About this Project
ℹ️
This module is part of a larger project on setting up Game of Active Directory (GOAD) v3 on Proxmox alongside our existing lab infrastructure. Click here to be taken back to the project landing page.
⚠️
This project also assumes that you've already built out the original Proxmox lab environment, as you'll need to lay some foundational network topologies before configuring GOAD here
Objectives for this Step
- Add the VLAN to our existing Proxmox and pfSense Setup
- Add DHCP scopes and add or update firewall rules
- Create a Linux Container and install tools that will be used to automate provisioning and configuration of resources
Updating the Network
Add the GOAD VLAN
ℹ️
I'm going to keep things brief here, because I've already demonstrated multiple times in the main lab guide how to add / remove VLANs to / from the lab configuration.
Interfaces > Assignments
+ Add
Configure the pfSense Interface
OPT9 in my case
Configure the DHCP Server
ℹ️
Typically, I'd have the DHCP server running on the Domain Controller, alongside DNS, but due to the size of the GOAD project and all of the various pieces, I'm going to stick with the creator's original design
Services > DHCP Server > GOAD✅ Ensure you check the box to enable the DHCP server on this VLAN.
Configure the Firewall Rules
Floating Rule Updates
ℹ️
Note, that in the original lab guide, we've created various aliases and firewall rules that will be referenced here, so refer back to the original pfSense setup for more information
Firewall > Rules > Floating
GOAD Rules
💡
We're going to take a little bit of a shortcut here and borrow the rules that already exist for the AD_LAB interface
❗
Disregard the
Wazuh_Servers and !RFC4193 rules in the screenshot, as those are out of the scope of the original lab guide and this lab guide
Stage the Provisioning Host
This is the Linux Container that we'll log into and run Packer, Terraform, and Ansible to build and configure resources for the environment.
⚠️
Since the environment we've created in this Proxmox lab differs quite a bit from the one the original author, Mayfly created, we'll be making some changes to the Infrastructure-as-Code (IaC). Please be mindful of these changes while reading.
Create the Container
>_ Shellpveam updateUpdate the Linux Container template database
22.04 version of Ubuntu, click "Download"
vmbr1 will put the LXC on the pfSense internal LAN (10.0.0.0/24)⚠️
If you haven't already done so, you'll want to add a static route on your home router, so that you can SSH into your provisioning LXC from your home network side
ℹ️
I'm going to take the MAC address from the container's settings, now that it's created, log into my pfSense VM on
vmbr1, and allocate a DHCP reservation to this container, so that it is always at the same IP address. This is better for crafting firewall rules later.✅
When ready, you may start the container
Environment Setup
Log into the Provisioning Container
Log into your provisioning container via SSH key or password to open a terminal.
ℹ️
The
ssh client application is available on all current versions of Windows and of course, has been available on Linux for ages⚠️
If you're tying to SSH into the container, remember that the container is on
vmbr1 behind pfSense on the default LAN -- 10.0.0.0/24 with Kali. If you haven't added a static route into the LAN, please do so in order to reach it via SSH.ssh -i id_rsa root@10.0.0.3Authenticating via SSH key. I gave my LXC a DHCP reservation of 10.0.0.3 in my pfSense VM.
Install Dependencies
apt install python3-venvcd /rootgit clone https://github.com/Orange-Cyberdefense/GOADcd GOAD./goad.sh
exit the interactive menu once the installation is completePrepare for Proxmox Installation
cd /root/GOADbash -f ./scripts/setup_proxmox.sh
Current State of the Lab
Next Step
Proxmox Lab: Game of Active Directory - Creating VM Templates
In this module, we’ll be taking steps to create some Windows Server 2016 and Windows Server 2019 templates using Packer for use in the Proxmox Game of Active Directory lab
0xBEN
