orange-cyberdefense / goad Goto Github PK

game of active directory

License: GNU General Public License v3.0

PowerShell 39.40% Jinja 1.96% HTML 1.99% ASP.NET 0.23% Dockerfile 0.07% Shell 8.11% Batchfile 0.59% HCL 8.04% CSS 0.09% JavaScript 38.38% Ruby 1.15%

goad's Introduction

Description

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

Warning This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk).
This repository was build for pentest practice.

Licenses

This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))

Available labs

GOAD : 5 vms, 2 forests, 3 domains (full goad lab)

GOAD-Light : 3 vms, 1 forest, 2 domains (smaller goad lab for those with a smaller pc)

MINILAB: 2 vms, 1 forst, 1 domain (basic lab with one DC (windows server 2019) and one Workstation (windows 10))
SCCM : 4 vms, 1 forest, 1 domain, with microsoft configuration manager installed

NHA : A challenge with 5 vms and 2 domains. no schema provided, you will have to find out how break it.

Requirements

Used space
- The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M))
- The total space needed for the lab is ~115 GB (and more if you take snapshots)
Linux operating system
- The lab intend to be installed from a Linux host and was tested only on this.
- Some people have successfully installed the lab from a windows OS, to do that they create the VMs with vagrant and have done the ansible provisioning part from a linux machine.
- In this case the linux machine used to do the provisioning must be setup with one adapter on NAT and one adapter on the same virtual private network as the lab.

tldr; quick install

You are on linux, you already got virtualbox, vagrant and docker installed on your host and you know what you are doing, just run :

./goad.sh -t check -l GOAD -p virtualbox -m docker
./goad.sh -t install -l GOAD -p virtualbox  -m docker

Now you can grab a coffee ☕ it will take time :)

Installation

Installation depend of the provider you use, please follow the appropriate guide :
Installation is in three parts :
1. Templating : this will create the template to use (needed only for proxmox)
2. Providing : this will instantiate the virtual machines depending on your provider
3. Provisioning : it is always made with ansible, it will install all the stuff to create the lab

Check before install

For linux users check dependencies installation before install :

./goad -t check -l <LAB> -p <PROVIDER> -m <ANSIBLE_RUN_METHOD>

LAB: lab must be one of the following (folder in ad/)
- GOAD
- GOAD-Light
PROVIDER : provider must be one of the following:
- virtualbox
- vmware
- azure
- proxmox
ANSIBLE_RUN_METHOD : ansible method to use :
- local : to use local ansible install
- docker : to use docker ansible install
Please install all the needed tools before run the install process
There is no automatic installer for the dependencies tools (virtualbox, vagrant, python, ansible,... ) you will have to install them by yourself depending on your package manager an linux system.

Install

Launch all the install (vagrant or terraform) vms creation followed by ansible provisioning :

./goad -t install -l <LAB> -p <PROVIDER> -m <ANSIBLE_RUN_METHOD>

The goad install will run all the ansible playbook one by one with a failover to restart the ansible playbook if something goes wrong (sometimes vms or playbook hit timeout so this will restart the playbook automatically)

goad.sh options

-a : ansible only is played during install task (no vagrant or terraform). This is useful if you install and run vagrant on windows and then launch the provisioning from a different computer (example : a kali linux connected to goad network)
-r <ansible_file.yml> : run only one ansible task (useful to run elk.yml or run only one playbook)
-e : enable elk in vagrant (example to install elk and play the elk playbook once you finish goad install run : ./goad.sh -t install -l GOAD -p virtualbox -m local -e elk -r elk.yml)

Provisioning

The provisioning is always done with ansible, more detail on the ansible provisioning here : Ansible provisioning

WriteUp

All the writeups of the Game Of Active Directory lab are available on this blog : mayfly blog

Troubleshoot

see troubleshoot

Road Map

Road Map for other labs (because these are too heavy for being embedded in goad)

Wsus (see SCCM lab)
Sccm (see SCCM lab)
Exchange

Lab organization

The lab configuration is located on the ad/ folder
Each Ad folder correspond to a lab and contains the following files :

ad/
  labname/            # The lab name must be the same as the variable : domain_name from the data/inventory
    data/
      config.json     # The json file containing all the variables and configuration of the lab
      inventory       # The global lab inventory (provider independent) (this should no contains variables)
    files/            # This folder contains files you want to copy on your vms
    scripts/          # This folder contains ps1 scripts you want to play on your vm (Must be added in the "scripts" entries of your vms)
    providers/        # Your lab available provider
      vmware/
        inventory     # specific vmware inventory
        Vagrantfile   # specific vmware vagrantfile
      virtualbox/
        inventory     # specific virtualbox inventory
        Vagrantfile   # specific virtualbox vagrantfile
      proxmox/
        terraform/    # specific proxmox terraform recipe
        inventory     # specific proxmox inventory
      azure/
        terraform/    # specific azure terraform recipe
        inventory     # specific azure inventory

Special Thanks to

Julien Arrault (Azure recipes)
Thomas Rollain (tests & some vulns writing)
Quentin Galliou (tests)

Socials

Note

This repo is based on the work of jckhmr and kkolk

goad's People

Contributors

Stargazers

Watchers

Forkers

joechip-dev phong1337 attacker-codeninja teddymwai horllste dviros m00np1e suriya73 delabatth bbhunter slooppe susurros zha0 puzzithinker hisanmehmood optionalg certcube-range superuser5 ruuand adversaryemulator zigzagsecurity nusiloot leomatias alsarmi sujal11111 victorzay bcp-homelab martialwolf shantanu561993 conanjun n0n5m1l3 eniac888 djmikebet tassfreehold qx-775 legend23 mrvn2018 tov-a luksecurity kathanp19 benjitrapp solen-yaa happysusl mgpen despratesparten gamra01 alex88-npa avds1198 stephenbradshaw dhaneshsivasamy07 bnder1 seth-williams raitomx ludovicpatho jossets rickv9 regalleuchte jasperh8624 r00t7oo2jm materaj2 cybersecops jmousqueton johnjohnsp1 partopronto lck0 druil0or stlcours digitf bradknowles malwarejake some19ice tony163163 cecilsingh kanthi joseluisinigo yas11r 0xtomtom vizzdoom justinforbes aancw unknownfallen xoften omaramin17 bahadirtmzr soufelhabti wshao12 nomiscientist hollupmo silocityit bubutzza 0xrobert jakuta-tech viperblack ptf569 bbhunty tehseensagar chanpu9 akp-watch 5m7x kmechg

goad's Issues

Not an issue

Bonjour,
Juste pour savoir si le projet était toujours actif et en dev pour une implémentation d'autres vulnérabilités? Il serait intéressant d'ajouter un serveur SQL+WEB et CIFS. En ajoutant les vulnérabilités sur la délégation avec le serveur Web et sql etc etc
Merci pour tout, votre blog ainsi que toutes vos ressources sont vraiment top!!

WinRM Initialization Error

I have the same issue as #17 but i cant apply the solution whcih solved the problem as i cant downgrade vagrant to this old version and if i downgrade vagrant i must also downgrade virtualbox to an old version like 6.0. Here is the error:

Error while adding domain/user group from another domain (ad-relations.yml)

Hi guys, i'm having some issue with ad-relations.yml

Previously, i had some error with MSSQL installation, but was able to troubleshoot it. But now i'm facing a new issue while installing ad-relations.yml. Here's the following errors. i cant add
I don't understand, the servers are up and running but it seems i can add other users, even if i'm doing it manually with users and computers tools. i took some snapshot, i tried to launch the playbook countless times, but error still persist
Here's the following error:

win_reboot: attempting post-reboot test command
EXEC (via pipeline wrapper)
win_reboot: attempting post-reboot test command
EXEC (via pipeline wrapper)
win_reboot: system successfully rebooted
changed: [192.168.56.11] => {
"changed": true,
"elapsed": 181,
"rebooted": true,
"unreachable": false
}

TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] *******************************************************************************
task path: /home/sparda/Documents/GIT/GOAD/ansible/roles/groups_domains/tasks/main.yml:5
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
<192.168.56.11> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.11
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
<192.168.56.12> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.12
EXEC (via pipeline wrapper)
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).Result was: {
"attempts": 2,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).Result was: {
"attempts": 2,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).Result was: {
"attempts": 3,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
The full traceback is:
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
At line:64 char:21

... up_member = Get-ADObject -Filter "SamAccountName -eq '$member' -and $ ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : ResourceUnavailable: (:) [Get-ADObject], ADServerDownException
- FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADObject

ScriptStackTrace:
at , : line 64

Microsoft.ActiveDirectory.Management.ADServerDownException: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running. ---> System.ServiceModel.EndpointNotFoundException: No DNS entries exist for host north.sevenkingdoms.local.

Server stack trace:
at System.ServiceModel.Channels.DnsCache.Resolve(Uri uri)
at System.ServiceModel.Channels.SocketConnectionInitiator.GetIPAddresses(Uri uri)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ActiveDirectory.WebServices.Proxy.Resource.Get(Message request)
at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request)
--- End of inner exception stack trace ---
at Microsoft.ActiveDirectory.Management.AdwsConnection.InitializeForAutoReconnect[TChannel](Boolean& isAutoReconnecting, TChannel& channel, ChannelFactory1& chFactory, String endpointName, CommunicationException& commException) at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(ADSearchRequest request) at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Search(ADSessionHandle handle, ADSearchRequest request) at Microsoft.ActiveDirectory.Management.ADObjectSearcher.GetRootDSE() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase1.GetRootDSE()
at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase1.GetConnectedStore() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase1.GetCmdletSessionInfo()
at Microsoft.ActiveDirectory.Management.Commands.ADGetCmdletBase3.ADGetCmdletBaseBeginCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\jon.snow', 'sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']}) => {
"ansible_loop_var": "item",
"attempts": 3,
"changed": false,
"item": {
"key": "DragonsFriends",
"value": [
"north.sevenkingdoms.local\jon.snow",
"sevenkingdoms.local\tyron.lannister",
"essos.local\daenerys.targaryen"
]
},
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running."
}
Using module file /home/sparda/.ansible/collections/ansible_collections/community/windows/plugins/modules/win_domain_group_membership.ps1
Pipelining is enabled.
EXEC (via pipeline wrapper)
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).Result was: {
"attempts": 1,
"changed": false,
"msg": "Unhandled exception while executing module: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",
"retries": 4

SkipPublisherCheck

need to add "-SkipPublisherCheck" on roles > common > tasks > main.yml

install-Module PowerShellGet -Force -SkipPublisherCheck

Add MSSQL admin ERROR -> jon.snow

Hello goodies!!!

I wanted to know if you can help me to solve this error, I have tried to launch it multiple times, to restart the entire AD and nothing.

DC01 Locks up on intial boot

Windows 10 OS running Virtualbox 6.1
Running Vagrant up all appears to function as expected.
When we reach the part for the remote winrm section, it appears to timeout due to DC01 not booting fully.
It's difficult to demo of course over screen shot, but essentially the white spinning circle runs for a few revolutions then locks up.

I've attempted to boot this VM manually, with out any network adapter, or with the internal adapter attached only but no avail.

Default windows firewall is enabled on the Win 10 device.

/vagrant/GOAD/ansible/data.yml

I am using windows and ubuntu, with vagrant i updated all machines but my problem is when i used ansible-playbooks in ubuntu
ansible [core 2.12.6]

(env) root@DESKTOP-I3MKVRC:/mnt/e/LabSources/vagrant/GOAD/ansible# ansible --version
[WARNING]: Ansible is being run in a world writable directory (/mnt/e/LabSources/vagrant/GOAD/ansible), ignoring it as an ansible.cfg source. For more
information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
ansible [core 2.12.6]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.0 (default, Dec 9 2021, 17:53:27) [GCC 8.4.0]
jinja version = 2.10
libyaml = False
(env) root@DESKTOP-I3MKVRC:/mnt/e/LabSources/vagrant/GOAD/ansible# ansible-playbook main.yml
[WARNING]: Ansible is being run in a world writable directory (/mnt/e/LabSources/vagrant/GOAD/ansible), ignoring it as an ansible.cfg source. For more
information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
[WARNING]: Could not match supplied host pattern, ignoring: dc01
[WARNING]: Could not match supplied host pattern, ignoring: dc02
[WARNING]: Could not match supplied host pattern, ignoring: dc03
[WARNING]: Could not match supplied host pattern, ignoring: srv01
[WARNING]: Could not match supplied host pattern, ignoring: srv02
[WARNING]: Could not match supplied host pattern, ignoring: srv03

PLAY [build all] ************************************************************************************************************************************************
skipping: no hosts matched

PLAY [build all no update] **************************************************************************************************************************************
skipping: no hosts matched

PLAY [Launch windows updates before continue] *******************************************************************************************************************
skipping: no hosts matched

PLAY [Read data files] ******************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************
ok: [192.168.0.108]
ok: [192.168.142.129]
ERROR! an undefined variable was found when attempting to template the vars_files item '{{data_path}}/config.json'

The error appears to be in '/mnt/e/LabSources/vagrant/GOAD/ansible/data.yml': line 6, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

vars_files:
- "{{data_path}}/config.json"
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:

with_items:
  - {{ foo }}

Should be written as:

with_items:
  - "{{ foo }}"

[Suggestion] Turn on WebClient service on Braavos

This lab is awesome! I've been playing around with it for a bit now.

It would be great for people to try the WebDAV coerced auth trick somewhere in the lab. E.g.
./Coercer.py -wh hackerbox -t braavos -u <essos_user> -p <user_pass>

By default this will not work. The target must have the WebClient service enabled. This service does not exist by default on Windows Servers, so to get it, we'd need to add the WebDAV Redirector role/feature. We then set the WebClient service to start on boot.

Performing this coerced auth with would tie in nicely to the RBCD attack again Meereen & Braavos.

Keen to hear your thoughts. 🙂

Issues

I keep on running in these issues:

servers.yml:
TASK [mssql : Add MSSQL admin] *****************************************************************
failed: [192.168.56.22] (item=NORTH\jon.snow) => {"ansible_loop_var": "item", "changed": true, "cmd": "SqlCmd -E -Q "CREATE LOGIN [NORTH\jon.snow] FROM WINDOWS"\nSqlCmd -E -Q "SP_ADDSRVROLEMEMBER 'NORTH\jon.snow','SYSADMIN'"", "delta": "0:00:18.890751", "end": "2022-11-15 15:52:04.494095", "item": "NORTH\jon.snow", "msg": "non-zero return code", "rc": 1, "start": "2022-11-15 15:51:45.603343", "stderr": "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.\r\nSqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..", "stderr_lines": ["Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Named Pipes Provider: Could not open a connection to SQL Server [2]. .", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login timeout expired.", "Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.."], "stdout": "", "stdout_lines": []}

ad-relations.yml
TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] ***
ok: [192.168.56.11] => (item={'key': 'AcrossTheSea', 'value': ['essos.local\daenerys.targaryen']})
ok: [192.168.56.12] => (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
ok: [192.168.56.12] => (item={'key': 'Spys', 'value': ['sevenkingdoms.local\Small Council']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.10] (item={'key': 'AcrossTheNarrowSea', 'value': ['essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheNarrowSea", "value": ["essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: A call to SSPI failed, see inner exception."}

Discord server / any other communication channel to discuss lab with other pentesters

Hi @Mayfly277 , thank you for making this lab, its awesome! so much ready options, vectors of attacks, and customization :)
For me as beginner pentester it would be really great to have ability to discuss some techniques applied specifically to this lab; and I think it may be beneficial for many guys here :) Any chance you will create Discord server/channel for this? I'm ready to do it as well, if that's okay

Statically configured interfaces

When porting to VMware I discovered a missing var:

adapter_names: 'Ethernet 2' # -> adapter_names: "{{domain_adapter}}"

affected files:

roles/domain_controller_slave/tasks/main.yml
roles/member_server/tasks/main.yml

[Documentation question] What are GO's?

in the README.md it says:

the lab take environ 60Go (but you have to get the space for the vms vagrant images windows server 2016 (6.15Go) / windows server 2019 (6.52) / ubuntu 18.04 (502M))
    the total space needed for the lab is ~80-100 Go (and more if you take snapshots)

Could you explain what 60Go and ~80-100 Go are? What does Go mean? Do you mean GB as in gigabytes?

Edit: I see the language of the author is french as by the following sentence later in the README.md exchange sur kingslanding ou une autre machine ? and the french translation of Gigabyte is GigaOctet (GO).

Perhaps you could update the README.md to be translated correctly? Otherwise I will look forward to deploy and play this game soon.

Ansible error: SRV02 (castelblack) failed to join domain 'north.sevenkingdoms.local'

Thanks for creating such a wonderful lab. Environment configured and working well except for this one error:

TASK [member_server : Add member server] ************************************************ ok: [192.168.56.23] fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified network name is no longer available.", "reboot_required": false}

System details:

$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic

$ vagrant --version Vagrant 2.2.19

$ vboxmanage --version 6.1.34r150636

$ ansible --version ansible [core 2.12.6] config file = /home/user/GOAD/ansible/ansible.cfg configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/user/GOAD/ansible/.venv/lib/python3.8/site-packages/ansible ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections executable location = /home/user/GOAD/ansible/.venv/bin/ansible python version = 3.8.0 (default, Dec 9 2021, 17:53:27) [GCC 8.4.0] jinja version = 3.1.2 libyaml = True

Happy to provide whatever extra information might be required to investigate and resolve.

Unhandled exception while executing module on ad-relations.yml

I try to deploy the GOAD v2 on my labs to learn active directory.
I have followed religiously the step for getting requierements:

sudo apt install python3.8-venv
cd ansible
virtualenv .venv
source .venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install ansible-core==2.12.6
python3 -m pip install pywinrm
ansible-galaxy install -r requirements.yml
ansible-playbook main.yml

But here is my output :


PLAY [Read data files] ***********************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.11]
ok: [192.168.56.10]
ok: [192.168.56.22]

TASK [save the Json data to a Variable as a Fact] ********************************************************************************************************************************************************
ok: [192.168.56.10]
ok: [192.168.56.11]
ok: [192.168.56.22]
ok: [192.168.56.12]

PLAY [Adjust rights configuration] ***********************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.22]
ok: [192.168.56.10]
ok: [192.168.56.11]

TASK [settings/adjust_rights : Add domain users to local groups] *****************************************************************************************************************************************
changed: [192.168.56.12] => (item={'key': 'Administrators', 'value': ['essos\\daenerys.targaryen']})
changed: [192.168.56.22] => (item={'key': 'Administrators', 'value': ['north\\jeor.mormont']})
changed: [192.168.56.10] => (item={'key': 'Administrators', 'value': ['sevenkingdoms\\robert.baratheon', 'sevenkingdoms\\cersei.lannister']})
changed: [192.168.56.11] => (item={'key': 'Administrators', 'value': ['north\\eddard.stark', 'north\\catelyn.stark', 'north\\robb.stark']})
changed: [192.168.56.12] => (item={'key': 'Remote Desktop Users', 'value': ['essos\\Targaryen']})
changed: [192.168.56.22] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']})
changed: [192.168.56.10] => (item={'key': 'Remote Desktop Users', 'value': ['sevenkingdoms\\Small Council']})
changed: [192.168.56.11] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Stark']})

PLAY [cross domain groups] *******************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.56.12]
ok: [192.168.56.10]
ok: [192.168.56.11]

TASK [groups_domains : Reboot and wait for the AD system to restart] *************************************************************************************************************************************
changed: [192.168.56.10]
changed: [192.168.56.12]
changed: [192.168.56.11]

TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] *********************************************************************
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
FAILED - RETRYING: [192.168.56.11]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\\jon.snow', 'sevenkingdoms.local\\tyron.lannister', 'essos.local\\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "DragonsFriends", "value": ["north.sevenkingdoms.local\\jon.snow", "sevenkingdoms.local\\tyron.lannister", "essos.local\\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials."}
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
failed: [192.168.56.11] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\daenerys.targaryen']}) => {"added": [], "ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheSea", "value": ["essos.local\\daenerys.targaryen"]}, "msg": "Could not find domain user, group, service account or computer named daenerys.targaryen", "removed": []}
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.12]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'Spys', 'value': ['sevenkingdoms.local\\Small Council']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "Spys", "value": ["sevenkingdoms.local\\Small Council"]}, "msg": "Unhandled exception while executing module: Authentication failed on the remote side (the stream might still be available for additional authentication attempts)."}

The problem was already discussed on the issue #19 but since no information about the fix was given and reinstalling my venv + ansible didn't fix anything. I reopen another issue here because it must be different problem.

I'm running Ubuntu 18.04 and the Vagrant part seem to be setup properly.
Tried to launch the playbook 6 or 7 times but no luck for me..

Tried both the playbook alone and the main.yml 6 or 7 times.

Any idea of whats wrong ?

I have found the following comment in the playbook where the error occur :

# doesen't work see : https://github.com/ansible-collections/community.windows/blob/main/plugins/modules/win_domain_group_membership.ps1
# ligne 62 : use the given credentials to distant domain -> wrong

What is the fix i should implement if any ?

A call to SSPI failed

I was consistently getting this error:

TASK [groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}] **************************************************************************************************
changed: [192.168.56.11] => (item={'key': 'AcrossTheSea', 'value': ['essos.local\\daenerys.targaryen']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (3 retries left).
changed: [192.168.56.12] => (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\tyron.lannister', 'essos.local\\daenerys.targaryen']})
ok: [192.168.56.12] => (item={'key': 'Spys', 'value': ['sevenkingdoms.local\\Small Council']})
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (2 retries left).
FAILED - RETRYING: [192.168.56.10]: Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.10] (item={'key': 'AcrossTheNarrowSea', 'value': ['essos.local\\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheNarrowSea", "value": ["essos.local\\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: A call to SSPI failed, see inner exception."}

An advanced google search led me to this URL:
stackoverflow link

I opted for the reg key mod and added the following between the "synchroizes all domains" and the "Add a domain user/group from another Domain...." tasks in the file "ansible/roles/groups_domains/tasks/main.yml":

- name: "Allow downgrade of TLS"
  ansible.windows.win_regedit:
    path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
    name: ClientMinKeyBitLength
    data: 00000200
    type: dword

And now it's working. I can drop this in a pull request if desired...

Issue with multi-domain forest to a domain group

Having issues with this specific Ansible Task-

name: "Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}}"
community.windows.win_domain_group_membership:
domain_server: "{{domain_server}}"
domain_username: "{{domain_username}}"
domain_password: "{{domain_password}}"
name: "{{item.key}}"
members: "{{ item.value }}"
state: Present
with_dict: "{{ domain_groups_members }}"
register: group_membership
until: "group_membership is not failed"
retries: 3
delay: 120

Ansible Output of the error

'''An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.11] (item={'key': 'AcrossTheSea', 'value': ['essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "AcrossTheSea", "value": ["essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: The server has rejected the client credentials."}

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'DragonsFriends', 'value': ['north.sevenkingdoms.local\jon.snow', 'sevenkingdoms.local\tyron.lannister', 'essos.local\daenerys.targaryen']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "DragonsFriends", "value": ["north.sevenkingdoms.local\jon.snow", "sevenkingdoms.local\tyron.lannister", "essos.local\daenerys.targaryen"]}, "msg": "Unhandled exception while executing module: The server has rejected the client credentials."}'

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()
failed: [192.168.56.12] (item={'key': 'Spys', 'value': ['sevenkingdoms.local\Small Council']}) => {"ansible_loop_var": "item", "attempts": 3, "changed": false, "item": {"key": "Spys", "value": ["sevenkingdoms.local\Small Council"]}, "msg": "Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials."}
''
Some troubleshooting :
Domain Trust Verification And ADUC error showing issue Adding "Small [email protected]" to "[email protected]" Similar issue with the other Security groups tagged with "multi domain"

nslookup to sevenkingdoms.local from essos.local (dc03 192.168.56.12)

nslookup to essos.local from sevenkingdoms.local (dc01 192.168.56.10)

Vagrant Synced Folders permit environment breakout

Vagrant synced folders are enabled, allowing trivial breakout of the environment by modifying the shared Vagrantfile file, leading to execution of arbitrary Ruby code on the host running Vagrant when the GOAD user runs any vagrant command from within the goad directory (such as vagrant status) or child directories.

Shared folders are enabled:

user@dev-ubuntu:~/vagrant/goad$ vagrant --version
Vagrant 2.3.1
user@dev-ubuntu:~/vagrant/goad$ vagrant up
[...]
==> DC01: Mounting shared folders...
    DC01: /vagrant => /home/user/vagrant/goad

We can write to contents of shared folders from the C:\vagrant directory within a GOAD virtual machine.

Ruby code inserted into the Vagrantfile from within a virtual machine is executed when a user runs vagrant commands:

user@dev-ubuntu:~/vagrant/goad$ ls pwned
ls: cannot access 'pwned': No such file or directory
user@dev-ubuntu:~/vagrant/goad$ vagrant status
bcoles was here 2022
Current machine states:

DC01                      running (virtualbox)
DC02                      running (virtualbox)
DC03                      running (virtualbox)
SRV02                     running (virtualbox)
SRV03                     running (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
user@dev-ubuntu:~/vagrant/goad$ cat pwned
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(lxd),135(sambashare),138(libvirt)
user@dev-ubuntu:~/vagrant/goad$

There may be a way to exploit this without waiting for user interaction (perhaps symlinks as per below) but I haven't looked into it. It is likely that users will eventually run vagrant status or vagrant halt.

Additionally, GOAD is an intentionally vulnerable environment. Numerous user accounts and services are configured with publicly documented default credentials. GOAD exposes various network services (such as RDP) to the LAN, allowing access to the vulnerable hosts on the virtual LAN using default credentials.

user@dev-ubuntu:~/vagrant/goad$ vagrant up DC01
Bringing machine 'DC01' up with 'virtualbox' provider...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Clearing any previously set forwarded ports...
==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
    DC01: Adapter 1: nat
    DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
    DC01: 3389 (guest) => 3389 (host) (adapter 1)
    DC01: 5985 (guest) => 55985 (host) (adapter 1)
    DC01: 5986 (guest) => 55986 (host) (adapter 1)
    DC01: 22 (guest) => 2222 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
    DC01: WinRM address: 127.0.0.1:55985
    DC01: WinRM username: vagrant
    DC01: WinRM execution_time_limit: PT2H
    DC01: WinRM transport: negotiate
==> DC01: Machine booted and ready!
==> DC01: Checking for guest additions in VM...
==> DC01: Configuring and enabling network interfaces...
==> DC01: Mounting shared folders...
    DC01: /vagrant => /home/user/vagrant/goad
==> DC01: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> DC01: flag to force provisioning. Provisioners marked to run always will still run.

user@dev-ubuntu:~/vagrant/goad$ netstat -an | grep 3389
tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN

$ sudo lsof -i :3389
[sudo] password for user: 
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
VBoxHeadl 9592 user   20u  IPv4  79136      0t0  TCP *:ms-wbt-server (LISTEN)

Remote network access to these services combined with writable Shared Folders effectively allows remote exploitation of the host running GOAD.

As far as I'm aware shared folders are not required. If shared folders are not required, the default vagrant share should be explicitly disabled:

diff --git a/Vagrantfile b/Vagrantfile
index 47b3b77..99a6627 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -38,6 +38,8 @@ boxes = [
 #   { :name => "SRV03", :ip => "192.168.56.23", :box => "jborean93/WindowsServer2016", :os => "windows"}
 # ]
 
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
   config.vm.provider "virtualbox" do |v|
     v.memory = 3000
     v.cpus = 2

In theory the above change should be sufficient - although when I tried applying the above change the shared folder was still mounted. Perhaps it needs to be disabled for each box.

Additionally, if shared folders are required, ensure symlinks are disabled for all shared folders:

  config.vm.synced_folder '.', '/a-shared-path', SharedFoldersEnableSymlinksCreate: false

Velociraptor/Velocihelk addition to ansible elk.yml playbook

It would probably be a good enhancement to add velociraptor on elk.yml as an enhancement

Erreur de commande WINRM lors de la création du premier DC Kingslanding

Impossible de lancer l'infrastructure avec la commande vagrant up

Auriez vous une piste concernant la résolution de cette erreur ? :)

ansible-playbook main errors - TASK [Gathering Facts] & TASK [trusts : Add trusts between domain] & TASK [password_policy : set password policy]

I'm running Ubuntu 22.04 with vagrant 2.2.18 as a workaround to resolve the issue described here: #12

This is the setup process I followed. Taken from the official setup process with added dependencies required for Ubuntu 22.04:
sudo apt update && sudo apt install curl docker.io ansible git virtualbox python3-pip python3.10-venv -y
(python3.8-venv not available on Ubuntu 22.04)

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vagrant=2.2.18

git clone https://github.com/Orange-Cyberdefense/GOAD
cd GOAD/ansible
sudo pip3 install virtualenv
python3 -m pip install --upgrade pip
python3.10 -m virtualenv .venv

Start venv environment:
source .venv/bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install ansible-core==2.12.6
python3 -m pip install pywinrm
ansible-galaxy install -r requirements.yml

In ~/GOAD folder path:
sudo docker build -t goadansible .
##GOAD_backup folder in GOAD_VM main folder is the VM snapshot setup to this point.##
vagrant up
cd ansible
ansible-playbook main.yml

I get the following errors when running ansible-playbook main.yml:

TASK [Gathering Facts] *************************************************************************************************************
fatal: [192.168.56.10]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.10', port=5986): Max retries exceeded with url: /wsman (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f7994eb4880>: Failed to establish a new connection: [Errno 113] No route to host'))", "unreachable": true}
TASK [member_server : Add member server] *******************************************************************************************
changed: [192.168.56.23]
fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified domain either does not exist or could not be contacted.", "reboot_required": false}

TASK [trusts : Add trusts between domain] ******************************************************************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "", "category": "NotSpecified", "category_id": 0, "reason": "MethodInvocationException", "target_name": "", "target_type": ""}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233087, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "The specified forest does not exist or cannot be contacted.", "source": "System.DirectoryServices", "type": "System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException"}, "message": "Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."", "source": "System.Management.Automation", "type": "System.Management.Automation.MethodInvocationException"}, "fully_qualified_error_id": "ActiveDirectoryObjectNotFoundException", "output": "Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : ActiveDirectoryObjectNotFoundException\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": null}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}

TASK [password_policy : set password policy] ***************************************************************************************
fatal: [192.168.56.11]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "Set-ADDefaultDomainPasswordPolicy", "category": "ResourceUnavailable", "category_id": 21, "reason": "ADServerDownException", "target_name": "WORKGROUP", "target_type": "ADDefaultDomainPasswordPolicy"}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233088, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "Unable to find a default server with flags: 'Writable | ADWS | ReturnDnsName'.", "source": null, "type": "Microsoft.ActiveDirectory.Management.ADException"}, "message": "Unable to find a default server with Active Directory Web Services running.", "source": "Microsoft.ActiveDirectory.Management", "type": "Microsoft.ActiveDirectory.Management.ADServerDownException"}, "fully_qualified_error_id": "ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy", "output": "Set-ADDefaultDomainPasswordPolicy : Unable to find a default server with Active Directory Web Services running.\r\nAt line:19 char:1\r\n+ Set-ADDefaultDomainPasswordPolicy -Identity $Domain -AuthType Negotia ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResoureUnavailable: (WORKGROUP:ADDefaultDomainPasswordPolicy) \r\n[Set-ADDefaultDomainPasswordPolicy], ADServerDownException\r\n + FullyQualifiedErrorId : \r\nActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": {"AddedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "ComplexityEnabled": null, "LockoutDuration": null, "LockoutObservationWindow": null, "LockoutThreshold": null, "MaxPasswordAge": null, "MinPasswordAge": null, "MinPasswordLength": null, "ModifiedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "PasswordHistoryCount": null, "PropertyCount": 0, "PropertyNames": {"Count": 0, "IsReadOnly": true, "IsSynchronized": false, "SyncRoot": {}}, "RemovedProperties": {"Comparer": {}, "Count": 0, "IsReadOnly": false}, "ReversibleEncryptionEnabled": null}}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}

192.168.56.10 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.11 : ok=29 changed=16 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=30 changed=19 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
192.168.56.22 : ok=17 changed=10 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=41 changed=21 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0

castelblack not able to join Domain

I am stuck at this,

fatal: [192.168.56.22]: FAILED! => {
    "changed": true,
    "msg": "failed to join domain: Computer 'castelblack' failed to join domain 'north.sevenkingdoms.local' from its current workgroup 'WORKGROUP' with following error message: The specified network name is no longer available.",
    "reboot_required": false
}

Did anyone saw this before?

NoPac dont work

Hello,

Thk for all the work in this repot.

I got an error with the noPac vulns (CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user)

https://github.com/Ridter/noPac

└─# python3 noPac.py essos.local/viserys.targaryen:GoldCrown  -dc-ip 192.168.56.12

███    ██  ██████  ██████   █████   ██████ 
████   ██ ██    ██ ██   ██ ██   ██ ██      
██ ██  ██ ██    ██ ██████  ███████ ██      
██  ██ ██ ██    ██ ██      ██   ██ ██      
██   ████  ██████  ██      ██   ██  ██████ 
                                           
                                        
    
[*] Current ms-DS-MachineAccountQuota = 10
[*] Selected Target meereen.essos.local
[*] Total Domain Admins 2
[*] will try to impersonat daenerys.targaryen
[*] Adding Computer Account "WIN-D8KGLE4YSFE$"
[*] MachineAccount "WIN-D8KGLE4YSFE$" password = FXGlOanW(foZ
[*] Successfully added machine account WIN-D8KGLE4YSFE$ with password FXGlOanW(foZ.
[*] WIN-D8KGLE4YSFE$ object = CN=WIN-D8KGLE4YSFE,CN=Computers,DC=essos,DC=local
[-] Cannot rename the machine account , Reson 00000524: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0

[*] Attempting to del a computer with the name: WIN-D8KGLE4YSFE$
[-] Delete computer WIN-D8KGLE4YSFE$ Failed! Maybe the current user does not have permission.

it seems that the serveur is vulnerable for cme ...

└─# cme smb 192.168.56.12 -u viserys.targaryen -p GoldCrown -M nopac
SMB         192.168.56.12   445    MEEREEN          [*] Windows Server 2016 Standard Evaluation 14393 x64 (name:MEEREEN) (domain:essos.local) (signing:True) (SMBv1:True)
NOPAC       192.168.56.12   445    MEEREEN          TGT with PAC size 1534
NOPAC       192.168.56.12   445    MEEREEN          TGT without PAC size 729
NOPAC       192.168.56.12   445    MEEREEN          
NOPAC       192.168.56.12   445    MEEREEN          VULNEABLE
NOPAC       192.168.56.12   445    MEEREEN          Next step: https://github.com/Ridter/noPac

Did i something wrong ?
i try also with this known repo : https://github.com/WazeHell/sam-the-admin

A+

Ansible fails

Errors when ansible checking if chocolatey is installed:

$ ansible-playbook ad.yml

Errors to setup vulnerabilites on dc01 for the asrep_roasting.ps1 script:

$ ansible-playbook vulns.yml

Thanks for your help.

vagrant halt error

when running 'vagrant halt' after a successful launch, I get the following:
==> SRV03: Attempting graceful shutdown of VM...
==> SRV02: Attempting graceful shutdown of VM...
==> DC03: Attempting graceful shutdown of VM...
Traceback (most recent call last):
79: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/bin/vagrant:248:in <main>' 78: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/environment.rb:301:in cli'
77: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/cli.rb:67:in execute' 76: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/commands/halt/command.rb:30:in execute'
75: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:232:in with_target_vms' 74: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:232:in each'
73: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/plugin/v2/command.rb:243:in block in with_target_vms' 72: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/commands/halt/command.rb:31:in block in execute'
71: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:203:in action' 70: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:203:in call'
69: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/environment.rb:631:in lock' 68: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:217:in block in action'
67: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:248:in action_raw' 66: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in run'
65: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 64: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in block in run'
63: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 62: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
61: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/check_virtualbox.rb:26:in call' 60: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
59: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:53:in call' 58: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in run'
57: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 56: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in block in run'
55: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 54: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
53: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 52: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
51: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/check_accessible.rb:18:in call' 50: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
49: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/providers/virtualbox/action/discard_state.rb:15:in call' 48: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
47: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:53:in call' 46: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in run'
45: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 44: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in block in run'
43: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 42: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
41: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 40: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
39: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:127:in block in finalize_action' 38: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
37: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/call.rb:43:in call' 36: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in run'
35: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/util/busy.rb:19:in busy' 34: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/runner.rb:101:in block in run'
33: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builder.rb:180:in call' 32: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/warden.rb:48:in call'
31: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/action/builtin/graceful_halt.rb:50:in call' 30: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/lib/vagrant/machine.rb:283:in guest'
29: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/communicator.rb:106:in ready?' 28: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:110:in timeout'
27: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/communicator.rb:107:in block in ready?' 26: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:70:in cmd'
25: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/connection.rb:42:in shell' 24: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:71:in block in cmd'
23: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:138:in execute_with_rescue' 22: from /opt/vagrant/embedded/gems/2.3.2/gems/vagrant-2.3.2/plugins/communicators/winrm/shell.rb:144:in handle_output'
21: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:in run' 20: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in with_command_shell'
19: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:in open' 18: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in retryable'
17: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:in block in open' 16: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/shells/cmd.rb:54:in open_shell'
15: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:in send_request' 14: from /opt/vagrant/embedded/gems/2.3.2/gems/winrm-2.3.6/lib/winrm/http/transport.rb:236:in init_auth'
13: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:765:in post' 12: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:856:in request'
11: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1014:in do_request' 10: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1133:in protect_keep_alive_disconnected'
9: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1019:in block in do_request' 8: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1245:in do_get_block'
7: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient.rb:1299:in do_get_header' 6: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:561:in get_header'
5: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:784:in read_header' 4: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:801:in parse_header'
3: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:105:in timeout' 2: from /opt/vagrant/embedded/lib/ruby/2.7.0/timeout.rb:95:in block in timeout'
1: from /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:805:in block in parse_header' /opt/vagrant/embedded/gems/2.3.2/gems/httpclient-2.8.3/lib/httpclient/session.rb:805:in gets': execution expired (Timeout::Error)

Message: Digest initialization failed: initialization error

==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
DC01: Adapter 1: nat
DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
DC01: 3389 (guest) => 2204 (host) (adapter 1)
DC01: 5985 (guest) => 2205 (host) (adapter 1)
DC01: 5986 (guest) => 2206 (host) (adapter 1)
DC01: 22 (guest) => 2207 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
DC01: WinRM address: 127.0.0.1:2205
DC01: WinRM username: vagrant
DC01: WinRM execution_time_limit: PT2H
DC01: WinRM transport: negotiate
An error occurred executing a remote WinRM command.

Shell: Cmd
Command: hostname
Message: Digest initialization failed: initialization error

License

Hi, what is the license to this project ? can i fork-it to modify it and add a terraform deployment ?

Unable to add trusts between domain

Hi Mayfly277, thank you for the great lab. I got this issue when running task "Add trusts between domain"

I had rerun mail.yml and ad-trusts.yml many times but the issues still exist.

Bloodhound timeout & Responder not getting any connections

Hello !

BloodHound

I'm using my own host to launch the BloodHound ingestor on Linux (using Exegol as you do in your guide).
It works fine for the following command:

bloodhound.py --zip -c All -d north.sevenkingdoms.local -u brandon.stark -p iseedeadpeople -dc winterfell.north.sevenkingdoms.local

However, for the 2 next following commands I get a "Connection timed out", even though it finds the domain.

bloodhound.py --zip -c All -d sevenkingdoms.local -u [email protected] -p iseedeadpeople -dc kingslanding.sevenkingdoms.local

bloodhound.py --zip -c All -d essos.local -u [email protected] -p iseedeadpeople -dc meereen.essos.local

My guess is that LDAP connection fails for whatever reason. But why would it work for the first command?

Edit :
I've done a lot of troubleshooting and everything with Ldap3 works fine.
The Windows ingestor used (directly on the machines) works fine as well.
So my guess is the BloodHound linux ingestor (bloodhound.py) struggles with some things related to vagrant + virtualbox...

Responder

~~Still following your guide, I noticed that I didn't get any connection on Responder (even when I attempt coerced authentications).~~
~~Before the question comes, I put the right interface name and IP 👍~~

~~Is there any troubleshoot steps I should take to know what is the problem here?~~

Fix: I had a firewall activated that was blocking incoming connections for Responder. I'm still troubleshooting for BloodHound but with no success for now.

Thank you in advance!

Fails at "TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version]"

sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook main.yml

PLAY [build all] **************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************
ok: [192.168.56.23]
ok: [192.168.56.12]
ok: [192.168.56.10]
ok: [192.168.56.11]
ok: [192.168.56.22]

TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version] **********************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:02.529639", "end": "2022-11-04 16:39:26.660434", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.130795", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.23]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:02.577486", "end": "2022-11-04 16:39:26.711897", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.134410", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7392 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.10]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.594279", "end": "2022-11-04 16:39:37.952821", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.358541", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.11]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.530956", "end": "2022-11-04 16:39:37.955485", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.424529", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}
fatal: [192.168.56.22]: FAILED! => {"changed": true, "cmd": "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12\nInstall-PackageProvider -Name NuGet -Force\nInstall-Module PowerShellGet -Force", "delta": "0:00:13.531467", "end": "2022-11-04 16:39:37.993241", "msg": "non-zero return code", "rc": 1, "start": "2022-11-04 16:39:24.461774", "stderr": "Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package \r\nprovider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.\r\nAt line:2 char:1\r\n+ Install-PackageProvider -Name NuGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac \r\n kageProvider], Exception\r\n + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro \r\n vider\r\n \r\nException calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and \r\nPrompt functionality is not available."\r\nAt C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8\r\n+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [], MethodInvocationException\r\n + FullyQualifiedErrorId : PSInvalidOperationException\r\n \r\nInstall-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' \r\nor newer version of NuGet provider is installed.\r\nAt line:3 char:1\r\n+ Install-Module PowerShellGet -Force\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException\r\n + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module", "stderr_lines": ["Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package ", "provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.", "At line:2 char:1", "+ Install-PackageProvider -Name NuGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac ", " kageProvider], Exception", " + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro ", " vider", " ", "Exception calling "ShouldContinue" with "2" argument(s): "Windows PowerShell is in NonInteractive mode. Read and ", "Prompt functionality is not available."", "At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7455 char:8", "+ if($Force -or $psCmdlet.ShouldContinue($shouldContinueQueryMessag ...", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : NotSpecified: (:) [], MethodInvocationException", " + FullyQualifiedErrorId : PSInvalidOperationException", " ", "Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' ", "or newer version of NuGet provider is installed.", "At line:3 char:1", "+ Install-Module PowerShellGet -Force", "+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException", " + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module"], "stdout": "", "stdout_lines": []}

PLAY RECAP ********************************************************************************************************************************************
192.168.56.10 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.11 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.22 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=1 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0

WSL Migration

I'm working on getting GOAD to launch on the Windows host by using Vagrant within WSL. The process is working up to the winrm connection. Vagrant is trying to connect to 127.0.0.1 but I need to to use the Windows host address instead. Where do I change that? It's not jumping out at me in the Vagrantfile.

Nested Virtualization

Setup : Windows 10 machine - host , with virtualbox installed
- VirtualBox with Ubuntu 22 guest trying to clone and setup project
- error after running "vagrant up"

After a lot of troubleshooting : i disabled the hyperv in my windows host and enabled nested virtualization on virtualbox.
I also have vmware and i read somewere it might not play nice with the resources with virtualbox.
Any ideas?

Using Parallels to run the lab

FYI, I'm looking into running the lab on a Mac M1 using Parallels instead of VirtualBox (not sure if that it's even possible).

The first issue I ran into is the fact that there are no box available for the Parallels provider.

I checked to see if I could build them myself and ran into this issue: StefanScherer/packer-windows#320

We can keep this issue open to track the progress.

WinRM Initialization Error

OS And Relevant Info

Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy

Vagrant: 2.2.19
Ansible: Core 2.12.6

Issue

Running Vagrant Up results in WinrRM Error:

Edited: Included additional output

(.venv) test@AD-Lab:~/Desktop/GOAD$ vagrant up --provision
Bringing machine 'DC01' up with 'virtualbox' provider...
==> DC01: Importing base box 'StefanScherer/windows_2019'...
==> DC01: Matching MAC address for NAT networking...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Setting the name of the VM: GOAD_DC01_1657733508313_12037
==> DC01: Clearing any previously set network interfaces...
==> DC01: Preparing network interfaces based on configuration...
    DC01: Adapter 1: nat
    DC01: Adapter 2: hostonly
==> DC01: Forwarding ports...
    DC01: 3389 (guest) => 3389 (host) (adapter 1)
    DC01: 5985 (guest) => 55985 (host) (adapter 1)
    DC01: 5986 (guest) => 55986 (host) (adapter 1)
    DC01: 22 (guest) => 2222 (host) (adapter 1)
==> DC01: Running 'pre-boot' VM customizations...
==> DC01: Booting VM...
==> DC01: Waiting for machine to boot. This may take a few minutes...
    DC01: WinRM address: 127.0.0.1:55985
    DC01: WinRM username: vagrant
    DC01: WinRM execution_time_limit: PT2H
    DC01: WinRM transport: plaintext
An error occurred executing a remote WinRM command.

Shell: Cmd
Command: hostname
Message: Digest initialization failed: initialization error

Debug Output

debug_log.txt

DC01 Aborted

All the servers startup except DC01. When I start it, SRV03 is aborted. Is that a resource issue? I have 32GB memory and 1TB storage,

Thanks

Use VMWare Fusion as the provider on a mac M1

This issue is just in case someone attempt to do the same thing. I did not go further.

VMware Fusion: 13.0.0
Vagrant: 2.3.4
OS: Ventura

❯ vagrant up --provider vmware_desktop
Bringing machine 'DC01' up with 'vmware_desktop' provider...
Bringing machine 'DC02' up with 'vmware_desktop' provider...
Bringing machine 'DC03' up with 'vmware_desktop' provider...
Bringing machine 'SRV02' up with 'vmware_desktop' provider...
Bringing machine 'SRV03' up with 'vmware_desktop' provider...
==> DC01: Box 'StefanScherer/windows_2019' could not be found. Attempting to find and install...
    DC01: Box Provider: vmware_desktop, vmware_fusion, vmware_workstation
    DC01: Box Version: 2021.05.15
==> DC01: Loading metadata for box 'StefanScherer/windows_2019'
    DC01: URL: https://vagrantcloud.com/StefanScherer/windows_2019
==> DC01: Adding box 'StefanScherer/windows_2019' (v2021.05.15) for provider: vmware_desktop
    DC01: Downloading: https://vagrantcloud.com/StefanScherer/boxes/windows_2019/versions/2021.05.15/providers/vmware_desktop.box
==> DC01: Successfully added box 'StefanScherer/windows_2019' (v2021.05.15) for 'vmware_desktop'!
==> DC01: Cloning VMware VM: 'StefanScherer/windows_2019'. This can take some time...
==> DC01: Checking if box 'StefanScherer/windows_2019' version '2021.05.15' is up to date...
==> DC01: Verifying vmnet devices are healthy...
Vagrant failed to create a new VMware networking device. The following
error message was generated while attempting to create a new device:

  Networks with custom subnet/mask values are not supported on this platform

Please resolve any problems reported in the error message above and
try again.

Requirements:

Install the vagrant plugin for the vmware provider:

vagrant plugin install vagrant-vmware-desktop

Install Vagrant VMware Utility (invalid certificate cf: hashicorp/vagrant-vmware-desktop#56):

https://developer.hashicorp.com/vagrant/downloads/vmware

How is this intended to be started after deployment?

Is this meant to be started from a certain user on a certain box? Or do you domain join your own box to start? Or just start on the same subnet and attack from the outside of AD?

Elk config failing on agent deployment

Post ansible config of the server i circled back to configure elk, however it fails when checking if chocolatey is installed, with the following error

fatal: [192.168.56.11]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe install chocolatey-core.extension --fail-on-unfound --yes --no-progress --limit-output --timeout 2700", "msg": "Error installing package(s) 'chocolatey-core.extension'", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Installing the following packages:\r\nchocolatey-core.extension\r\nBy installing, you accept licenses for the packages.\r\nchocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\nchocolatey-core.extension package files install failed with exit code 1. Performing other installation steps.\r\nThe install of chocolatey-core.extension was NOT successful.\r\nchocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\n\r\nChocolatey installed 0/1 packages. 1 packages failed.\r\n See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).\r\n\r\nFailures\r\n - chocolatey-core.extension (exited 1) - chocolatey-core.extension not installed. An error occurred during installation:\r\n The remote server returned an error: (429) Too Many Requests. Too Many Requests\r\n", "stdout_lines": ["Installing the following packages:", "chocolatey-core.extension", "By installing, you accept licenses for the packages.", "chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests", "chocolatey-core.extension package files install failed with exit code 1. Performing other installation steps.", "The install of chocolatey-core.extension was NOT successful.", "chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests", "", "Chocolatey installed 0/1 packages. 1 packages failed.", " See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).", "", "Failures", " - chocolatey-core.extension (exited 1) - chocolatey-core.extension not installed. An error occurred during installation:", " The remote server returned an error: (429) Too Many Requests. Too Many Requests"]}

It does how ever appear to work on SRV03 !

Not able to setup DC02 system, ansible script throwing error while setting password policy

TASK [password_policy : set password policy] *****************************************************************************
fatal: [192.168.56.11]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "Set-ADDefaultDomainPasswordPolicy", "category": "ResourceUnavailable", "category_id": 21, "reason": "ADServerDownException", "target_name": "WORKGROUP", "target_type": "ADDefaultDomainPasswordPolicy"}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233088, "inner_exception": {"help_link": null, "hresult": -2146233088, "inner_exception": null, "message": "Unable to find a default server with flags: 'Writable | ADWS | ReturnDnsName'.", "source": null, "type": "Microsoft.ActiveDirectory.Management.ADException"}, "message": "Unable to find a default server with Active Directory Web Services running.", "source": "Microsoft.ActiveDirectory.Management", "type": "Microsoft.ActiveDirectory.Management.ADServerDownException"}, "fully_qualified_error_id": "ActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy", "output": "Set-ADDefaultDomainPasswordPolicy : Unable to find a default server with Active Directory Web Services running.\r\nAt line:19 char:1\r\n+ Set-ADDefaultDomainPasswordPolicy -Identity $Domain -AuthType Negotia ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResourceUnavailable: (WORKGROUP:ADDefaultDomainPasswordPolicy) \r\n[Set-ADDefaultDomainPasswordPolicy], ADServerDownException\r\n + FullyQualifiedErrorId : \r\nActiveDirectoryServer:1355,Microsoft.ActiveDirectory.Management.Commands.SetADDefaultDomainPasswordPolicy\r\n \r\n", "pipeline_iteration_info": [0, 1], "script_stack_trace": "at , : line 19", "target_object": {"AddedProperties": [], "ComplexityEnabled": null, "LockoutDuration": null, "LockoutObservationWindow": null, "LockoutThreshold": null, "MaxPasswordAge": null, "MinPasswordAge": null, "MinPasswordLength": null, "ModifiedProperties": [], "PasswordHistoryCount": null, "PropertyCount": 0, "PropertyNames": [], "RemovedProperties": [], "ReversibleEncryptionEnabled": null}}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}

PLAY RECAP ***************************************************************************************************************
192.168.56.11 : ok=27 changed=6 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0

specify VMs installation

how can i change the installation path for all vagrant VMs? i wanna setup the lab in a separate ssd partition.

MAC OSX: Multiprocessing causes Python to crash and gives an error may have been in progress in another thread when fork() was called

FIX For MAC users:
Run 'export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES' before 'ansible-playbook main.yml'

ADDSForest fails on DC01

fatal: [172.24.126.10]: FAILED! => {"changed": true, "msg": "Failed to install ADDSForest, DCPromo exited with 54: The operation failed with the following error:\r\n\r\nThe specified procedure could not be found.\r\n", "reboot_required": false}

Any info on this one ?

Many thanks for the project !

parameter name 'AcceptLicense'

TASK [common : Windows | Check for ComputerManagementDsc Powershell module] ***********************************************************************************************************************************************************************************************************************************************
fatal: [192.168.56.12]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.23]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.22]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.10]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}
fatal: [192.168.56.11]: FAILED! => {"changed": true, "msg": "Problems installing ComputerManagementDsc module: A parameter cannot be found that matches parameter name 'AcceptLicense'.", "nuget_changed": true, "output": "", "repository_changed": false}

is like community.windows galaxy don't work as execpt
i have install this module on dc1 and got this after:

if someone can help me to pass this error, thanks in advance

ansible-playbook main command errors

I am getting these 2 errors in the ansible-playbook main command:

TASK [settings/hostname : Reboot if needed] ****************************************************************************************************************************************
changed: [192.168.56.12]
changed: [192.168.56.23]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.11]: FAILED! => {"changed": true, "elapsed": 630, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.10]: FAILED! => {"changed": true, "elapsed": 637, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Timed out waiting for last boot time check (timeout=600.0)
fatal: [192.168.56.22]: FAILED! => {"changed": true, "elapsed": 648, "msg": "Timed out waiting for last boot time check (timeout=600.0)", "rebooted": true, "unreachable": false}

TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************
fatal: [192.168.56.23]: FAILED! => {"added": [], "changed": false, "msg": "Failed to translate the account 'essos.local\sql_svc' to a SID", "removed": []}

PLAY RECAP *************************************************************************************************************************************************************************
192.168.56.10 : ok=14 changed=8 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.11 : ok=14 changed=8 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.12 : ok=30 changed=19 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
192.168.56.22 : ok=13 changed=7 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
192.168.56.23 : ok=41 changed=21 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0

Is there a simple command or process I can utilize to resolve this issue?

Ansible Task "disable interface Ethernet before join domain" fails

Hello,

when running the ansible-playbook main.yml, the script runs into the following issue:

TASK [child_domain : disable interface Ethernet before join domain] *******************************************************
fatal: [172.18.100.11]: FAILED! => {"changed": true, "cmd": "netsh interface set interface \"Ethernet\" disable", "delta": "0:00:00.906198", "end": "2022-07-22 06:32:15.861635", "msg": "non-zero return code", "rc": 1, "start": "2022-07-22 06:32:14.955437", "stderr": "", "stderr_lines": [], "stdout": "No more data is available.\r\n\r\n\r\n", "stdout_lines": ["No more data is available.", "", ""]}

From my first look at the issue, this appears to be cause by the fact that the standard network interface in Server 2019 is called "Ethernet0" instead of "Ethernet".

The server itself is reachable though.
Any help would be appreciated.

Host Unreachable on 5986

For one host I am getting unreachable,

<192.168.56.22> ESTABLISH WINRM CONNECTION FOR USER: vagrant on PORT 5986 TO 192.168.56.22
fatal: [192.168.56.22]: UNREACHABLE! => {
    "changed": false,
    "msg": "ssl: HTTPSConnectionPool(host='192.168.56.22', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x10bfd7820>, 'Connection to 192.168.56.22 timed out. (connect timeout=500)'))",
    "unreachable": true
}

ansible fatal: [192.168.x.x]: UNREACHABLE

Provisioning the VMs with ansible fails immediately due to not being able to reach the network.Output below. Have tried to then statically set the IP addresses on the Windows VMs however this also does not resolve the issue.

ansible-playbook main.yml
[WARNING]: Could not match supplied host pattern, ignoring: srv01

PLAY [build all] ******************************************************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************************************
^C [ERROR]: User interrupted execution
^C
ansible-playbook build.yml
[WARNING]: Could not match supplied host pattern, ignoring: srv01

TASK [Gathering Facts] ************************************************************************************************************************************************************************************
fatal: [192.168.56.10]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.10', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c490>, 'Connection to 192.168.56.10 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.22]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.22', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.22 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.11]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.11', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.11 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.12]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.12', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.12 timed out. (connect timeout=500)'))", "unreachable": true}
fatal: [192.168.56.23]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='192.168.56.23', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f90e419c580>, 'Connection to 192.168.56.23 timed out. (connect timeout=500)'))", "unreachable": true}

PLAY RECAP ************************************************************************************************************************************************************************************************
192.168.56.10 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.11 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.12 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.22 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
192.168.56.23 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0

Instructional Video for Installation

Are they any instructional videos on how to build this? I have a laptop with 1TB SSH and 32 GB mem. It is running Ubuntu Desktop 22.04. Do I install Vbox and then another Ubuntu VM and then follow the instructions? How much ram and storage do I give the VM? Can I run vbox on Windows with a Ubuntu VM?

Thanks

Vagrant / Ansible fail

Manually adding an optical drive and installing guest additions seems to solve the problem.

All servers unreachable

Hey guys, who can help me with this problem? a friend of mine said that the problem of not working is because of memory, but, I don't know if that's the problem, I checked the machines and their ip is different, DC01 for example has ip 192.168.56.101

DC02 - FAILED - RETRYING: [192.168.56.11]: Create user

There's an error while creating users arya.stark, eddard.stark, catelyn.stark and robb.stark.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475
failed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',
...
"msg": "Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."}+

Thanks in advanced.

orange-cyberdefense / goad Goto Github PK

goad's Introduction

Description

Licenses

Available labs

Requirements

tldr; quick install

Installation

Check before install

Install

goad.sh options

Provisioning

WriteUp

Troubleshoot

Road Map

Road Map for other labs (because these are too heavy for being embedded in goad)

Lab organization

Special Thanks to

Socials

Links

Note

goad's People

Contributors

Stargazers

Watchers

Forkers

goad's Issues

domain_server: "{{domain_server}}"

BloodHound

Responder

OS And Relevant Info

Issue

Debug Output

Recommend Projects

Recommend Topics

Recommend Org