Hack The Planet 🌎

Guide to install Game of Active Directory (GOAD) on VMware_ESXI

Guide to install Game of Active Directory (GOAD) on VMware_ESXI

GOAD Deployment on ESXI Sphere 8 from scratch

Zeeshan Mustafa's photo
Zeeshan Mustafa
·

4 min read

Good day Mates!
For quite some time, I have been intending to address this matter, albeit various commitments have continuously impeded its realization.

Requirements

For GOAD installation on ESXI you need to download the following tools

  1. create an ubuntu machine on ESXI server

  2. ovftool —> install it on the ubuntu machine

  3. pywinrm and ansible —> install it on the ubuntu machine

  4. winrm —> install it on the ubuntu machine

  5. winrm-fs —> install it on the ubuntu machine

  6. winrm-elevated —> install it on the ubuntu machine

  7. GOAD repository

STEP 1

Vagrant installation on Ubuntu Machine

  1. mkdir tools

  2. cd tools

  3. wgethttps://releases.hashicorp.com/vagrant/2.3.7/vagrant_2.3.7-1_amd64.deb

  4. dpkg -i vagrant_2.3.7-1_amd64.deb

STEP 2

install vagrant vmware esxi plugins

  1. vagrant plugin install vagrant-vmware-esxi

  2. vagrant plugin install vagrant-reload

  3. vagrant plugin install vagrant-vmware-desktop

  4. vagrant plugin install winrm

  5. vagrant plugin install winrm-fs

  6. vagrant plugin install winrm-elevated

install Ansible and pywinrm

  1. pip3 install --include-deps ansible

  2. pip3 install ansible-core

  3. pip3 install ansible-core==2.12.3

  4. pip3 install pywinrm

STEP 3

Download the Goad repository from the Github and configure some initial files for vmware_esxi compatibility

git clonehttps://github.com/Orange-Cyberdefense/GOAD

in this directory GOAD/ansible install the “requirements.yml” file using the following command —> ansible-galaxy install -r ansible/requirements.yml

STEP 4

In the main directory of the “GOAD” remove the previous goad.sh file and use the provided goad.sh file and replace the old file with this new one provided file.

Create a directory called “vmware_esxi” in this directory → “/GOAD/ad/GOAD-Light/providers”

Now we have the directory called “/GOAD/ad/GOAD-Light/providers/vmware_esxi”

STEP 5

Now go back to the main GOAD directory and run the goad.sh

Now run the goad.sh using the follwing command:

bashgoad.sh-t check -l GOAD-LIGHT -p vmware_esxi -m local

→ 2 file will be generated they will be Vagrantfile and inventory

→ Replace these two files with these Vagrantfile & inventory in the "/GOAD/ad/GOAD-Light/providers/vmware_esxi" directory.

Note: if you want to change the ips of DC01, DC02, SRV02 you have to change the ips inside the inventory file too. This will be used with ansible-playbook while installing the vulnerable AD-set.

STEP 6

Install the OVFTOOL in the ubuntu machine

Since our ESXI version is 8.0.2 we will download the latest version of ovftool which is “v4.6.2” from “developer.vmware.com/web/tool/4.6.2/ovf-tool”

download-Link with the wget command :

wgethttps://vdc-download.vmware.com/vmwb-repository/dcr-public/8a93ce23-4f88-4ae8-b067-ae174291e98f/c609234d-59f2-4758-a113-0ec5bbe4b120/VMware-ovftool-4.6.2-22220919-lin.x86_64.zip

Unzip the ovftool file by the follwing command

unzip VMware-ovftool-4.6.2-22220919-lin.x86_64.zip

echo $PATH

cd ovftool

pwd

export PATH=/home/management/tools/ovftool:/home/management/.local/bin:/usr/local/sbin:/usr/local/bin:/ usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

STEP 7

Configuring the IP addresses automatically assigned by the vagrant in the provisioning files

Go to the following directory and configure the IP addresses → “/GOAD/ad/GOAD-Light/providers/vmware_esxi”

edit the files as in the screenshots

STEP 8

DEPLOYING WINDOWS ACTIVE DIRECTORY MACHINES ON ESXI sever

Go to the following directory “ad/GOAD-Light/providers/vmware_esxi/” Then run the follwing command: vagrant up

check the adapters of the machines deployed using the vagrant up command

POC of the network adapter of the ubuntu machine

Ubuntu Machine is on the same network as the DCO1 Adapters

POC: we don't need to change the adapters in order for the provisioning to work properly both of the adapters should be on the same network like in the following screenshots

This is the network scheme of all the machines

Important Note: Goad provisioning file considering Ethernet0 as the domain adapter and Ethernet1 as the NAT adapter. We will configure the domain adapter IP addresses in the inventory and the Vagrant file before provisioning.

DCO1

Ethernet adapter Ethernet0: IPv4 Address. . . . . . . . . . . : 172.70.0.70

Ethernet adapter Ethernet1: IPv4 Address. . . . . . . . . . . : 172.70.0.71

DC02

Ethernet adapter Ethernet0: IPv4 Address. . . . . . . . . . . : 172.70.0.74

Ethernet adapter Ethernet1: IPv4 Address. . . . . . . . . . . : 172.70.0.75

SRV02

Ethernet adapter Ethernet0: IPv4 Address. . . . . . . . . . . : 172.70.0.68

Ethernet adapter Ethernet1: IPv4 Address. . . . . . . . . . . : 172.70.0.69

STEP 9

Start the provisioning using the ansible

Go to the following directory “/GOAD/ansible”

Run the following command before provisioning:

export ANSIBLE_COMMAND="ansible-playbook -i ../ad/GOAD-Light/data/inventory -i ../ad/GOAD-Light/ providers/vmware_esxi/inventory"

Run the following command to run the provisioning: ../scripts/provisionning.sh

Special Thanks to my friend Syed Asadullah for the help especially in networking part he has done a great job.

Game of active directoryGOADredteamingActive Directorypentestinghacking
Â