Hi everyone! Welcome to the pentestguy. In this article we are going to setup active directory pentesting lab, here we are going to start with really basics things that installing active directory domain services, promote as domain controller, adding child domain, clients and the most important thing to setup vulnerable active directory pentesting lab using the vulnerable-ad powershell script.
Setup an Active Directory Domain Controller
To create an active directory domain controller or shortly called as ADDC, we need server operating system like Windows Server 2019, 2016, etc. Install the operating system as usual.
First make sure to setup a static IP address to the machine. So it won’t any trouble while using it next time and you can add google public dns in the dns section.
Open the server manager and click on add roles and features.
Select the role based installation option as we are going to install the services on the local server.
After that simply click on the server and click next in server selection. Now select the server roles which is given in the below picture.
Continue with the Features -> AD DS -> DNS Server and install the services.
After installation of roles, Promote server as domain controller.
Create a new forest and add the root domain name.
Set password and functional level of the domain controller.
Check for the NetBIOS domain name and next.
Check for the log location or leave as default..
Review the settings and click on install. It will automatically restart the server.
Vulnerable AD
Domain controller is ready now, let’s make it vulnerable by adding some objects and mis-configurations using Vulnerable-AD powershell script.
Download the Vulnerable AD – https://github.com/safebuffer/vulnerable-AD
Open powershell and run the following commands to execute the vulnerable-ad powershell script.
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass . .\vulnad.ps1 Invoke-VulnAD -UsersLimit 100 -DomainName "pentestguy"
Add Test User
Here we are going to add a test user which will be help us at various places, make sure to create a normal privileges user.
Open the Active Directory Users and Computers from server manager and expand the domain, right click on ther Users and new to create a new user.
Provide all the necessary user details and create a normal user, and we can use this user to login on the client system.
Add Client into the Domain
Now let’s add a client into the domain and for that install any client operating system, as I am doing it on virtualbox so I created another VM.
First we need to set the DNS to the internet settings of the system. Make sure that add the domain controller IP address as preferred dns.
Open the system properties and click on change to add the machine into the domain.
Provide the domain name and provide domain user credentials or admin (if you haven’t created any user in the domain).
Restart the system and login using the domain credentials.
Child Domain Server
As we know that in the real world there is only one root domain and in that root domain there will be multiple child domains. Now here we are going to add the child domain.
To add child domain again we need a VM or machine which having server operating system installed. and we are adding that machine as a client of the root domain.
Also make sure to follow the same steps to install the active directory roles.
Now , let’s promote server as child domain. Click on promote server as domain controller. Select the option add a new domain to an existing forest, select domain type child and provide child domain name in this case it’s IN
Provide the password and click on next.
Check the netbios name and proceed with the same steps that are for the domain contoller.
That’s it our vulnerable active directory lab/environment is ready for pentesting, well if you can add more clients machine according to the available resources to make more real scenarios.
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
