Proxmox Lab: Game of Active Directory - Attacking GOAD

In the final module of the lab, we'll be taking steps to ensure that we can access our attack box in certain conditions and successfully ensure connectivity to Game of Active Directory targets in the lab.
Proxmox Lab: Game of Active Directory - Attacking GOAD
In: Proxmox, Home Lab, Active Directory, Game of Active Directory, Windows, Attack
ℹ️
This module is part of a larger project on setting up Game of Active Directory (GOAD) on Proxmox alongside our existing lab infrastructure. Click here to be taken back to the project landing page.

Previous Step

Proxmox Lab: Game of Active Directory - Configure with Ansible
In this module, we’ll be taking steps to configure the Windows hosts in the Proxmox Game of Active Directory lab using Ansible





Objectives for this Step

  • Ensure that we can access the target environment using our attack box



Reviewing the Setup

Reviewing the network diagram for the GOAD environment, note the following about the lab environment

The original lab environment had the following

  • VLANs
    • native10.0.0.0/24 (LAN)
    • 66610.6.6.0/24 (SEC_EGRESS)
    • 99910.9.9.0/24 (SEC_ISOLATED)
    • 8010.80.80.0/24 (AD_LAB)
  • The attack box is on the native VLAN and can reach any of the other VLANs

The GOAD lab environment adds

  • VLANs
    • 10192.168.10.0/24 (GOAD)
  • The provisioning CT is on native
  • The GOAD hosts are on 10
  • The attack box can still reach all of the VLANs, including 10



Positioning the Attack Box

Why this Matters

Certain network attacks only work when the attack box is on the same Local Area Network as the target(s), because some attacks require broadcasts and snooping at layer 2.

💡
If the attack box is on 10.0.0.0/24 and the targets are on 192.168.10.0/24, then certain attacks won't work, but there is still a wide variety of attacks you can try on the GOAD lab from this position



Leaving Attack Box on Native VLAN

This will keep the attack box on the pfSense internal LAN of 10.0.0.0/24. In the original lab design we give the attack box — Kali Linux — a DHCP reservation of 10.0.0.2.

ℹ️
If you've configured static routes in your environment, you should be able to access 10.0.0.2 from your home network via SSH or some remote desktop protocol.

Log into your attack box and you should be able to begin the penetration test against the 192.168.10.0/24 network.



Putting Attack Box on VLAN 10

This will move the attack box to VLAN 10 — 192.168.10.0/24 — and put it on the same LAN as the rest of the GOAD hosts.

ℹ️
The original lab design does not factor for GOAD, so we have not yet added a static route to the GOAD LAN

Configure the Static Route

Refer to the documentation on configuring static routes and add the following:

  • Destination Network: 192.168.10.0/24
  • Gateway: pfSense WAN IP address



Give Attack Box a DHCP Reservation

Log into your lab pfSense VM and go to Services > DHCP Server > GOAD
Click the "Add Static Mapping" button at the bottom of the page
Fill out the mapping details and save, then "Apply Changes"



Configure a WAN Firewall Rule

Go to Firewall > Rules > WAN
Click the "Add (up)" button
Click "Save" and then, "Apply Changes"



Connecting to Kali on VLAN 10

Now that you've added the firewall rule on the WAN, use a SSH or remote desktop client of your preference and target 192.168.10.2. With the static route, this will send the traffic to pfSense WAN IP, which will pass the traffic internally to complete the connection.



Connectivity Check



Attacking the Lab

Archives
Yes another pentester blog…
Head to the link above and follow along with different attacks as demonstrated by Mayfly





Conclusion

That was quite the adventure getting everything built and configured ...😅
I tried my best to think of most cases where someone reading may get stuck, but if I have missed anything, if there are any errors, please do let me know and I'll work to get it corrected. However, at this point, that should be about it. I hope you have lots of fun pwning GOAD!

More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.