Vagrant process to end and try\nagain. Details about the machine are shown below:\n</code></pre> <ul> <li>solution : relaunch the provisioning on the broken computer : </li> <li>exemple : <pre><code>cd ~/GOAD/ad/GOAD/providers/virtualbox\nvagrant reload GOAD-SRV03 --provisioning\n</code></pre></li> <li>and than relaunch the install script</li> </ul>"},{"location":"troobleshoot/#the-server-has-rejected-the-client-credentials","title":"The server has rejected the client credentials","text":"<pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [dc02] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\\\daenerys.targaryen']}) =&gt; {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"AcrossTheSea\", \"value\": [\"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: The server has rejected the client credentials.\"}\n</code></pre> <ul> <li>something go wrong with the trust, all the links are not fully establish</li> <li>wait several minutes and relaunch the install</li> </ul>"},{"location":"troobleshoot/#groups-domain-error","title":"Groups domain error","text":"<ul> <li>something go wrong with the trust, all the links are not fully establish</li> <li>wait several minutes and relaunch the playbook</li> <li>i really don't know why this append time to time on installation, if you want to investigate and resolve the issue please tell me how.</li> </ul> <pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [192.168.56.xx] (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\\\tyron.lannister', 'essos.local\\\\daenerys.targaryen']}) =&gt; {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"DragonsFriends\", \"value\": [\"north.sevenkingdoms.local\\\\jon.snow\", \"sevenkingdoms.local\\\\tyron.lannister\", \"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials.\"}\n</code></pre>"},{"location":"troobleshoot/#error-add-warning","title":"Error Add-Warning","text":"<ul> <li>You got an \"Add-Warning\" error during the user installation.</li> <li>Upgrade to community.windows galaxy &gt;= 1.11.0</li> <li>relaunch the ansible playbooks.</li> </ul> <pre><code>An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475\nfailed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',\n...\n\"msg\": \"Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.\"}+\n</code></pre>"},{"location":"troobleshoot/#a-parameter-cannot-be-found-that-matches-parameter-name-acceptlicense","title":"A parameter cannot be found that matches parameter name 'AcceptLicense'","text":"<ul> <li>If you got this kind of error you got an ansible.windows version &gt;=  1.11.0</li> <li>This version add the parameter AcceptLicense but it is accepted only for PowerShellGet module &gt;= 1.6.0 and this one is not embedded in the vms.</li> <li>Please keep version 1.11.0 and update the lab to get the fix for the PowerShellGet Module version.</li> </ul> <pre><code>fatal: [xxx]: FAILED! =&gt; {\n    \"changed\": false,\n    \"msg\": \"Problems installing XXXX module: A parameter cannot be found that matches parameter name 'AcceptLicense'.\",\n    \"nuget_changed\": false,\n    \"output\": \"\",\n    \"repository_changed\": false\n}\n</code></pre>"},{"location":"troobleshoot/#old-ansible-version","title":"old Ansible version","text":"<pre><code>ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.\n\nThe error appears to have been in '/home/hrrb0032/Documents/mission/GOAD/roles/domain_controller/tasks/main.yml': line 8, column 3, but maybe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n- name: disable enhanced exit codes\n^ here\n</code></pre> <p>solution : upgrade Ansible</p>"},{"location":"troobleshoot/#old-ansiblewindows-version","title":"old ansible.windows version","text":"<pre><code>ERROR! couldn't resolve module/action 'win_powershell'. This often indicates a misspelling, missing collection, or incorrect module path.\n</code></pre> <ul> <li>solution: reinstall ansible.windows module : <pre><code>ansible-galaxy collection install ansible.windows --force\n</code></pre></li> </ul>"},{"location":"troobleshoot/#winrm","title":"winrm","text":"<pre><code>PLAY [DC01 - kingslanding] *******************************************************\n\n\n\nTASK [Gathering Facts] ***********************************************************\nfatal: [192.168.56.10]: FAILED! =&gt; {\"msg\": \"winrm or requests is not installed: No module named winrm\"}\n\n\n\nPLAY RECAP ***********************************************************************\n192.168.56.10              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \n</code></pre> <p>solution : pip install pywinrm</p>"},{"location":"troobleshoot/#winrm-send-input-timeout","title":"winrm send input timeout","text":"<pre><code>TASK [Gathering Facts] ****************************************************************************************************************************************************\n[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMOperationTimeoutError\nok: [192.168.56.11]\n</code></pre> <p>solution : wait or if crashed then re-run install</p>"},{"location":"troobleshoot/#domain-controller-ensure-users-are-present","title":"Domain controller : ensure Users are present","text":"<p><pre><code>TASK [domain_controller : Ensure that Users presents in ou=&lt;kingdom&gt;,dc=SEVENKINGDOMS,dc=local] ***************************************************************************\nAn exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()\nfailed: [192.168.56.10] (item={u'key': u'lord.varys', u'value': {u'city': u\"King's Landing\", u'password': u'_W1sper_$', u'name': u'Lord Varys', u'groups': u'Small Council', u'path': u'OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local'}}) =&gt; {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": {\"key\": \"lord.varys\", \"value\": {\"city\": \"King's Landing\", \"groups\": \"Small Council\", \"name\": \"Lord Varys\", \"password\": \"_W1sper_$\", \"path\": \"OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local\"}}, \"msg\": \"Unhandled exception while executing module: An unspecified error has occurred\"}\n</code></pre>  solution : re-run install</p>"},{"location":"troobleshoot/#mssql-unable-to-install-sql-server","title":"mssql : Unable to install SQL Server","text":"<pre><code>TASK [mssql : Install the database]\nfatal: [192.168.56.22]: FAILED! =&gt; {\"attempts\": 3, \"changed\": true, \"cmd\": \"c:\\\\setup\\\\mssql\\\\sql_installer.exe /configurationfile=c:\\\\setup\\\\mssql\\\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\\\setup\\\\mssql\\\\media /QUIET /HIDEPROGRESSBAR\", \"delta\": \"0:00:34.891185\", \"end\": \"2022-08-17 21:26:53.976793\", \"msg\": \"non-zero return code\", \"rc\": 2226323458, \"start\": \"2022-08-17 21:26:19.085608\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Microsoft (R) SQL Server Installer\\r\\nCopyright (c) 2019 Microsoft.  All rights reserved.\\r\\n\\r\\nDownloading install package...\\r\\n\\r\\n\\r\\nOperation finished with result: Failure\\r\\n\\r\\nOops...\\r\\n\\r\\nUnable to install SQL Server (setup.exe).\\r\\n\\r\\n      Exit code (Decimal): -2068643838\\r\\n      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\\r\\n\\r\\n  SQL SERVER INSTALL LOG FOLDER\\r\\n      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\\r\\n\\r\\n\", \"stdout_lines\": [\"Microsoft (R) SQL Server Installer\", \"Copyright (c) 2019 Microsoft.  All rights reserved.\", \"\", \"Downloading install package...\", \"\", \"\", \"Operation finished with result: Failure\", \"\", \"Oops...\", \"\", \"Unable to install SQL Server (setup.exe).\", \"\", \"      Exit code (Decimal): -2068643838\", \"      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\", \"\", \"  SQL SERVER INSTALL LOG FOLDER\", \"      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\", \"\"]}\n</code></pre> <p>solution : re-run installer</p>"},{"location":"troobleshoot/#vagrant-not-working-on-ubuntu-2204","title":"vagrant: Not working on Ubuntu 22.04","text":"<p>I was using the version of Vagrant in the Ubuntu repo, and then tried to use the version 2.4.0 and 2.3.4 binaries from hashicorp, but kept on running into this error:</p> <p><pre><code>The guest machine entered an invalid state while waiting for it\nto boot. Valid states are 'starting, running'. The machine is in the\n'poweroff' state. Please verify everything is configured\nproperly and try again.\n\nIf the provider you're using has a GUI that comes with it,\nit is often helpful to open that and watch the machine, since the\nGUI often has more helpful error messages than Vagrant can retrieve.\nFor example, if you're using VirtualBox, run `vagrant up` while the\nVirtualBox GUI is open.\n\nThe primary issue for this error is that the provider you're using\nis not properly configured. This is very rarely a Vagrant issue.\n</code></pre> Solution : install vagrant from the hashicorp repo</p>"},{"location":"troobleshoot/#proxmox-error-creating-vm-403-permission-check-failed-sdnzoneslocalnetworkvmbr310-sdnuse","title":"proxmox: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use)","text":"<p>The error may look similar to below: <pre><code>==&gt; proxmox-iso.windows: Error creating VM: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use), \nerror status: {\"data\":null} (params: ......\n</code></pre></p> <p>It may be fixed by delegating the SDN.Use privilege to the packer user <pre><code>pveum role modify Packer -privs \"VM.Config.Disk VM.Config.CPU VM.Config.Memory Datastore.AllocateTemplate Datastore.Audit Datastore.AllocateSpace Sys.Modify VM.Config.Options VM.Allocate VM.Audit VM.Console VM.Config.CDROM VM.Config.Cloudinit VM.Config.Network VM.PowerMgmt VM.Config.HWType VM.Monitor SDN.Use\"\n</code></pre></p>"},{"location":"troobleshoot/#proxmox-proxmox-isowindows-error-creating-vm-error-creating-vm-unable-to-create-vm-103-unsupported-format-qcow2","title":"proxmox: ==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2'","text":"<p>The error may look similar to below: <pre><code>root@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==&gt; proxmox-iso.windows: Retrieving additional ISO\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==&gt; proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 =&gt; /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Creating VM\n==&gt; proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2' at /usr/share/perl5/PVE/Storage/LvmThinPlugin.pm line 87., error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug: ide2:local:iso/windows_server_2019.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2 net0:virtio=5E:5D:24:C4:0F:DA,bridge=vmbr3,tag=10 numa:false onboot:false ostype:win10 pool:GOAD sata0:vms:40,discard=ignore,format=qcow2 scsihw:lsi sockets:1 startup: tags: vmid:103])......\n</code></pre></p> <p>Filesystems such as ZFS (and others) do not support qcow2. From my reading the best approach is to use an ext4 filesystem and modify <code>config.auto.pkrvars.hcl</code> with the newly created ext4 volume.</p> <pre><code>root@goadprovisioning:~/GOAD/packer/proxmox# vi config.auto.pkrvars.hcl\n...\nproxmox_vm_storage      = \"ext4-qcow2\"\n...\nroot@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==&gt; proxmox-iso.windows: Retrieving additional ISO\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==&gt; proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 =&gt; /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==&gt; proxmox-iso.windows: Creating VM\n==&gt; proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==&gt; proxmox-iso.windows: Starting VM\n</code></pre> <ul> <li>another solution is to switch to raw : <code>proxmox_vm_storage      = \"raw\"</code></li> </ul>"},{"location":"troobleshoot/#proxmox-packer-error-creating-vm-volume-localisowindows_xxxiso-does-not-exist","title":"proxmox - packer error creating vm :  volume 'local:iso/windows_XXX.iso' does not exist","text":"<pre><code>==&gt; proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 116 - volume 'local:iso/windows_server2019_XXX_en-us.iso' does not exist, error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug\n: ide2:local:iso/windows_server2019_XXX_en-us.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2-uptodate net0:virtio=DA:CB:EB:85:08:0E,bridge=vmbr3,tag=10,firewall=false onboot:false ostype:win10 pool:Templates sata0:local:80,format=q\ncow2 scsihw:lsi sockets:1 startup: tags: vmid:116])   \n</code></pre> <p>verify your iso files inside proxmox and be sure the iso you want to use exist in proxmox</p>"},{"location":"troobleshoot/#ansible-adapter-name-error","title":"ansible adapter name error","text":"<pre><code>No MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet'\n\nor \n\nNo MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet2 '\n</code></pre> <ul> <li>connect to the vm and run ipconfig, verify the adapter name are the same as described in the inventory file.</li> <li>if not change them to match the inventory name in the vm.</li> </ul>"},{"location":"troobleshoot/#unreachable-proxmox-ansible","title":"unreachable - proxmox, ansible","text":"<pre><code>fatal: [dc01]: UNREACHABLE! =&gt; {\"changed\": false, \"msg\": \"ssl: HTTPSConnectionPool(host='192.168.10.40', port=5986): Max retries exceeded with url: /wsman\n</code></pre> <ul> <li>may be the vm is not well ready after the terraform creation. retry the install.</li> <li>if you still get the error connect to the vm and verify the static ip is corresponding with the one expect.</li> </ul>"},{"location":"vulnerabilities/","title":"Vulnerabilities","text":"<p>vulnerabilities</p>"},{"location":"developpers/provisioning/","title":"Provisioning","text":""},{"location":"developpers/provisioning/#provisioning","title":"Provisioning","text":"<ul> <li>The provisioning is always done with ansible, more detail on the ansible provisioning here : Ansible provisioning</li> </ul>"},{"location":"developpers/structure/","title":"Structure","text":""},{"location":"developpers/structure/#lab-organization","title":"Lab organization","text":"<ul> <li>The lab configuration is located on the ad/ folder</li> <li>Each Ad folder correspond to a lab and contains the following files :</li> </ul> <pre><code>ad/\n  labname/            # The lab name must be the same as the variable : domain_name from the data/inventory\n    data/\n      config.json     # The json file containing all the variables and configuration of the lab\n      inventory       # The global lab inventory (provider independent) (this should no contains variables)\n    files/            # This folder contains files you want to copy on your vms\n    scripts/          # This folder contains ps1 scripts you want to play on your vm (Must be added in the \"scripts\" entries of your vms)\n    providers/        # Your lab available provider\n      vmware/\n        inventory     # specific vmware inventory\n        Vagrantfile   # specific vmware vagrantfile\n      virtualbox/\n        inventory     # specific virtualbox inventory\n        Vagrantfile   # specific virtualbox vagrantfile\n      proxmox/\n        terraform/    # specific proxmox terraform recipe\n        inventory     # specific proxmox inventory\n      azure/\n        terraform/    # specific azure terraform recipe\n        inventory     # specific azure inventory\n</code></pre>"},{"location":"extensions/","title":"Extensions","text":"<ul> <li>exchange : Add an exchange to GOAD or GOAD-Light lab</li> <li>ws01 : Add an hardened workstation to GOAD or GOAD-Light lab</li> <li>wazuh : Add wazuh EDR to visualize alerts</li> <li>elk : Add an ELK to collect and read the logs</li> </ul>"},{"location":"extensions/elk/","title":"elk","text":"<ul> <li>Extension name : <code>elk</code></li> <li>Compatibility  : <code>*</code></li> <li>Providers : virtualbox/azure/vmware/aws/ludus</li> <li> <p>Add a machine  : elk  (ip_range.50)</p> </li> <li> <p>Kibana is configured on http://{{ip_range}}.50:5601 to follow the lab events</p> </li> <li>Infos : log encyclopedia : https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/</li> <li>Install filebeat agent on domain computer machines</li> </ul>"},{"location":"extensions/elk/#prerequisites","title":"prerequisites","text":"<ul> <li> <p>You need <code>sshpass</code> for the elk installation <pre><code>sudo apt install sshpass\n</code></pre></p> </li> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d ubuntu-22.04-x64-server\nludus templates build\n</code></pre></p> </li> </ul>"},{"location":"extensions/elk/#install","title":"Install","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the elk extension <pre><code>install_extension elk\n</code></pre></p> </li> </ul>"},{"location":"extensions/exchange/","title":"exchange","text":"<p>Thanks!</p> <p>Credits and huge thanks to aleemladha for his exchange role and his help to test the extension.</p> <ul> <li>Extension name : <code>exchange</code></li> <li>Compatibility  : GOAD, GOAD-Light</li> <li>Providers : virtualbox/azure/vmware/aws/ludus/proxmox</li> <li>Add a machine  : srv01 (the-eyrie.sevenkingdoms.local)  (ip_range.21)</li> </ul> <p>resources</p> <p>Exchange is really HUGE, it will add a vm with at least 12Gb of RAM be sure your computer support it before install</p> <p>impacts</p> <p>Modify the ad schema and add a computer (warning the exchange machine is really heavy)</p>"},{"location":"extensions/exchange/#prerequisites","title":"Prerequisites","text":"<ul> <li>GOAD or GOAD-Light installation</li> </ul>"},{"location":"extensions/exchange/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the exchange extension <pre><code>install_extension exchange\n</code></pre></p> </li> </ul>"},{"location":"extensions/wazuh/","title":"wazuh","text":"<p>Thanks!</p> <p>Credits and huge thanks to aleemladha for the ansible role. https://github.com/Orange-Cyberdefense/GOAD/pull/215</p> <ul> <li>Extension name : <code>wazuh</code></li> <li>Description : Add wazuh free EDR server and agent on all the domain computers + soc fortress rules (https://github.com/socfortress/Wazuh-Rules)</li> <li>Compatibility  : *</li> <li>Providers : virtualbox/azure/vmware/aws/ludus </li> <li>Add a machine  : wazuh (ip_range.51)</li> </ul> <p>impacts</p> <p>add a wazuh machine and a wazuh agent on all windows machine\"</p>"},{"location":"extensions/wazuh/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d ubuntu-22.04-x64-server\nludus templates build\n</code></pre></p> </li> <li> <p>A lab installed</p> </li> </ul>"},{"location":"extensions/wazuh/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the exchange extension <pre><code>install_extension wazuh\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/","title":"ws01","text":"<ul> <li>Extension name : <code>ws01</code></li> <li>Description : Add a Windows 10 workstation to the lab GOAD or GOAD Light in the domain sevenkingdoms.local</li> <li>Compatibility  : GOAD, GOAD-Light</li> <li> <p>Providers : virtualbox/azure/vmware/aws/ludus/proxmox</p> </li> <li> <p>Add a machine  : {{lab_name}}-WS01 (casterlyrock.sevenkingdoms.local)  (ip_range.31)</p> </li> </ul> <p>rearm</p> <p>The vm is not armed by default (90 days trials), connect to the vm with vagrant/vagrant and run as admin <code>slmgr -rearm</code> to rearm the box. (need a restart)</p> <p>aws</p> <p>AWS doesn't got any windows 10 so for aws the vm is a windows server 2019</p>"},{"location":"extensions/ws01/#lab-info","title":"Lab info","text":"<ul> <li> <p>Lab infos:</p> <ul> <li>hostname: casterlyrock </li> <li>Users:<ul> <li>Administrators :<ul> <li>tywin.lannister</li> <li>jaime.lannister</li> </ul> </li> <li>RDP Users:<ul> <li>Lannister group</li> </ul> </li> </ul> </li> </ul> </li> <li> <p>Features :</p> <ul> <li>run_as_ppl</li> <li>powershell restricted</li> <li>asr rules :<ul> <li>block lsass stealing</li> <li>block PSExec and WMI</li> </ul> </li> </ul> </li> </ul>"},{"location":"extensions/ws01/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>GOAD or GOAD-Light installation</p> </li> <li> <p>On ludus prepare template : <pre><code>ludus templates add -d win10-21h1-x64-enterprise\nludus templates build\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/#installation","title":"Installation","text":"<ul> <li> <p>select your instance <pre><code>load &lt;instance_id&gt;\n</code></pre></p> </li> <li> <p>install the ws01 extension <pre><code>install_extension ws01\n</code></pre></p> </li> </ul>"},{"location":"extensions/ws01/#thanks","title":"thanks","text":"<ul> <li>asr rules implementation : https://github.com/zuesdevil (https://github.com/Orange-Cyberdefense/GOAD/pull/172)</li> </ul>"},{"location":"installation/","title":"\ud83d\ude80 Installation","text":"<p>In the last version, GOAD use no more bash for the installation/management script. The goad management script is now written in  python to permit more flexibility and cover the needs to create a Windows WSL support.</p> <ul> <li> <p>First prepare you system for GOAD execution:</p> <ul> <li> Linux</li> <li> Windows</li> </ul> </li> <li> <p>Installation depend of the provider you use, please follow the appropriate guide :</p> <ul> <li> Install with Virtualbox</li> <li> Install with VmWare</li> <li> Install with Proxmox</li> <li> Install with Azure</li> <li> Install with Aws</li> <li>\ud83c\udfdf\ufe0f Install with Ludus</li> </ul> </li> </ul>"},{"location":"installation/#tldr-quick-install","title":"TLDR - quick install","text":"TLDR :  ubuntu 22.04 quick install <pre><code># Install vbox\nsudo apt install virtualbox\n\n# Install vagrant\nwget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\necho \"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\nsudo apt update &amp;&amp; sudo apt install vagrant\n\n# Install Vagrant plugins\nvagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n\n# Add some dependencies\nsudo apt install sshpass lftp rsync openssh-client python3.10-venv\n\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n# verify installation\n./goad.sh -t check -l GOAD -p virtualbox\n\n# install\n./goad.sh -t install -l GOAD -p virtualbox\n\n# launch goad in interactive mode\n./goad.sh\n</code></pre>"},{"location":"installation/#dependencies","title":"Dependencies","text":"<ul> <li>Goad in  python come with a lot of dependencies as you can see in the <code>requirements.yml</code> file on the root of the project.</li> <li>If you don't want to run the provisioning from your python venv but only from docker you can use <code>goad_docker.sh</code> script instead of <code>goad.sh</code>. This will run the ansible with the docker method instead of local or runner.</li> </ul> <p>This are the python dependencies used by goad :</p> <ul> <li> <p>Mandatory for  goad.py: <pre><code>rich\npsutil\nJinja2\npyyaml\n</code></pre></p> </li> <li> <p>Mandatory for  ansible inside goad (for provisioning method local or runner) : <pre><code># Ansible\nansible_runner\nansible-core==2.12.6\npywinrm\n</code></pre></p> </li> <li> <p>Mandatory for  azure provider : <pre><code># AZURE\nazure-identity\nazure-mgmt-compute\nazure-mgmt-network\n</code></pre></p> </li> <li> <p>Mandatory for  aws provider : <pre><code># AWS\nboto3\n</code></pre></p> </li> <li> <p>Mandatory for  proxmox provider: <pre><code># Proxmox\nproxmoxer\nrequests\n</code></pre></p> </li> <li> <p>You can launch goad without installing all the pip package but for that you will have to disable some dependencies with the <code>-d</code> arguments: <pre><code>-d vmware     : disable vmware provider\n-d virtualbox : disable virtualbox provider\n-d azure      : disable azure provider\n-d aws        : disable azure provider\n-d proxmox    : disable proxmox provider\n-d ludus      : disable ludus provider\n-d local      : disable local provisioning method (if you use docker only)\n-d runner     : disable ansible runner provisioning method (if you use docker only)\n-d remote     : disable remote provisioning method\n-d docker     : disable docker provisioning method\n</code></pre></p> </li> </ul>"},{"location":"installation/#installation_1","title":"Installation","text":"<ul> <li> <p>Installation is in three parts :</p> <ul> <li>Templating : this will create the template to use (needed only for proxmox and ludus)</li> <li>Providing : this will instantiate the virtual machines depending on your provider</li> <li>Provisioning : it is always made with ansible, it will install all the stuff to create the lab</li> </ul> </li> <li> <p>GOAD script cover the providing and provisioning part</p> </li> <li> <p>The install script take multiple parameters:</p> <ul> <li><code>-p</code>  : the provider to use (vmware/virtualbox/proxmox/ludus/azure/aws)</li> <li><code>-l</code>  : the lab to install (GOAD/GOAD-Light/SCCM/NHA/MINILAB)</li> <li><code>-m</code>  : the method of installation (local/runner/docker/remote), most of the time don't change it</li> <li><code>-ip</code> : the ip range to use</li> </ul> </li> <li> <p>The easy way is just launch <code>./goad.sh</code> and use help <code>?</code>in the interactive prompt</p> </li> </ul>"},{"location":"installation/#configuration-files","title":"Configuration files","text":""},{"location":"installation/#homegoadgoadini","title":"$HOME/.goad/goad.ini","text":"<ul> <li> <p>On the first launch goad create a global configuration file at : <code>$HOME/.goad/goad.ini</code> this file contains some default configuration and some parameters needed by some providers.</p> </li> <li> <p>If you change the <code>[default]</code> config it will change the default selection when goad start</p> </li> <li>Others configurations are related to specific providers</li> </ul> <pre><code>[default]\n; lab: goad / goad-light / minilab / nha / sccm\nlab = GOAD\n; provider : virtualbox / vmware / aws / azure / proxmox\nprovider = vmware\n; provisioner method : local / remote\nprovisioner = local\n; ip_range (3 first ip digits)\nip_range = 192.168.56\n\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n\n[azure]\naz_location = westeurope\n\n[proxmox]\npm_api_url = https://192.168.1.1:8006/api2/json\npm_user = infra_as_code@pve\npm_node = GOAD\npm_pool = GOAD\npm_full_clone = false\npm_storage = local\npm_vlan = 10\npm_network_bridge = vmbr3\npm_network_model = e1000\n\n[proxmox_templates_id]\nwinserver2019_x64 = 102\nwinserver2016_x64 = 103\nwinserver2019_x64_utd = 104\nwindows10_22h2_x64 = 105\n\n[ludus]\n; api key must not have % if you have a % in it, change it by a %%\nludus_api_key = change_me\nuse_impersonation = yes\n</code></pre>"},{"location":"installation/#global-configuration-globalsettingsini","title":"Global configuration : globalsettings.ini","text":"<ul> <li>Goad got a global configuration file : <code>globalsettings.ini</code> used by the ansible provisioning</li> <li>This file is an ansible inventory file.</li> <li>This file is always added at the end of the ansible inventory file list so you can override values here</li> <li>You can change it before running the installation to modify :<ul> <li>keyboard_layouts</li> <li>proxy configuration</li> <li>add a route to the vm</li> <li>change the default dns_forwarder</li> <li>disable ssl for winrm communication</li> </ul> </li> </ul>"},{"location":"installation/linux/","title":"Linux","text":"<ul> <li>First you will prepare your host for an hypervisor</li> <li>Second you will prepare your python environment</li> </ul>"},{"location":"installation/linux/#prepare-your-provider","title":"Prepare your Provider","text":"Virtualbox Vmware workstation Azure Aws Proxmox\ud83c\udfdf\ufe0f  Ludus <ul> <li> <p>Vagrant</p> <ul> <li>In order to download vm and create them on virtualbox you need to install vagrant</li> <li>https://developer.hashicorp.com/vagrant/install#linux</li> </ul> </li> <li> <p>Virtualbox</p> <ul> <li>Install virtualbox <pre><code>sudo apt install virtualbox\n</code></pre></li> </ul> </li> <li> <p>Install vagrant plugins <pre><code>vagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n</code></pre></p> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>Tip</p> <p>Vmware workstation is now free for personal use !</p> <ul> <li> <p>Vagrant</p> <ul> <li>In order to download vm and create them on virtualbox you need to install vagrant</li> <li>https://developer.hashicorp.com/vagrant/install#linux</li> </ul> </li> <li> <p>Vmware workstation</p> <ul> <li>Install vmware workstation https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro</li> </ul> </li> <li> <p>Install vagrant vmware utility : https://developer.hashicorp.com/vagrant/install/vmware</p> </li> <li> <p>Install the following vagrant plugins:     <pre><code>vagrant plugin install vagrant-reload vagrant-vmware-desktop winrm winrm-fs winrm-elevated\n</code></pre></p> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <ul> <li>Azure CLI<ul> <li>Install azure cli     https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux</li> <li>Connect to azure :     <pre><code>az login\n</code></pre></li> </ul> </li> <li>Terraform<ul> <li>The installation to Azure use terraform so you will have to install it: https://developer.hashicorp.com/terraform/install</li> </ul> </li> </ul> <ul> <li> <p>AWS CLI</p> <ul> <li>Install aws cli      https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions</li> <li> <ul> <li>Go to IAM &gt; User &gt; your user &gt; Security credentials</li> <li>Click the Create access key button</li> <li>Create a group \"[goad]\" in credentials file ~/.aws/credentials     <pre><code>[goad]\naws_access_key_id = changeme\naws_secret_access_key = changeme\n</code></pre></li> <li>Be sure to chmod 400 the file</li> </ul> <p>Create an aws access key and secret for goad usage</p> <p>credentials in plain text</p> <p>Storing credentials in plain text is always a bad idea, but aws cli work like that be sure to restrain the right access to this file</p> </li> </ul> </li> <li> <p>Terraform</p> <ul> <li>The installation to Aws use terraform so you will have to install it: https://developer.hashicorp.com/terraform/install</li> </ul> </li> </ul> <ul> <li>Proxmox install is very complex and use a lot of steps</li> <li>A complete guide to proxmox installation is available here : https://mayfly277.github.io/categories/proxmox/</li> </ul> <ul> <li>To add GOAD on Ludus please use goad directly on the server.</li> <li> <p>By now goad can work only directly on the server and not from a workstation client.</p> </li> <li> <p>Install Ludus : https://docs.ludus.cloud/docs/quick-start/install-ludus/</p> </li> <li> <p>Be sure to create an administrator user and keep his api key</p> </li> <li> <p>Once your installation is complete on ludus server (debian 12) and your user is created do :</p> </li> </ul> <pre><code>git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\n...&gt;exit\nvim ~/.goad/goad.ini # add the api_key in the config file (keep impersonate to yes and use an admin user)\n./goad.sh -p ludus\n...&gt;set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\n...&gt;install\n</code></pre>"},{"location":"installation/linux/#prepare-your-python-environment-for-goadpy","title":"Prepare your python environment for goad.py","text":"ClassicProvisioning with docker <ul> <li> <p> To run the Goad installation/management script you will need :</p> <ul> <li>Python (version between 3.8 and 3.11) with venv module installed</li> </ul> </li> <li> <p>Install the python3-venv corresponding to your python version </p> </li> </ul> <pre><code>sudo apt install python&lt;version&gt;-venv\n</code></pre> <ul> <li>Example:</li> </ul> <pre><code>sudo apt install python3.10-venv\n</code></pre> <p>Python version</p> <p>Be sure to use a python version between python3.8 and python 3.11. Others python versions are not supported by now due to incompatibility with the fixed version in the requirements.</p> <p>Info</p> <p>With this method ansible-core will not be installed locally on your venv</p> <ul> <li> be sure you have docker installed on your os for the provisioning part (ansible will be run from the container)</li> <li> <p> To run the Goad installation/management script you will need :</p> <ul> <li>Python (version &gt;= 3.8) with venv module installed</li> </ul> </li> <li> <p>Install the python3-venv corresponding to your python version </p> </li> </ul> <pre><code>sudo apt install python&lt;version&gt;-venv\n</code></pre> <ul> <li>Example:</li> </ul> <pre><code>sudo apt install python3.10-venv\n</code></pre> <ul> <li>Run goad with <code>./goad_docker.sh</code> instead of <code>./goad.sh</code> to install the dependencies without the ansible part (local and runner provisioning method will not be available)</li> </ul>"},{"location":"installation/windows/","title":"Windows","text":"<ul> <li>First you will prepare your windows host for an hypervisor</li> <li>Second you will choose between <ul> <li>install debian 12 with WSL to run goad install script</li> <li>Or prepare your windows host (install with a provisioning machine)</li> </ul> </li> </ul>"},{"location":"installation/windows/#prepare-windows-host","title":"Prepare Windows Host","text":"Virtualbox Vmware Workstation Aws Azure Promox\ud83c\udfdf\ufe0f  Ludus <p>If you want to use virtualbox as a hypervisor to create your vm.</p> <ul> <li> <p>VAGRANT</p> <p>If you want to create the lab on your windows computer you will need vagrant. Vagrant will be responsible to automate the process of vm download and creation.</p> <ul> <li>Download and install visual c++ 2019   : https://aka.ms/vs/17/release/vc_redist.x64.exe</li> <li>Install vagrant : https://developer.hashicorp.com/vagrant/install</li> </ul> </li> <li> <p>Virtualbox</p> <ul> <li> <p>Install virtualbox &lt;= 7.0 (vagrant support only to vbox7.0 at the time of writing) : https://www.virtualbox.org/wiki/Download_Old_Builds_7_0</p> </li> <li> <p>Install the following vagrant plugins:</p> </li> </ul> <pre><code>vagrant.exe plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n</code></pre> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>If you want to use vmware workstation as an hypervisor to create your vm.</p> <p>Tip</p> <p>Vmware workstation is now free for personal use !</p> <ul> <li> <p>VAGRANT</p> <p>If you want to create the lab on your windows computer you will need vagrant. Vagrant will be responsible to automate the process of vm download and creation.</p> <ul> <li>Download and install visual c++ 2019   : https://aka.ms/vs/17/release/vc_redist.x64.exe</li> <li>Install vagrant : https://developer.hashicorp.com/vagrant/install</li> </ul> </li> <li> <p>Vmware Workstation</p> <ul> <li>Install vmware workstation : https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro</li> </ul> <p>vmware workstation install bug</p> <p>if you got an error about groups and permission during vmware workstation install consider running this in an administrator cmd prompt: <pre><code>net localgroup /add \"Users\"\nnet localgroup /add \"Authenticated Users\"\n</code></pre></p> <ul> <li> <p>Install vagrant vmware utility : https://developer.hashicorp.com/vagrant/install/vmware</p> </li> <li> <p>Install the following vagrant plugins:</p> </li> </ul> <pre><code>vagrant.exe plugin install vagrant-reload vagrant-vmware-desktop winrm winrm-fs winrm-elevated\n</code></pre> </li> </ul> <p>Disk space</p> <p>The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.</p> <p>RAM</p> <p>Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.</p> <p>Nothing to prepare on windows host, install and prepare wsl and next follow linux install from your wsl console : see aws linux install</p> <p>Nothing to prepare on windows host, install and prepare wsl and next linux install from your wsl console see azure linux install</p> <p>Not supported, you will have to create a provisioning machine on your proxmox and run goad from then (see proxmox linux install)</p> <p>Not supported, you will have to act from your ludus server (see ludus linux install)</p>"},{"location":"installation/windows/#prepare-python-environment","title":"Prepare python environment","text":"With WSLWith Python on windows host <p>Now your host environment is ready for virtual machine creation. Now we will install WSL to run the goad installation script.</p> <p>wsl version</p> <p>New Linux installations, installed using the wsl --install command, will be set to WSL 2 by default. The wsl --set-version command can be used to downgrade from WSL 2 to WSL 1 or to update previously installed Linux distributions from WSL 1 to WSL 2. To see whether your Linux distribution is set to WSL 1 or WSL 2, use the command: <code>wsl -l -v</code>. To change versions, use the command: <code>wsl --set-version &lt;distro name&gt; &lt;wsl_version&gt;</code> replacing  with the name of the Linux distribution that you want to update.  As an example: <code>wsl --set-version Debian 1</code> will set your Debian distribution to use WSL 1. <p>use wsl version1</p> <p>by now wsl was tested succefully with version 1 </p>"},{"location":"installation/windows/#install-wsl","title":"Install WSL","text":"<ul> <li>First install wsl on your environment https://learn.microsoft.com/en-us/windows/wsl/install</li> <li>Next go to the microsoft store and install debian (debian12)</li> </ul>"},{"location":"installation/windows/#prepare-wsl-distribution","title":"Prepare WSL distribution","text":"<ul> <li> <p>Open debian console then :</p> <ul> <li> <p>Verify you are using python version &lt;= 11 <pre><code>python3 --version\n</code></pre></p> </li> <li> <p>Install python packages <pre><code>sudo apt update\nsudo apt install python3 python3-pip python3-venv libpython3-dev\n</code></pre></p> </li> </ul> </li> <li> <p>Next you can clone and run goad</p> </li> </ul> <pre><code>cd /mnt/c/whatever_folder_you_want\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n./goad.sh\n</code></pre> <p>For vmware or virtualbox only</p> <p>This mode doesn't need WSL but it is only if you plan to install goad locally on vmware or virtualbox</p> <ul> <li> <p>Prerequistes:</p> <ul> <li> python on your windows (tested ok with python 3.10) </li> <li> git</li> </ul> </li> <li> <p>Clone the goad project: <code>git clone https://github.com/Orange-Cyberdefense/GOAD</code></p> </li> <li>Checkout the v3-beta branch :      <pre><code>cd GOAD\ngit checkout -b v3-beta origin/v3-beta\n</code></pre></li> <li>Install python dependencies (choose the noansible file) :      <pre><code>pip install -r noansible_requirements.yml\n</code></pre></li> <li>Launch goad with vm provisioning method :      <pre><code>py goad.py -m vm\n</code></pre></li> </ul>"},{"location":"labs/","title":"Labs","text":"<ul> <li> <p>Practice lab(s) :</p> <ul> <li>GOAD : 5 vms, 2 forests, 3 domains (full goad lab)</li> <li>GOAD-Light : 3 vms, 1 forest, 2 domains (smaller goad lab for those with a smaller pc)</li> <li>SCCM : 4 vms, 1 forest, 1 domain, with microsoft configuration manager installed</li> </ul> </li> <li> <p>Challenge lab :</p> <ul> <li>NHA : A challenge with 5 vms and 2 domains. no schema provided, you will have to find out how break it.</li> </ul> </li> <li> <p>POC lab :</p> <ul> <li>MINILAB: 2 vms, 1 forest, 1 domain (basic lab with one DC (windows server 2019) and one Workstation (windows 10))</li> </ul> </li> </ul>"},{"location":"labs/GOAD-Light/","title":"GOAD-Light","text":"<p>This is a light version of goad without the essos domain. This lab was build for computer with less performance (min ~20GB).</p> <p></p> <p>Missing scenarios:</p> <ul> <li>cross forest exploitation (no more external forest)</li> <li>mssql trusted link</li> <li>some old computer vulnerabilities (zero logon, petitpotam unauthent,...)</li> <li>ESC4, ESC2/3</li> </ul>"},{"location":"labs/GOAD-Light/#servers","title":"Servers","text":"<p>This lab is actually composed of five virtual machines:</p> <p>domain : sevenkingdoms.local</p> <ul> <li>kingslanding : DC01  running on Windows Server 2019 (with windefender enabled by default)</li> </ul> <p>domain : north.sevenkingdoms.local</p> <ul> <li>winterfell   : DC02  running on Windows Server 2019 (with windefender enabled by default)</li> <li>castelblack  : SRV02 running on Windows Server 2019 (with windefender disabled by default)</li> </ul>"},{"location":"labs/GOAD-Light/#usersgroups-and-associated-vulnerabilitesscenarios","title":"Users/Groups and associated vulnerabilites/scenarios","text":"<ul> <li>You can find a lot of the available scenarios on https://mayfly277.github.io/categories/ad/</li> </ul> <p>NORTH.SEVENKINGDOMS.LOCAL</p> <ul> <li>STARKS:              RDP on WINTERFELL AND CASTELBLACK<ul> <li>arya.stark:        Execute as user on mssql</li> <li>eddard.stark:      DOMAIN ADMIN NORTH/ (bot 5min) LLMRN request to do NTLM relay with responder</li> <li>catelyn.stark:     </li> <li>robb.stark:        bot (3min) RESPONDER LLMR</li> <li>sansa.stark:       </li> <li>brandon.stark:     ASREP_ROASTING</li> <li>rickon.stark:      </li> <li>theon.greyjoy:</li> <li>jon.snow:          mssql admin / KERBEROASTING / group cross domain / mssql trusted link</li> <li>hodor:             PASSWORD SPRAY (user=password)</li> </ul> </li> <li>NIGHT WATCH:         RDP on CASTELBLACK<ul> <li>samwell.tarly:     Password in ldap description / mssql execute as login                     GPO abuse (Edit Settings on \"STARKWALLPAPER\" GPO)</li> <li>jon.snow:          (see starks)</li> <li>jeor.mormont:      (see mormont)</li> </ul> </li> <li>MORMONT:             RDP on CASTELBLACK<ul> <li>jeor.mormont:      ACL writedacl-writeowner on group Night Watch</li> </ul> </li> <li>AcrossTheSea :       cross forest group</li> </ul> <p>SEVENKINGDOMS.LOCAL</p> <ul> <li>LANISTERS<ul> <li>tywin.lannister:   ACL forcechangepassword on jaime.lanister</li> <li>jaime.lannister:   ACL genericwrite-on-user joffrey.baratheon</li> <li>tyron.lannister:   ACL self-self-membership-on-group Small Council</li> <li>cersei.lannister:  DOMAIN ADMIN SEVENKINGDOMS</li> </ul> </li> <li>BARATHEON:           RDP on KINGSLANDING<ul> <li>robert.baratheon:  DOMAIN ADMIN SEVENKINGDOMS</li> <li>joffrey.baratheon: ACL Write DACL on tyron.lannister</li> <li>renly.baratheon:</li> <li>stannis.baratheon: ACL genericall-on-computer kingslanding / ACL writeproperty-self-membership Domain Admins</li> </ul> </li> <li>SMALL COUNCIL :      ACL add Member to group dragon stone / RDP on KINGSLANDING<ul> <li>petyer.baelish:    ACL writeproperty-on-group Domain Admins</li> <li>lord.varys:        ACL genericall-on-group Domain Admins / Acrossthenarrossea</li> <li>maester.pycelle:   ACL write owner on group Domain Admins</li> </ul> </li> <li>DRAGONSTONE :        ACL Write Owner on KINGSGUARD</li> <li>KINGSGUARD :         ACL generic all on user stannis.baratheon</li> <li>AccorsTheNarrowSea:       cross forest group</li> </ul>"},{"location":"labs/GOAD-Light/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":"<ul> <li> <p>SEVENKINGDOMS</p> <ul> <li>DC01 : kingslanding.sevenkingdoms.local (Windows Server 2019) (SEVENKINGDOMS DC)<ul> <li>Admins : robert.baratheon (U), cersei.lannister (U)</li> <li>RDP: Small Council (G)</li> </ul> </li> </ul> </li> <li> <p>NORTH</p> <ul> <li> <p>DC02 : winterfell.north.sevenkingdoms.local (Windows Server 2019) (NORTH DC)</p> <ul> <li>Admins : eddard.stark (U), catelyn.stark (U), robb.stark (U)</li> <li>RDP: Stark(G)</li> </ul> </li> <li> <p>SRV02 : castelblack.essos.local (Windows Server 2019) (IIS, MSSQL, SMB share)</p> <ul> <li>Admins: jeor.mormont (U)</li> <li>RDP: Night Watch (G), Mormont (G), Stark (G)</li> <li>IIS : allow asp upload, run as NT Authority/network</li> <li>MSSQL:<ul> <li>admin : jon.snow</li> <li>impersonate : <ul> <li>execute as login : samwel.tarlly -&gt; sa</li> <li>execute as user : arya.stark -&gt; dbo</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul>"},{"location":"labs/GOAD/","title":"GOAD","text":"<p>GOAD is the first and main lab of this project. It contains 3 domains and 2 forest.</p> <p></p>"},{"location":"labs/GOAD/#servers","title":"Servers","text":"<p>This lab is actually composed of five virtual machines:</p> <p>domain sevenkingdoms.local</p> <ul> <li>kingslanding : DC01  running on Windows Server 2019 (with windefender enabled by default)</li> </ul> <p>domain north.sevenkingdoms.local</p> <ul> <li>winterfell   : DC02  running on Windows Server 2019 (with windefender enabled by default)</li> <li>castelblack  : SRV02 running on Windows Server 2019 (with windefender disabled by default)</li> </ul> <p>domain essos.local</p> <ul> <li>meereen      : DC03  running on Windows Server 2016 (with windefender enabled by default)</li> <li>braavos      : SRV03 running on Windows Server 2016 (with windefender enabled by default)</li> </ul>"},{"location":"labs/GOAD/#writeup","title":"WRITEUP","text":"<ul> <li>All the writeups of the Game Of Active Directory lab are available on mayfly's blog : https://mayfly277.github.io/categories/goad/</li> </ul>"},{"location":"labs/GOAD/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":"<ul> <li> <p>SEVENKINGDOMS / sevenkingdoms.local</p> <ul> <li>DC01 : kingslanding.sevenkingdoms.local (Windows Server 2019) (SEVENKINGDOMS DC)<ul> <li>Admins : robert.baratheon (U), cersei.lannister (U)</li> <li>RDP: Small Council (G)</li> </ul> </li> </ul> </li> <li> <p>NORTH / north.sevenkingdoms.local</p> <ul> <li> <p>DC02 : winterfell.north.sevenkingdoms.local (Windows Server 2019) (NORTH DC)</p> <ul> <li>Admins : eddard.stark (U), catelyn.stark (U), robb.stark (U)</li> <li>RDP: Stark(G)</li> </ul> </li> <li> <p>SRV02 : castelblack.essos.local (Windows Server 2019) (IIS, MSSQL, SMB share)</p> <ul> <li>Admins: jeor.mormont (U)</li> <li>RDP: Night Watch (G), Mormont (G), Stark (G)</li> <li>IIS : allow asp upload, run as NT Authority/network</li> <li>MSSQL:<ul> <li>admin : jon.snow</li> <li>impersonate : <ul> <li>execute as login : samwel.tarlly -&gt; sa</li> <li>execute as user : arya.stark -&gt; dbo</li> </ul> </li> <li>link :<ul> <li>to braavos : jon.snow -&gt; sa</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> <li> <p>ESSOS / essos.local</p> <ul> <li> <p>DC03  : meereen.essos.local (Windows Server 2016) (ESSOS DC)</p> <ul> <li>Admins: daenerys.targaryen (U)</li> <li>RDP: Targaryen (G)</li> </ul> </li> <li> <p>SRV03 : braavos.essos.local (Windows Server 2016) (MSSQL, SMB share)</p> <ul> <li>Admins: khal.drogo (U)</li> <li>RDP: Dothraki (G)</li> <li>MSSQL :<ul> <li>admin : khal.drogo</li> <li>impersonate :<ul> <li>execute as login : jorah.mormont -&gt; sa</li> </ul> </li> <li>link:<ul> <li>to castelblack: jorah.mormont -&gt; sa</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul>"},{"location":"labs/GOAD/#usersgroups-and-associated-scenarios","title":"Users/Groups and associated scenarios","text":"<ul> <li>Graph of some scenarios is available here : </li> </ul> <p>NORTH.SEVENKINGDOMS.LOCAL</p> <ul> <li>STARKS:              RDP on WINTERFELL AND CASTELBLACK<ul> <li>arya.stark:        Execute as user on mssql, pass on all share</li> <li>eddard.stark:      DOMAIN ADMIN NORTH/ (bot 5min) LLMRN request to do NTLM relay with responder</li> <li>catelyn.stark:     </li> <li>robb.stark:        bot (3min) RESPONDER LLMR / lsass present user</li> <li>sansa.stark:       keywalking password / unconstrained delegation</li> <li>brandon.stark:     ASREP_ROASTING</li> <li>rickon.stark:      pass spray WinterYYYY</li> <li>jon.snow:          mssql admin / KERBEROASTING / mssql trusted link</li> <li>hodor:             PASSWORD SPRAY (user=password)</li> </ul> </li> <li>NIGHT WATCH:         RDP on CASTELBLACK<ul> <li>samwell.tarly:     Password in ldap description / mssql execute as login                     GPO abuse (Edit Settings on \"STARKWALLPAPER\" GPO)</li> <li>jon.snow:          (see starks)</li> <li>jeor.mormont:      (see mormont)</li> </ul> </li> <li>MORMONT:             RDP on CASTELBLACK<ul> <li>jeor.mormont:      Admin castelblack, pass in sysvol script</li> </ul> </li> <li>AcrossTheSea :       cross forest group</li> </ul> <p>SEVENKINGDOMS.LOCAL</p> <ul> <li>LANISTERS<ul> <li>tywin.lannister:   ACE forcechangepassword on jaime.lanister, password on sysvol cyphered</li> <li>jaime.lannister:   ACE genericwrite-on-user joffrey.baratheon</li> <li>tyron.lannister:   ACE self membership on small council</li> <li>cersei.lannister:  DOMAIN ADMIN SEVENKINGDOMS</li> </ul> </li> <li>BARATHEON:           RDP on KINGSLANDING<ul> <li>robert.baratheon:  DOMAIN ADMIN SEVENKINGDOMS, protected user</li> <li>joffrey.baratheon: ACE Write DACL on tyron.lannister</li> <li>renly.baratheon:   WriteDACL on container, sensitive user</li> <li>stannis.baratheon: ACE genericall-on-computer kingslanding </li> </ul> </li> <li>SMALL COUNCIL :      ACE add Member to group dragon stone / RDP on KINGSLANDING<ul> <li>petyer.baelish:    </li> <li>lord.varys:        ACE genericall-on-group Domain Admins and sdholder</li> <li>maester.pycelle:   </li> </ul> </li> <li>DRAGONSTONE :        ACE Write Owner on group KINGSGUARD</li> <li>KINGSGUARD :         ACE generic all on user stannis.baratheon</li> <li>AccorsTheNarrowSea:       cross forest group</li> </ul> <p>ESSOS.LOCAL</p> <ul> <li>TARGERYEN<ul> <li>missande :          ASREP roasting, generic all on khal</li> <li>daenerys.targaryen: DOMAIN ADMIN ESSOS</li> <li>viserys.targaryen:  ACE write property on jorah.mormont</li> <li>jorah.mormont:      mssql execute as login / mssql trusted link / Read LAPS Password</li> </ul> </li> <li>DOTHRAKI<ul> <li>khal.drogo:         mssql admin / GenericAll on viserys (shadow credentials) / GenericAll on ECS4</li> </ul> </li> <li>DragonsFriends:       cross forest group</li> <li>Spys:                 cross forest group / Read LAPS password  / ACL generic all jorah.mormont</li> </ul>"},{"location":"labs/MINILAB/","title":"MINI lab","text":"<ul> <li>The MINI lab is just a sample presented during an Article on the MISC magazine.</li> <li>This is just a simple basic LAB with one DC (windows server 2019) and one Workstation (windows 10)</li> </ul>"},{"location":"labs/NHA/","title":"NINJA HACKER ACADEMY","text":"<ul> <li>NINJA HACKER ACADEMY (NHA) is written as a training challenge where GOAD was written as a lab with a maximum of vulns.</li> <li>You should find your way in to get domain admin on the 2 domains (academy.ninja.lan and ninja.hack)</li> <li> <p>Starting point is on srv01 : 192.168.58.21</p> </li> <li> <p>Flags are disposed on each machine, try to grab all. Be careful all the machines are up to date with defender enabled.</p> </li> <li>Some exploits needs to modify path so this lab is not very multi-players compliant (unless you do it as a team ;))</li> <li> <p>Obviously do not cheat by looking at the passwords and flags in the recipe files, the lab must start without user to full compromise. </p> </li> <li> <p>Install :</p> </li> </ul> <pre><code>./goad.sh -t install -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>Once install finish disable vagrant user to avoid using it :</li> </ul> <pre><code>./goad.sh -t disablevagrant -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>Now do a reboot of all the machine to avoid unintended secrets stored : </li> </ul> <pre><code>./goad.sh -t stop -l NHA -p virtualbox -m docker\n./goad.sh -t start -l NHA -p virtualbox -m docker\n</code></pre> <p>And you are ready to play ! :)</p> <ul> <li>If you need to re-enable vagrant</li> </ul> <pre><code>./goad.sh -t enablevagrant -l NHA -p virtualbox -m docker\n</code></pre> <ul> <li>If you want to create a write up of the chall, no problem, have fun. Please ping me on X (@M4yFly) or Discord, i will be happy to read it :)</li> </ul> <p>Tip</p> <p>No bruteforce, if not in rockyou do not waste your time and your cpu/gpu cycle.</p>"},{"location":"labs/SCCM/","title":"SCCM lab","text":"<p>Thanks!</p> <p>Thanks a lot to my colleague Issam (@KenjiEndo15), who start the project and provide me a lot of ansible roles to start from !</p> <p></p>"},{"location":"labs/SCCM/#servers","title":"Servers","text":"<p>4 virtual machines with Windows Server 2019</p> <ul> <li>DC :  Domain Controler </li> <li>MECM : mecm primary site serer</li> <li>MSSQL : mecm sql server</li> <li>CLIENT : mecm client computer</li> </ul> <p>All vms got defender activated</p>"},{"location":"labs/SCCM/#prerequisites","title":"Prerequisites","text":"<ul> <li>The prerequisites for the lab are the same as GOAD lab (virtualbox/vmware, python, ansible,...)</li> <li>The lab take 16GB for the vagrant image + 100GB for the 4 vms</li> <li>The installation take environ 2,5 hours (with fiber connection)</li> <li>The lab download multiple files during the install (windows iso, mecm installation package, mssql installation package, ...), be sure to have a good internet connection.</li> </ul>"},{"location":"labs/SCCM/#writeup","title":"Writeup","text":"<ul> <li>A writeup on SCCM exploitation is available here : https://mayfly277.github.io/categories/sccm/</li> </ul>"},{"location":"labs/SCCM/#proxmox-installation","title":"proxmox installation","text":"<ul> <li>In order to use the proxmox provider follow this :</li> </ul> <p>1) create a template with the windows_server2019_proxmox_cloudinit_uptodate.pkvars.hcl packer file (guide here: https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/) (note the id after the creation)</p> <p>2) create the variable file (ad/SCCM/providers/proxmox/terraform/variables.tf) by coping the template (ad/SCCM/providers/proxmox/terraform/variables.tf.template) and change the value according to your proxmox environnement</p> <p>3) on the provisioning computer : <pre><code>./goad.sh -t check -l SCCM -p proxmox -m local\n./goad.sh -t install -l SCCM -p proxmox -m local\n</code></pre></p> <p>4) if something goes wrong (restart of the vms during install, etc...), you can rerun only ansible with -a <pre><code>./goad.sh -t install -l SCCM -p proxmox -m local -a\n</code></pre></p>"},{"location":"providers/","title":"\ud83c\udfd7 Providers","text":"<ul> <li> <p>Providers are used to create and deploy the lab virtual machine.</p> </li> <li> <p>Goad actually support the following providers:</p> <ul> <li> <p>On your own computer :</p> <ul> <li> Virtualbox</li> <li> VmWare</li> </ul> </li> <li> <p>Cloud :</p> <ul> <li> Azure</li> <li> Aws</li> </ul> </li> <li> <p>Hypervisor :</p> <ul> <li> Proxmox</li> <li>\ud83c\udfdf\ufe0f Ludus</li> </ul> </li> </ul> </li> </ul> <p>The architecture is slightly different depending on the provider. Please consult the provider you use to understand the behavior.</p>"},{"location":"providers/aws/","title":"Aws","text":"<p>Thanks!</p> <p>Thx to @ArnC_CarN for the initial work on the aws provider</p> <p>The architecture is quite the same than the Azure deployment.</p> <p></p> <p>Warning</p> <p>LLMNR, NBTNS and other poisoning network attacks will not work in aws environment. Only network coerce attacks will work.</p>"},{"location":"providers/aws/#prerequisites","title":"Prerequisites","text":"<ul> <li>Terraform</li> <li>AWS CLI</li> </ul>"},{"location":"providers/aws/#aws-configuration","title":"AWS configuration","text":"<p>You need to configre AWS cli. Use a key with enough privileges on the tenant.</p> <pre><code>aws configure\n</code></pre> <ul> <li> <p>Create an aws access key and secret for goad usage</p> <ul> <li>Go to IAM &gt; User &gt; your user &gt; Security credentials</li> <li>Click the Create access key button</li> <li>Create a group \"[goad]\" in credentials file ~/.aws/credentials     <pre><code>[goad]\naws_access_key_id = changeme\naws_secret_access_key = changeme\n</code></pre></li> <li>Be sure to chmod 400 the file</li> </ul> <p>credentials in plain text</p> <p>Storing credentials in plain text is always a bad idea, but aws cli work like that be sure to restrain the right access to this file</p> </li> </ul>"},{"location":"providers/aws/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for aws:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n</code></pre> <ul> <li>If you want to use a different region and zone you can modify it.</li> </ul>"},{"location":"providers/aws/#installation","title":"Installation","text":"<pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p aws\n# Install\n./goad.sh -t install -l GOAD -p aws\n</code></pre> <p>or from the interactive console :</p> <pre><code>GOAD/aws/remote/192.168.56.X &gt; install\n</code></pre>"},{"location":"providers/aws/#startstopstatus","title":"start/stop/status","text":"<ul> <li>You can see the status of the lab with the command <code>status</code></li> <li>You can also start and stop the lab with the command <code>start</code> and <code>stop</code></li> </ul>"},{"location":"providers/aws/#vms-ami","title":"VMs ami","text":"<ul> <li>The vm used for goad are defined in the lab terraform file : <code>ad/&lt;lab&gt;/providers/aws/windows.tf</code></li> <li>This file is containing information about each vm in use</li> </ul> <pre><code>\"dc01\" = {\n  name               = \"dc01\"\n  domain             = \"sevenkingdoms.local\"\n  windows_sku        = \"2019-Datacenter\"\n  ami                = \"ami-018ebfbd6b0a4c605\"\n  instance_type      = \"t2.medium\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n}\n</code></pre>"},{"location":"providers/aws/#how-it-works","title":"How it works ?","text":"<ul> <li>On the installation goad script will create a folder into <code>goad/workspaces/&lt;instance_folder&gt;</code></li> <li>This folder will contain the terraform scripts and some of the ansible inventories</li> <li>Goad will create the cloud infrastructure with terraform.</li> <li>The lab is created (not provisioned yet) and a \"jumpbox\" vm is also created</li> <li>Next the needed sources will be pushed to the jumpbox using <code>ssh</code> and <code>rsync</code></li> <li>The jumpbox ssh_key is stored on <code>goad/workspaces/&lt;instance_folder&gt;/ssh_keys</code></li> <li>The jumpbox is prepared to run ansible</li> <li>The provisioning is launch with ssh remotely on the jumpbox</li> </ul>"},{"location":"providers/aws/#install-step-by-step","title":"Install step by step","text":"<pre><code>GOAD/aws/remote/192.168.56.X &gt; create_empty # create empty instance\nGOAD/aws/remote/192.168.56.X &gt; load &lt;instance_id&gt;\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provide # play terraform\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; sync_source_jumpbox # sync jumpbox source\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; prepare_jumpbox # install dependencies on jumpbox\nGOAD/aws/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provision_lab # run ansible\n</code></pre>"},{"location":"providers/aws/#tips","title":"Tips","text":"<ul> <li>To connect to the jumpbox VM you can use <code>ssh_jumpbox</code> in the goad interactive console</li> <li>To setup a socks proxy you can use <code>ssh_jumpbox_proxy &lt;proxy_port&gt;</code> in the goad interactive console</li> <li>All aws elements are tagged with <code>&lt;lab_name&gt;-&lt;lab_instance_id&gt;</code></li> </ul>"},{"location":"providers/azure/","title":"Azure","text":"<p>Thanks!</p> <p>Thx to Julien Arault for the initial work on the azure provider</p> <p></p> <p>Warning</p> <p>LLMNR, NBTNS and other poisoning network attacks will not work in azure environment. Only network coerce attacks will work.</p>"},{"location":"providers/azure/#prerequisites","title":"Prerequisites","text":"<ul> <li>Terraform</li> <li>Azure CLI</li> </ul>"},{"location":"providers/azure/#azure-configuration","title":"Azure configuration","text":"<p>You need to login to Azure with the CLI.</p> <pre><code>az login\n</code></pre>"},{"location":"providers/azure/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for azure:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[azure]\naz_location = westeurope\n</code></pre> <ul> <li>If you want to use a different location you can modify it.</li> </ul>"},{"location":"providers/azure/#installation","title":"Installation","text":"<pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p azure\n# Install\n./goad.sh -t install -l GOAD -p azure\n</code></pre> <p>or from the interactive console :</p> <pre><code>GOAD/azure/remote/192.168.56.X &gt; install\n</code></pre>"},{"location":"providers/azure/#startstopstatus","title":"start/stop/status","text":"<ul> <li>You can see the status of the lab with the command <code>status</code></li> <li>You can also start and stop the lab with the command <code>start</code> and <code>stop</code></li> </ul> <p>Info</p> <p>The command <code>stop</code> use deallocate, it take a long time to run but it is not only stopping the vms, it will deallocate them. By doing that, you will stop paying from them (but you still paying storage) and can save some money.</p>"},{"location":"providers/azure/#vms-sku","title":"VMs sku","text":"<ul> <li>The vm used for goad are defined in the lab terraform file : <code>ad/&lt;lab&gt;/providers/azure/windows.tf</code></li> <li>This file is containing information about each vm in use</li> </ul> <pre><code>\"dc01\" = {\n  name               = \"dc01\"\n  publisher          = \"MicrosoftWindowsServer\"\n  offer              = \"WindowsServer\"\n  windows_sku        = \"2019-Datacenter\"\n  windows_version    = \"17763.4377.230505\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n  size               = \"Standard_B2s\"\n}\n</code></pre>"},{"location":"providers/azure/#how-it-works","title":"How it works ?","text":"<ul> <li>On the installation goad script will create a folder into <code>goad/workspaces/&lt;instance_folder&gt;</code></li> <li>This folder will contain the terraform scripts and some of the ansible inventories</li> <li>Goad will create the cloud infrastructure with terraform.</li> <li>The lab is created (not provisioned yet) and a \"jumpbox\" vm is also created</li> <li>Next the needed sources will be pushed to the jumpbox using <code>ssh</code> and <code>rsync</code></li> <li>The jumpbox ssh_key is stored on <code>goad/workspaces/&lt;instance_folder&gt;/ssh_keys</code></li> <li>The jumpbox is prepared to run ansible</li> <li>The provisioning is launch with ssh remotely on the jumpbox</li> </ul>"},{"location":"providers/azure/#install-step-by-step","title":"Install step by step","text":"<pre><code>GOAD/azure/remote/192.168.56.X &gt; create_empty # create empty instance\nGOAD/azure/remote/192.168.56.X &gt; load &lt;instance_id&gt;\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provide # play terraform\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; sync_source_jumpbox # sync jumpbox source\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; prepare_jumpbox # install dependencies on jumpbox\nGOAD/azure/remote/192.168.56.X (&lt;instance_id&gt;) &gt; provision_lab # run ansible\n</code></pre>"},{"location":"providers/azure/#tips","title":"Tips","text":"<ul> <li>To connect to the jumpbox VM you can use <code>ssh_jumpbox</code> in the goad interactive console</li> <li> <p>To setup a socks proxy you can use <code>ssh_jumpbox_proxy &lt;proxy_port&gt;</code> in the goad interactive console</p> </li> <li> <p>If the command <code>destroy</code> or <code>delete</code> fails, you can delete the resource group using the CLI <pre><code>az group delete --name GOAD\n</code></pre></p> </li> </ul>"},{"location":"providers/ludus/","title":"\ud83c\udfdf\ufe0f Ludus","text":"<p>Thanks!</p> <p>Huge shootout to @badsectorlabs for Ludus and Erik for his support and tests during the ludus provider creation</p> <p>Install on ludus server only</p> <p>To add GOAD on Ludus please use goad directly on the server. By now goad can work only directly on the server and not from a workstation client.</p> <ul> <li> <p>Install Ludus : https://docs.ludus.cloud/docs/quick-start/install-ludus/</p> </li> <li> <p>Be sure to create an admin user and keep his api key</p> </li> <li>Once your installation is complete on ludus server (debian 12) and your user is created do :</li> </ul> <pre><code>git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\nexit\n</code></pre>"},{"location":"providers/ludus/#goad-configuration","title":"Goad configuration","text":"<ul> <li>The goad configuration file as some options for ludus:</li> </ul> <pre><code># ~/.goad/goad.ini\n...\n[ludus]\nludus_api_key = changeme\nuse_impersonation = yes\n</code></pre> <ul> <li>change the api_key with the one of your admin user</li> </ul>"},{"location":"providers/ludus/#install","title":"Install","text":"<pre><code>./goad.sh -p ludus\nGOAD/ludus/local &gt; set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\nGOAD/ludus/local &gt; install\n</code></pre> <ul> <li>The installation will create a new simple_user to generate the pool we will call him \"lab_user\" the id of this user will be <code>lab_name&lt;6alphanumeric_digit&gt;</code></li> <li>Next this \"lab_user\" will be impersonate to launch all the ludus deployment command</li> <li>At the end the \"lab_user\" will share access to our user</li> <li>This way we can manage multiple lab instance with goad on the same ludus server.</li> </ul> <p>Info</p> <p>On ludus the config ip_range is not used and is ignored. The ips will be setup automatically during the lab installation</p>"},{"location":"providers/proxmox/","title":"Proxmox","text":"<ul> <li>A complete guide to proxmox installation is available here : https://mayfly277.github.io/categories/proxmox/</li> </ul>"},{"location":"providers/proxmox/#prerequisites","title":"Prerequisites","text":"<ul> <li>Packer</li> <li>Terraform</li> </ul>"},{"location":"providers/proxmox/#installation","title":"Installation","text":"<ul> <li>Once you have prepared your provisioning vm (you can use the scripts/setup_proxmox.sh for prerequistes installation)</li> <li> <p>And once your prerequisites are ready see https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/ to prepare the template for proxmox</p> </li> <li> <p>You can run the automatic installation</p> </li> </ul> <pre><code># check prerequisites\n./goad.sh -t check -l GOAD -p proxmox\n# Install\n./goad.sh -t install -l GOAD -p proxmox\n</code></pre>"},{"location":"providers/virtualbox/","title":"Virtualbox","text":""},{"location":"providers/virtualbox/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>Providing</p> <ul> <li>Virtualbox</li> <li>Vagrant</li> <li>Vagrant plugins:<ul> <li>vagrant-reload</li> <li>vagrant-vbguest </li> <li>winrm</li> <li>winrm-fs</li> <li>winrm-elevated</li> </ul> </li> </ul> </li> <li> <p>Provisioning</p> <ul> <li>Python3 (version between [3.8, 3.11])</li> <li>goad requirements</li> <li>ansible-galaxy goad requirements</li> </ul> </li> </ul>"},{"location":"providers/virtualbox/#check-dependencies","title":"Check dependencies","text":"<pre><code>./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X &gt; check\n</code></pre> <p>Info</p> <p>If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.</p> <p>Note</p> <p>check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)</p>"},{"location":"providers/virtualbox/#install","title":"Install","text":"<ul> <li>To install run the goad script and launch install or use the goad script arguments</li> </ul> <pre><code>./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X &gt; set_lab &lt;lab&gt;  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/virtualbox/local/192.168.56.X &gt; set_ip_range &lt;ip_range&gt;  # here choose the  ip range you want to use ex: 192.168.56\nGOAD/virtualbox/local/192.168.56.X &gt; install\n</code></pre> <ul> <li>or all in command line with arguments</li> </ul> <pre><code>./goad.sh -t install -p virtualbox -l &lt;lab&gt; -ip &lt;ip_range_to_use&gt;\n</code></pre>"},{"location":"providers/vmware/","title":"Vmware","text":"<p>Quote</p> <p>\"Virtualbox c'est no way\" @mpgn</p>"},{"location":"providers/vmware/#prerequisites","title":"Prerequisites","text":"<ul> <li> <p>Providing </p> <ul> <li>Vmware workstation</li> <li>Vagrant</li> <li>Vmware utility driver</li> <li>Vagrant plugins:<ul> <li>vagrant-reload</li> <li>vagrant-vmware-desktop</li> <li>winrm</li> <li>winrm-fs</li> <li>winrm-elevated</li> </ul> </li> </ul> </li> <li> <p>Provisioning</p> <ul> <li>Python3 (version between [3.8, 3.11])</li> <li>goad requirements</li> <li>ansible-galaxy goad requirements</li> </ul> </li> </ul>"},{"location":"providers/vmware/#check-dependencies","title":"check dependencies","text":"<pre><code>./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X &gt; check\n</code></pre> <p>Info</p> <p>If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.</p> <p>Note</p> <p>check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)</p>"},{"location":"providers/vmware/#install","title":"Install","text":"<ul> <li>To install run the goad script and launch install or use the goad script arguments</li> </ul> <pre><code>./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X &gt; set_lab &lt;lab&gt;  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/vmware/local/192.168.56.X &gt; set_ip_range &lt;ip_range&gt;  # here choose the  ip range you want to use ex: 192.168.56 (only the first three digits)\nGOAD/vmware/local/192.168.56.X &gt; install\n</code></pre> <ul> <li>or all in command line with arguments</li> </ul> <pre><code>./goad.sh -t install -p vmware -l &lt;lab&gt; -ip &lt;ip_range_to_use&gt;\n</code></pre>"},{"location":"usage/","title":"Usage","text":"<ul> <li> <p>Goad script can be run in two ways.</p> <ul> <li>argument_mode : launch goad.sh with arguments to launch one task</li> <li>interactive_mode : launch an interactive console to manage multiple labs and instances.</li> </ul> </li> <li> <p>The easy way to use goad is just launch <code>./goad.sh</code> and use <code>?</code> in the interactive console to get some help.</p> </li> </ul>"},{"location":"usage/goad_args/","title":"Argument mode","text":"<ul> <li>Launch goad.py script (or goad.sh wrapper) with arguments</li> </ul> <pre><code>usage: goad.py [-h] [-t TASK] [-l LAB] [-p PROVIDER] [-ip IP_RANGE] [-m METHOD] [-i INSTANCE] [-e EXTENSIONS] [-a ANSIBLE_ONLY] [-r RUN_PLAYBOOK]\n\nDescription : goad lab management console.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t TASK, --task TASK  tasks available : (install/start/stop/restart/destroy/status/show)\n  -l LAB, --lab LAB     lab to use (default: GOAD)\n  -p PROVIDER, --provider PROVIDER\n                        provider to use (default: vmware)\n  -ip IP_RANGE, --ip_range IP_RANGE\n                        ip range to use (default: 192.168.56)\n  -m METHOD, --method METHOD\n                        deploy method to use (default: local)\n  -i INSTANCE, --instance INSTANCE\n                        use a specific instance (use default if not selected)\n  -e EXTENSIONS, --extensions EXTENSIONS\n                        extensions to use\n  -a ANSIBLE_ONLY, --ansible_only ANSIBLE_ONLY\n                        run only provisioning (ansible) on instance (-i) (for task install only)\n  -r RUN_PLAYBOOK, --run_playbook RUN_PLAYBOOK\n                        run only one ansible playbook on instance (-i) (for task install only)\n\nExample :\n - Install GOAD on virtualbox : python3 goad.py -t install -l GOAD -p virtualbox\n - Launch GOAD interactive console : python3 goad.py\n</code></pre>"},{"location":"usage/goad_console/","title":"GOAD interactive mode","text":"<p>Launch goad interactive mode</p> <p></p>"},{"location":"usage/goad_console/#enter-interactive-mode","title":"Enter interactive mode","text":"<p>To enter interactive mode just launch goad without the <code>-t</code> parameter</p> <pre><code>./goad.sh\n</code></pre>"},{"location":"usage/goad_console/#no-lab-instance-selected","title":"No lab instance selected","text":"<pre><code>*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall / create ........................ install the selected lab and create a lab instance\ncreate_empty ............................ prepare a lab instance folder without providing and provisioning\nlist .................................... list lab instances\nload &lt;instance_id&gt; ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nlabs .................................... show all labs and available providers\nset_lab &lt;lab&gt; ........................... set the lab to use\nset_provider &lt;provider&gt; ................. set the provider to use\nset_provisioning_method &lt;method&gt; ........ set the provisioning method\nset_ip_range &lt;range&gt; .................... set the 3 first digit of the ip to use (ex: 192.168.56)\n</code></pre>"},{"location":"usage/goad_console/#check","title":"check","text":"<p>Will check the lab dependencies</p> <pre><code>check\n</code></pre> <p></p>"},{"location":"usage/goad_console/#install","title":"install","text":"<p>Install the lab with the current select <code>config</code></p> <pre><code>install\n</code></pre> <ul> <li>This will:<ul> <li>create an instance folder into workspaces/</li> <li>run vagrant/terraform/ludus depending on the provider to create the machines</li> <li>synchronize source to jumpbox if provider is aws or azure</li> <li>provision jumpbox if provider is aws or azure</li> <li>run the ansible provisioning </li> </ul> </li> </ul> <p></p>"},{"location":"usage/goad_console/#create_empty","title":"create_empty","text":"<p>Create an empty instance folder (into the workspaces/ folder)</p> <pre><code>create_empty\n</code></pre> <p></p>"},{"location":"usage/goad_console/#list","title":"list","text":"<p>List instances</p> <p>alias : <code>ls</code></p> <pre><code>list\n</code></pre> <p></p>"},{"location":"usage/goad_console/#load","title":"load","text":"<p>Select an instance by his name</p> <p>alias : <code>use</code>, <code>cd</code></p> <pre><code>load &lt;instance name&gt;\n</code></pre> <p></p>"},{"location":"usage/goad_console/#config","title":"config","text":"<p>show current configuration</p> <pre><code>config\n</code></pre> <p></p>"},{"location":"usage/goad_console/#labs","title":"labs","text":"<p>show available labs</p> <pre><code>labs\n</code></pre> <p></p>"},{"location":"usage/goad_console/#set_lab","title":"set_lab","text":"<p>Choose the lab to use (GOAD/GOAD-Light/NHA/SCCM/MINILAB)</p> <pre><code>set_lab &lt;lab_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#set_provider","title":"set_provider","text":"<p>Choose the provider to use (virtualbox/vmware/aws/azure/ludus/proxmox)</p> <pre><code>set_provider &lt;lab_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#set_provisioning_method","title":"set_provisioning_method","text":"<p>Choose the provisioning method (local/runner/docker/remote) (most of the time you don't have to change it)</p> <pre><code>set_provisioning &lt;provisioning_method&gt;\n</code></pre> <ul> <li>local : launch ansible with subprocess (default for vbox/vmware/proxmox/ludus)</li> <li>runner : launch ansible with ansible runner</li> <li>remote : launch ansible through ssh using jumpbox (default for azure/aws)</li> <li>docker : user the docker container to launch ansible (docker container must be built first <code>sudo docker build -t goadansible .</code>)</li> </ul>"},{"location":"usage/goad_console/#set_ip_range","title":"set_ip_range","text":"<p>Set the ip range you want to use (Three first digit, example : 192.168.10)</p> <pre><code>set_ip_range &lt;ip_range&gt;\n</code></pre>"},{"location":"usage/goad_console/#instance-selected","title":"Instance selected","text":"<pre><code>*** Manage Lab instance commands ***\nstatus .................................. show current status\nstart ................................... start lab\nstop .................................... stop lab\ndestroy ................................. destroy lab\n\n*** Manage one vm commands ***\nstart_vm &lt;vm_name&gt; ...................... start selected virtual machine\nstop_vm &lt;vm_name&gt; ....................... stop selected virtual machine\nrestart_vm &lt;vm_name&gt; .................... restart selected virtual machine\ndestroy_vm &lt;vm_name&gt; .................... destroy selected virtual machine\n\n*** Extensions ***\nlist_extensions ......................... list extensions\ninstall_extension &lt;extension&gt; ........... install extension (providing + provisioning)\nprovision_extension &lt;extension&gt; ......... provision extension (provisioning only)\n\n*** JumpBox ***\nprepare_jumpbox ......................... install package on the jumpbox for provisioning\nsync_source_jumpbox ..................... sync source of the jumpbox\nssh_jumpbox ............................. connect to jump box with ssh\nssh_jumpbox_proxy &lt;proxy_port&gt; .......... connect to jump box with ssh and start a socks proxy\n\n*** Providing (Vagrant/Terrafom) ***\nprovide ................................. run only the providing (vagrant/terraform)\n\n*** Provisioning (Ansible) ***\nprovision &lt;playbook&gt; .................... run specific ansible playbook\nprovision_lab ........................... run all the current lab ansible playbooks\nprovision_lab_from &lt;playbook&gt; ........... run all the current lab ansible playbooks from specific playbook to the end\n\n*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall ................................. install the current instance (provide + prepare_jumpbox + provision_lab\nset_as_default .......................... set instance as default\nupdate_instance_files ................... update lab instance files\nlist .................................... list lab instances\nload &lt;instance_id&gt; ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nunload .................................. unload current instance\ndelete .................................. delete the currently selected lab instance\n</code></pre>"},{"location":"usage/goad_console/#status","title":"status","text":"<p>Give the current lab status</p> <pre><code>status\n</code></pre>"},{"location":"usage/goad_console/#start","title":"start","text":"<p>Start the current lab instance</p> <pre><code>start\n</code></pre>"},{"location":"usage/goad_console/#stop","title":"stop","text":"<p>Stop the current lab instance</p> <pre><code>stop\n</code></pre>"},{"location":"usage/goad_console/#destroy","title":"destroy","text":"<p>Danger</p> <p>Destroy the current lab instance vms</p> <pre><code>destroy\n</code></pre>"},{"location":"usage/goad_console/#start_vm","title":"start_vm","text":"<p>Start a vm</p> <pre><code>start_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#stop_vm","title":"stop_vm","text":"<p>Stop a vm</p> <pre><code>stop_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#restart_vm","title":"restart_vm","text":"<p>Restart a vm (start and stop)</p> <pre><code>restart_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#destroy_vm","title":"destroy_vm","text":"<p>Danger</p> <p>Destroy a vm</p> <pre><code>destroy_vm &lt;vm_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#list_extensions","title":"list_extensions","text":"<p>List available extensions</p> <pre><code>list_extensions\n</code></pre>"},{"location":"usage/goad_console/#install_extension","title":"install_extension","text":"<p>Add an extension to the lab (providing + provisioning)</p> <p>Warning</p> <p>An installed extension can't be deleted</p> <pre><code>install_extension &lt;extension_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#provision_extension","title":"provision_extension","text":"<p>Launch provisioning (ansible) for the extension</p> <pre><code>provision_extension &lt;extension_name&gt;\n</code></pre>"},{"location":"usage/goad_console/#prepare_jumpbox","title":"prepare_jumpbox","text":"<p>Prepare jumpbox : run the preparation script on the jumpbox (install dependencies)</p> <pre><code>prepare_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#sync_source_jumpbox","title":"sync_source_jumpbox","text":"<p>Rsync goad source with the jumpbox</p> <pre><code>sync_source_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#ssh_jumpbox","title":"ssh_jumpbox","text":"<p>SSH into the jumpbox</p> <pre><code>ssh_jumpbox\n</code></pre>"},{"location":"usage/goad_console/#ssh_jumpbox_proxy","title":"ssh_jumpbox_proxy","text":"<p>SSH into the jumpbox with a socks proxy option (-D)</p> <pre><code>ssh_jumpbox_proxy &lt;socks_proxy_port&gt;\n</code></pre>"},{"location":"usage/goad_console/#provide","title":"provide","text":"<p>Launch providing (machine creation)</p> <pre><code>provide\n</code></pre>"},{"location":"usage/goad_console/#provision","title":"provision","text":"<p>Launch specific playbook  (use playbook in ansible/ folder) </p> <pre><code>provision &lt;playbook.yml&gt;\n</code></pre>"},{"location":"usage/goad_console/#provision_lab","title":"provision_lab","text":"<p>Launch all the lab provisioning  (install labs on machines with ansible)</p> <pre><code>provision_lab\n</code></pre>"},{"location":"usage/goad_console/#provision_lab_from","title":"provision_lab_from","text":"<p>Launch the lab provisioning from a specific playbook (use playbook in ansible/ folder)</p> <p>Tip</p> <p>useful if the install crash to not redo all the provisioning</p> <pre><code>provision_lab_from &lt;playbook.yml&gt;\n</code></pre>"},{"location":"usage/goad_console/#check_1","title":"check","text":"<p>Launch the check (same as without instance) <pre><code>check\n</code></pre></p>"},{"location":"usage/goad_console/#install_1","title":"install","text":"<p>Launch the install (useful if you created an empty instance) <pre><code>install\n</code></pre></p>"},{"location":"usage/goad_console/#set_as_defualt","title":"set_as_defualt","text":"<p>Set the current instance as default (automatically loaded on goad start) <pre><code>set_as_defualt\n</code></pre></p>"},{"location":"usage/goad_console/#update_instance_files","title":"update_instance_files","text":"<p>Recreate the files inside the workspace folder <pre><code>update_instance_files\n</code></pre></p>"},{"location":"usage/goad_console/#list_1","title":"list","text":"<p>List instances</p> <p>alias : <code>ls</code></p> <pre><code>list\n</code></pre>"},{"location":"usage/goad_console/#load_1","title":"load","text":"<p>Select an instance by his name (here change the current instance)</p> <p>alias : <code>use</code>, <code>cd</code></p> <pre><code>load &lt;instance name&gt;\n</code></pre>"},{"location":"usage/goad_console/#config_1","title":"config","text":"<p>Show current configuration <pre><code>config\n</code></pre></p>"},{"location":"usage/goad_console/#unload","title":"unload","text":"<p>Unload the instance (alias <code>cd ..</code>) <pre><code>unload\n</code></pre></p>"},{"location":"usage/goad_console/#delete","title":"delete","text":"<p>Danger</p> <p>delete the current instance lab and vms</p> <pre><code>delete\n</code></pre>"}]}
\ No newline at end of file