Skip to content

Primusinterp/ludus-ad-vulns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
defaults
defaults
 
 
meta
meta
 
 
tasks
tasks
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ludus-ad-vulns

Ansible Role: Active Directory Vulnerabilities (Ludus)

An Ansible Role that adds vulnerabilities in an Active Directory.

The role can add the following vulnerabilities:

  • Kerberoastable user
  • Add ACL to AD objects
  • Set unconstrained delegation for a user
  • Add open network shares

I plan to add more vulnerabilities to this role, as they become needed on my ranges.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

Warning

Everything should be configured in the range configuration.

Variables used when configuring a Kerberoastable user:

# SAM account name for the user that you will add an SPN to
user.identity: fives

# The Service Principal Name (SPN) value
user.service_principal_name: HTTP/ArcTraining

Variables used when configuring a user for unconstrained delegation:

# SAM account name for the user that you will add unconstrained delegation to
user.identity: cody

Variables used when configuring a machine for unconstrained delegation:

# machine name for the system that you will add unconstrained delegation to
machine_name: maldev-srv1-2022

Variables used when configuring ACLs for AD objects:

# The object you want to assign the ACL for
acl.value.for: "cptrex"

# The object you want to assign the ACL to
acl.value.to: "CN=Bounty Hunters,OU=Bounty Hunters,DC=maldev,DC=local"

# The ACL that you wish to apply
acl.value.right: "GenericAll"

# Whether the ACL should have inheritance (e.g., None, All)
acl.value.inheritance: "None"

#This will give cptrex GenericAll over the Bounty Hunters group

Variables used to include vulnerabilities:

# Vulnerabilities default to false, allowing you to cherry-pick which vulnerabilities you want to apply to each host

ludus_ad_vulns_openshares: false
ludus_ad_vulns_kerberoasting: false
ludus_ad_vulns_unconstrained_delegation_user: false
ludus_ad_vulns_set_acl: false
ludus_ad_vulns_unconstrained_delegation_machine: false

Example Ludus Range Config

  - vm_name: "{{ range_id }}-ad-dc-win2022-server-x64-1"
    hostname: "{{ range_id }}-DC01"
    template: win2022-server-x64-template
    vlan: 10
    ip_last_octet: 11
    ram_gb: 4
    cpus: 4
    windows:
      sysprep: true
    domain:
      fqdn: maldev.local
      role: primary-dc
    roles:
      - ludus-ad-vulns
    role_vars:
      ludus_ad_vulns_openshares: true
      ludus_ad_vulns_kerberoasting: true
      kerberoasting_users:
      - identity: fives
        service_principal_name: HTTP/ArcTraining

      ludus_ad_vulns_unconstrained_delegation_user: true
      unconstrained_delegation_user: 
      - identity: cody 

      ludus_ad_vulns_set_acl: true
      acl_definitions:
        grant_generic_all_from_cptrex_to_bounty_group:
          for: "cptrex"
          to: "CN=Bounty Hunters,OU=Bounty Hunters,DC=maldev,DC=local"
          right: "GenericAll"
          inheritance: "None"   
      ludus_ad_vulns_unconstrained_delegation_machine: true
      unconstrained_delegation_machine:
      - machine_name: maldev-srv1-2022

License

GPLv3

Author Information

This role was created by Primusinterp, for Ludus.

About

Ludus role that adds vulnerabilities in an Active Directory.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

16 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors