Post

GOAD AD deployment with Windows

Posted Updated
By iptracej 8 min read

GOAD Lab Setup for Windows

GOAD is a pentest Active Directory LAB project. There are so many nice attack scenarios that you can practice to gain the experiences on AD hacking. This lab is basically designed to deploy on Linux with the virtualization technology including virtualbox and VMware, but you can deploy it on Windows or in the cloud.

I Installed GOAD in Windows OS environment. This blog describes how I deployed the GOAD with Windows OS. Lucky, I had a good Dell Windows 11 Pro machine with 64 GB memory and 4TB hard disk. I also already purchased VMWare Professional license while ago. I checked issues page in the GOAD github site and discord that everyone is struggling to deploy GOAD into nested virtualization or WSL, so I decided to deploy the GOAD in the environment straight to Windows OS without having any newer or nested virtualization. Lie… I tried both environments, but did not work ;).

My Environment

Here is my basic environment.

  • Windows 11 Professional OS
  • VMWare Workstation 17 Professional (Probably, Virtualbox would also work)
  • Python 3.11.5 (>= python3.8)
  • Git 2.35.1
  • No Hyper-V or WSL features turned on

I will not describe the details of how you install the technology above. I assume that you know how to do.

GOAD Requirements in Windows

GOAD would need 8cpu/32 GB RAM with 200 GB hard desk space in general. They will deploy 5 (or more) machines with 2 CPU and 4 GB memory for each machine. Here is the diagram that GOAD will deploy. It is reasonably complex.

GOAD uses Vagrant as primary tool to deploy Virtual Machines and Ansible to install components/features and configure the environment. For specific Windows requirements, you will need to install an additional Ubuntu or any other Linux machine that deploys ansible playbooks to configure the environment.

To complete the deployment, you basically run Vagrant in Windows OS directly and run ansible in Linux VM in VMware. When you run a command on Windows, always good to open a terminal with Administrative privilege.

Vagrant Installation in Windows

Here is Vagrant software I used to deploy GOAD. There are suggestions that we should use older Vagrant software in discord (weird, but…), so I followed their suggestions.

1
2
3
4
5
6
7
8
9

# Vagrant 2.3.4
# Download the msi and double-click to install the software

# Vagrant VMare Desktop plugin 3.0.2
# Open a terminal on Windows and run the following command
vagrant plugin install vagrant-vmware-desktop --plugin-version 3.0.2

# Vagrant VMWare Utility
# Download the package and double-click to install the software

GOAD Configuration Update

Clone the github content and modify Vagrantfile for VMware envionrment

1
2
3
4
5
6
7

# Download the content 
git clone https://github.com/Orange-Cyberdefense/GOAD

# Update the configuration files 
cd GOAD 
notepad Vagrantfile
notepad ad/sevenkingdoms.local/inventory

There are two files that you have to update as in above. The task is pretty easy. Just take a look at README.md and follow the instruction.

Note: I had some hardware issues when running vagrant commands. So you may want to run ‘check disk’ and ‘defragment’ on hard disk before you install the VMs. Open ‘File Explorer’ and select ‘This PC’. Right-click the drive containing Windows OS (usually C:) and select ‘Properties’. Navigate to the ‘Tools’ tab and click ‘Check’ and then ‘Optimize’.

Windows Virtual Machine (VM) Deployment

Surprisingly easy step. Just run the one command.

1
2
3
4

# Open up a terminal on Windows and run the following command. 
vagrant up

# They will deploy Ethernet0 for NAT (192.168.57.0/24) and Ethernet1 for HostOnly Network (192.168.56.0/24). Check the network assignment in ad/sevenkingdoms.local/inventory.

You will encounter several errors during the deployment where the vagrant will download and install the Windows VMs. Based on my experience, most issues were related to network adaptors or some configuration files in VMWare (Conflicting adaptor name or/and IP address range, etc). Fix them and run the ‘vagrant up’ command again. It will eventually complete deploying all VMs.

All VM machines are stored in your GOAD\.vagrant\machines directory. I opened up all VMs in VMWare to see the machine status.

Ubuntu Installation on VMWare

Now it is time to install a linux machine in VMware to deploy ansible playbooks. The critical requirement is that this machine should be connected to the same network as in those Windows VM machines. I used the Ubuntu 22.04.3 where I downloaded the iso here and installed it. I followed the GUI steps and configure the Ubuntu. I ensured that the same two network adaptors (one for NAT and the other for Host-Only) are configured and assigned the network address to communicate to the Windows VMs.

Now, I felt that I should log-in to the Windows VMs and enable ping communication. So I did with vagrand:vagrand credentials to login and enabled the ICMP protocol via Windows Defender Firewall with Advanced Security mmc. I was able to confirm that Ubuntu can ping to all Windows VM using both NAT and Host-Only networks. Follow the tutorial

1
2
3

# Ping from Ubuntu 
ping 192.169.56.10          # Host-Only network address
ping 192.168.57.xx          # NAT network address

Docker on Ubuntu

Let’s deploy ansible playbooks for GOAD AD environment. First of all you will deploy the docker. Based on GOAD README, you could install without the docker, but I am lazy not to have a docker. Follow the instruction.

Clone github content again in Ubuntu

You will download the GOAD github content again to the Ubuntu machine by running the following command, and update the configuration files.

1
2
3
4
5
6
7

# Download the content 
git clone https://github.com/Orange-Cyberdefense/GOAD

# Update the configuration files 
cd GOAD 
vim Vagrantfile # (We may not require this file to update for ansible)
vim ad/sevenkingdoms.local/inventory

Ansible on Ubuntu

Here are only two commands that you have to have to deploy Ansible playbooks. Again surprisingly easy.

1
2
3
4
5
6
7
8
9
10
11
12
13

# Prepare the container
# Ensure that you are in the GOAD directory
sudo docker build -t goadansible .

# Launch the provision 
sudo docker run -ti --rm --network host -h goadansible -v $(pwd):/goad -w /goad/ansible goadansible ansible-playbook -i ../ad/sevenkingdoms.local/inventory main.yml

# This will launch ansible on the docker container.
# The --network host option will launch it on your host network so the vms should be accessible by docker for 192.168.56.1/24
# The -v mount the local repository containing goad in the folder /goad of the docker container
# The -i indicate the inventory to use with ansible
# And than the playbook main.yml is launched
# Please note that the vms must be in a running state, so vagrant up must have been done and finished before launching the ansible playbook.

Be warned that this will take a time to complete. Easily a couple of hours at the first time. Next time you run the Ansible again, they will only check the installations and update some configuration required, bit shorter but still a half to one hour to wait.

Final words - Fight with errors

During the deployment of Ansible playbooks, certain errors may arise. These errors, although appearing on multiple machines, may originate from an issue (most likely network, network adaptor, service not started correctly so rebooting required, etc.) on a single VM. For example, I had multiple errors and the ansible stopped at the ADCS configuration. I saw that the initial error started with an unavailability of an RPC server in one machine. A solution was to reboot the machine and re-ran the Ansible playbook. Upon subsequent execution, the playbook installed and configured the necessary features to fix remaining issues. It is good to address initial issues, as this can aid in the resolution of subsequent problems. For further assistance, consult the Github issue page or pose queries on Discord. I have shared my questions and solutions to error issues on these platforms for your reference. In some instances, manual operation may be required; you might need to log into Windows VMs and update configurations before running Ansible again

Do not forget running the vagrant snapshot. I lost some VMs and had to re-configure the whole due to un-recoverable blue-screen a few times when the OS rebooted and VMware just powered off the VMs.

1
2
3

# Create snapshot them and restore them when needed
vagrant snapshot save initial-setup
vagrant snapshot restore initial-setup

Also it is good to practice vagrant up and halt when VMs are needed to shutdown and go up.

1
2
3

# Start and shutdown the VMs gracefully. For VMware, you may see WARNING messages on VMX file for VMWare. 
vagrant up    
vagrant half

To attack the GOAD lab, I installed a new Kali linux and Commando VM with my ansible configuration. I will write the instructions in the future.

Here is the first blog of several attack scenarios by GOAD author - https://mayfly277.github.io/posts/GOADv2-pwning_part1/. I am excited to going through the scenarios and check the content. I will definitely practice until AD hacking becomes one of my muscle memories ; ).

Additionally, you could configure any SIEM solution and monitor/analyze the attack behaviors like ADCS. GOAD has some option to install ELK to monitor them. Happy AD hacking!

AD, Pentesting
blog
This post is licensed under CC BY 4.0 by the author.