• Stars
    star
    1,933
  • Rank 23,975 (Top 0.5 %)
  • Language
    PowerShell
  • License
    MIT License
  • Created over 4 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

Vulnerable-AD

Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab

Main Features

  • Randomize Attacks
  • Full Coverage of the mentioned attacks
  • you need run the script in DC with Active Directory installed
  • Some of attacks require client workstation

Supported Attacks

  • Abusing ACLs/ACEs
  • Kerberoasting
  • AS-REP Roasting
  • Abuse DnsAdmins
  • Password in Object Description
  • User Objects With Default password (Changeme123!)
  • Password Spraying
  • DCSync
  • Silver Ticket
  • Golden Ticket
  • Pass-the-Hash
  • Pass-the-Ticket
  • SMB Signing Disabled

Example

# if you didn't install Active Directory yet , you can try 
Install-windowsfeature AD-domain-services
Import-Module ADDSDeployment
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true
# if you already installed Active Directory, just run the script !
IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

TODO

  • Play with workstations !
  • Click close issue button on github

More Repositories

1

sam-the-admin

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Python
970
star
2

PE-Linux

Linux Privilege Escalation Tool By WazeHell
Shell
182
star
3

CVE-2024-32002

CVE-2024-32002 RCE PoC
Shell
95
star
4

LightMe

HTTP Server serving obfuscated Powershell Scripts/Payloads
PowerShell
91
star
5

metateta

Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit
Python
83
star
6

CVE-2018-6389

CVE-2018-6389 Exploit In WordPress DoS
Python
81
star
7

android-usb-pwn

simple script to pwn android phone with physical access
Shell
24
star
8

remote-adb-scan

pure python remote adb scanner + nmap scan module
Lua
22
star
9

exchange-cves-scanner

Small tool to scan On-Premises Exchange servers, useful for analytical purposes and patch management
Python
20
star
10

redblock

RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to easily block all IPs associated with hosting and cloud infrastructure, as well as known sandbox environments.
C
18
star
11

acunetix-python

Acunetix Python API
Python
14
star
12

edge-hot-delivery

edge --> powerpoint --> remote-file --> shell
HTML
14
star
13

takeoverit

Simple And Fast Subdomain Take Over Checker
Python
10
star
14

HVNC-POC

HVNC using virtual desktop
C++
9
star
15

nmap-output-analyzer

xml nmap output analyzer using python
Python
6
star
16

Egyptian-national-identity

Egyptian national identity Generator for testing purposes
Python
5
star
17

frida-things

some frida scripts
Python
4
star
18

procinj-csharp

Process Injection techniques implemented in C#.
C#
4
star
19

1-to-0

Privilege Escalation From 1 to 0 (Workshop Slides)
3
star
20

github-repos-cve

Search CVE numbers in GitHub repos
Python
2
star
21

HideImports

C++
2
star
22

WazeHell

wazehell BIO
1
star