ℹ️

This module is part of a larger project on setting up Game of Active Directory (GOAD) v3 on Proxmox alongside our existing lab infrastructure. Click here to be taken back to the project landing page.

Previous Step

Objectives for this Step

Configure Terraform variables
Create the lab environment with Terraform via the goad.sh script

Install the Lab

ℹ️

Even though in this step, we're not directly calling the terraform binary ourselves, when we use the goad.sh script to install the Proxmox lab, that's what's going on under the hood

Define Global Variables

cd /root/GOAD

nano globalsettings.ini

[all:vars]
; This is the global inventory file, data here will override all lab or provider inventory datas
; modify this to add layouts to VMs
; https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-language-pack-default-values
; French  : 0000040C
; US      : 00000409
; German  : 00000407
; Spanish : 0000040A
; the first in the list will be the default layout (here: FR | US)
keyboard_layouts=["00000409"]

Set the desired keyboard_layouts variable. I've set mine to US exclusively.

Define Proxmox Provider Variables

nano /root/.goad/goad.ini

[proxmox]
pm_api_url = https://192.168.1.1:8006/api2/json
pm_user = infra_as_code@pve
pm_node = GOAD
pm_pool = GOAD
pm_full_clone = false
pm_storage = local
pm_vlan = 10
pm_network_bridge = vmbr3
pm_network_model = e1000

[proxmox_templates_id]
winserver2019_x64 = 102
winserver2016_x64 = 103
winserver2019_x64_utd = 104
windows10_22h2_x64 = 105

Original File Contents

💡

If you reference the GOAD lab diagram, you'll see how the labs are in color-coded outlines indicating which hosts comprise which lab. In this guide, we're provisioning the GOAD lab (which is the default)

So even though the variables contain references to Windows 10, this lab does not deploy that host, and it would fail anyway, because we didn't download a Windows 10 ISO, nor template it with Packer.

Windows Server 2019 is at template ID `100` and Windows Server 2016 is at template ID `102`

[proxmox]
pm_api_url = https://172.16.1.14:8006/api2/json
pm_user = root@pam
pm_node = proxmox-um690
pm_pool = GOAD
pm_full_clone = false
pm_storage = local-lvm
pm_vlan = 10
pm_network_bridge = vmbr1
pm_network_model = e1000

[proxmox_templates_id]
winserver2019_x64 = 100
winserver2016_x64 = 102
winserver2019_x64_utd = 104
windows10_22h2_x64 = 105

Variables for My Environment

❗Changes made to the variables:

pm_api_url — changed the IP address of the PVE node to match mine
pm_user = root@pam
- In the original guide written by m4yfly, we end up giving full permissions to infrastructure_as_code@pve anyway
pm_node = proxmox-um690 — this is the hostname of the target PVE node
pm_pool = GOAD — this is the resource pool we created above
pm_storage = local-lvm — local is incorrect and is not used to store guest disks
pm_network_bridge = vmbr1 — this is the target virtual switch for me
winserver2019_x64 = 100 — matches the template ID on my Proxmox VE node
winserver2016_x64 = 102 — matches the template ID on my Proxmox VE node

As mentioned before, we don't need to worry about the other template IDs, because the GOAD lab environment doesn't use either of these VM types.

Test Configurations

cd /root/GOAD

./goad.sh -t check -l GOAD -p proxmox -ip 192.168.10

Provision GOADv3

cd /root/GOAD

./goad.sh -t install -l GOAD -p proxmox -ip 192.168.10

Enter the password for `root@pam` on your Proxmox VE node

Once again, enter the password for `root@pam` on your Proxmox VE node

Be patient while the hosts are provisioned by Terraform

Once provisioned, the build script automatically triggers the Ansible playbook to configure the environment

Troubleshooting

Ansible Hosts Unreachable

I know the correct IP address range was applied to the GOAD hosts — 192.168.10.x. And, I know pfSense is allowing TCP/5985 and TCP/5986 from the provisioning container to the GOAD subnet.

However, when I looked at the hosts in Proxmox, the Windows VMs were not fully booted. Ansible was triggered by the Terraform apply being completed, but the hosts were not ready yet to be managed over WinRM.

cd /root/GOAD

./goad.sh -h

Help output for the script

./goad.sh -t show

./goad.sh -t install -i eacbdb-goad-proxmox -a eacbdb-goad-proxmox

-i specifies the target GOAD lab instance and -a specifies to only run Ansible with the -t install task. You can find these script options and more using ./goad.sh -h

Now, we're gathering Ansible host facts just fine

Current State of the Lab

Next Step

Proxmox Lab: Game of Active Directory - Attacking GOAD

In the final module of the lab, we’ll be taking steps to ensure that we can access our attack box in certain conditions and successfully ensure connectivity to Game of Active Directory targets in the lab.

0xBEN0xBEN

Proxmox Lab: Game of Active Directory - Installing the Lab

Previous Step

Objectives for this Step

Install the Lab

Define Global Variables

Define Proxmox Provider Variables

Test Configurations

Provision GOADv3

Troubleshooting

Ansible Hosts Unreachable

Current State of the Lab

Next Step

0xBEN

Infrastructure-as-Code with Proxmox

Infrastructure-as-Code with Proxmox: Manual Templating

Infrastructure-as-Code with Proxmox: Dynamic DNS (DDNS)