Skip to content
  • Home
  • OWASP Top 10
  • Bug bounty hunting
  • About
  • Contact
  • How to support
active directory lab setup

Easy and free Active Directory lab setup

October 21, 2022 by thehackerish

In this article, you will build your personal Active Directory lab, for free, to practice Active Directory hacking.

If you are a cyber security student or a pentester, you should definitely learn how Active Directory works and how to hack it. In fact, it is used by almost all the customers you will be serving in your career. Therefore, you will add a great value to your hacking skills.

Here is the problem: There is abundant Active Directory hacking knowledge on the internet, but very few good labs to develop and practice your skills.

Deploy your Active Directory lab

Some of you would tell me, just build your own Active Directory lab at home! I have tried it, and it’s a PAIN, especially when you are barely starting to learn this topic. Firstly, you need a beefy machine to host at least 3 machines, Then, you’d have to configure each one. Finally, you have to create a vulnerable situation to exploit, which drains all the fun out of it. And let’s not talk about troubleshooting the issues you will surely encounter during the lab development!

How this Active Directory lab solves those problems?

To address the issues previously stated, here is how this lab is unique:

  1. You don’t need to buy a high-performing machine: All the lab will be deployed on the Azure cloud with no costs thanks to the generous 13 months of trial access. If you are a student, you get to sign up without a credit card!
  2. You don’t need to configure anything: The lab comes with automated scripts that guarantee stable deployment and configuration of all the lab components. Plus, you can destroy the lab in minutes using only one command.
  3. You don’t need to configure an attack scenario: This Active Directory lab comes with BloodHound, which deploys a random Active Directory configuration full of attacks paths that you can discover and exploit. Every-time you deploy the lab, you get a totally different configuration. What a practice Eldorado!

Does it sound too good to be true? Well, here is how you can set it up right now!

Step 1: Create an Azure tenant and a resource group

Head over to the Azure portal. If you don’t have an account already, you can create one which gives you 200$ credit in the first month, and free services for the following 12 months. That’s more than a year of practice! And If you are a student, you are even luckier, because you can create an account without a credit card!

Then, choose resource groups from the upper-left corner button, and create one. Let’s name it AD_Tests. I already have mine created.

Create a resource group where to deploy your Active Directory lab
Create a resource group where to deploy your Active Directory lab

Step 2: Download the code for the Active Directory lab

For this step, you can either use your machine, or the Azure shell. I recommend the second because you don’t have to install any additional software.

Azure shell to run the Active Directory lab deployment script
Azure shell to run the Active Directory lab deployment script

It is literally one command.

git clone https://github.com/thehackerish/ADLab

This is a public repository I made available to you. I borrowed it from chvancooten’s awesome repository. The only difference is that I removed some blocks and added some adjustments. If you’d like to have Elastic search in your lab, feel free to clone his repository instead. The remaining steps should be the same.

Step 3: Configure your lab

We are only one step away. Change directory to Terraform, and rename the file terraform.tfvars.example to simply terraform.tfvars.

This is where you specify the name of your lab, the size of the machines, and the whitelisted IP address.

Terraform configuration file
Terraform configuration file

Step 4: Deploy the lab

With literally 2 commands, you can deploy your lab. Under the Terraform directory, run:

terraform init
terraform apply --auto-approve

This is where the magic happens.

Optional step : Get your coffee and understand the code

Let’s quickly understand how the magic happens. The lab leverages two technologies used in DevOps. Terraform deploys the machines, and Ansible configures them. That’s why the code conveniently has a folder for each one.

The Terraform folder contains tf files that define the state of the lab components, such as the network, the virtual machines, and deployment scripts. For instance, you can see we have a load balancer that distributes traffic to the right machine based on the port number. That’s why we have one IP address to connect to the lab, but the SSH port will give access to the hackbox, port 3389 to the windows 10 box, and port 80 to the web page on the web server.

The Ansible folder holds yaml files that define the configuration state of the machines. It was divided into roles for better code reuse and clarity. For instance, the domain role is responsible for creating the domain. It uses the ansible win_domain module to achieve that. The win10 role updates the workstation’s DNS configuration and joins it to the domain, much like we’ve manually done in a previous video. All these roles come together in the cloudlabs.yml file, which runs each role depending on the machine.

And just like that, everything works perfectly together to give birth to the new lab. Again, many thanks to Cas Van Cooten for his awesome work.

Step 5: Start hacking your Active Directory lab

Once the lab is deployed, you will get the connection credentials along with the URL of the lab. From there, you can start your Active Directory hacking journey.

Active Directory lab deployment finished
Active Directory lab deployment finished

When you want to take a break, simply poweroff the VMs. And when you’re done with the lab, simply run terraform destroy —auto-approve and everything will be deleted in a matter of minutes.

The next time you deploy the lab, you will get a totally different environment, with different attack paths you can explore and attack. How cool is that!

Conclusion

In the upcoming posts, I will attempt to hack this lab using the techniques I learned in the hands-on training I talked about in the Certified Red Team professional certification review, or as I prefer to call it: Initiation to AD hacking.

Until next time, stay curious, keep learning, and go find some bugs.

Post navigation

Previous Post:

How to easily setup a hacking lab for Android apps using Genymotion in 5 steps

Get you Free hacking lab VM.

free-hacking-lab-vm
Click on the image and get all you need to kickstart your journey in Web Hacking!

Overcome your struggles and become a successful bug bounty hunter!

Bug bounty hunting journey book
Click on the image and grab your own copy NOW!

Listen to the Hack for Fun and Profit Podcast

Support my work!

Categories

  • burp suite
  • Hacking
    • bug bounty
    • Penetration testing
    • red team
  • OWASP
    • OWASP juice shop
    • OWASP Top 10
      • OWASP Top 10 training
      • OWASP Top 10 vulnerabilities
    • OWASP WebGoat
    • OWASP ZAP
  • Secure coding
  • Uncategorized

Overcome your struggles and become a successful bug bounty hunter!

Get you Free hacking lab VM

free-hacking-lab-vm
free-hacking-lab-vm
© 2023 thehackerish | Built using WordPress and SuperbThemes