From 88ba349e7c23689703a6337fda0d0aaf842d0744 Mon Sep 17 00:00:00 2001 From: Mayfly277 Date: Tue, 8 Oct 2024 17:58:48 +0200 Subject: [PATCH] Deployed 111751d with MkDocs version: 1.6.1 --- search/search_index.json | 2 +- usage/goad_console/index.html | 488 +++++++++++++++++++++++++++++++++- 2 files changed, 488 insertions(+), 2 deletions(-) diff --git a/search/search_index.json b/search/search_index.json index 98df3fcd..b33eaad5 100644 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Game Of Active Directory","text":"

Welcome to GOAD (v3) documentation !

Game Of Active Directory is a free pentest active directory LAB(s) project (1).

  1. GOAD is free if you use your own computer, obviously we will not pay your electricity bill and your cloud provider invoice ;)

The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice

Note

GOAD main labs (GOAD/GOAD-Light/SCCM) are not pro labs environments (like those you can find on HTB). Theses labs give you an environment to practice a lot of vulnerability and missconfig exploitations. Sure you can use them like pro labs, but it will certainly be too easy due to the number of vulns. Consider more GOAD like a DVWA but for Active Directory. If you want a chall deploy the lab NHA.

Warning

This lab is extremely vulnerable, do not reuse recipe to build your production environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk).

Windows Licenses

This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))

"},{"location":"changelog/","title":"Road Map","text":""},{"location":"changelog/#sccm","title":"SCCM","text":""},{"location":"changelog/#extensions","title":"Extensions","text":""},{"location":"provisioning/","title":"\ud83d\udee0\ufe0f provisioning","text":"

\ud83d\udea7 TODO

"},{"location":"questions/","title":"Frequent asked questions","text":"

I already got a lab installed with v2, is v3 will use it ?

Sorry no, the v3 of GOAD doesn't look for already installed lab. Best way to migrate is trash your old lab and build a new one.

Can i use goad to create a course for my student ?

Sure GOAD is a GPL project. Feel free to reuse it to give course.

"},{"location":"references/","title":"References","text":"

\ud83d\udea7 TODO

"},{"location":"thx/","title":"Special Thanks to","text":""},{"location":"thx/#enterprise","title":"Enterprise","text":""},{"location":"troobleshoot/","title":"troubleshoot","text":"

Tip

In most case if you get errors during install, don't think. Select the failed instance \u0300load <instance_id> and just replay the install with provision_lab to relaunch all or provision_lab_from <playbook> if you know the last failed playbook (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the install)

\ud83d\udea7 TODO refresh me with new goad version :)

"},{"location":"troobleshoot/#vagrant-up-winrm-digest-initialization-failed-initialization-error","title":"vagrant up - WinRM - digest initialization failed : Initialization Error","text":"
DC01: WinRM username: vagrant\nDC01: WinRM execution_time_limit: PT2H\nDC01: WinRM transport: negotiate\nAn error occurred executing a remote WinRM command.\n\nShell: Cmd\nCommand: hostname\nMessage: Digest initialization failed: initialization error\n
"},{"location":"troobleshoot/#vagrant-up-cannot-load","title":"vagrant up - cannot load","text":"
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': cannot load such file -- winrm (LoadError)\n    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:9:in `block in <top (required)>'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/lib/vagrant/util/silence_warnings.rb:8:in `silence!'\n
"},{"location":"troobleshoot/#vagrant-up-cannot-load-such-file-winrm-elevated-loaderror","title":"vagrant up - cannot load such file -- winrm-elevated (LoadError)","text":"
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': cannot load such file -- winrm-elevated (LoadError)\n        from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'\n        from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:12:in `<top (required)>'\n        ...\n
"},{"location":"troobleshoot/#ansible-persistent-unreachable-error","title":"ansible persistent \"unreachable error\"","text":""},{"location":"troobleshoot/#the-naming-context-specified-for-this-replication-operation-is-invalid","title":"The naming context specified for this replication operation is invalid","text":"
TASK [groups_domains : synchronizes all domains] *******************************************************************************************************************************************************************************************************************************\nchanged: [dc03]\nchanged: [dc01]\nfatal: [dc02]: FAILED! => {\"changed\": true, \"cmd\": \"repadmin /syncall /Ade\", \"delta\": \"0:00:01.090773\", \"end\": \"2023-10-18 09:30:26.016579\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2023-10-18 09:30:24.925805\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Syncing all NC's held on winterfell.\\r\\r\\nSyncing partition: DC=north,DC=sevenkingdoms,DC=local\\r\\r\\nCALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\\r\\r\\n    The RPC server is unavailable.\\r\\r\\n\\r\\r\\nSyncAll exited with fatal Win32 error: 8440 (0x20f8):\\r\\r\\n    The naming context specified for this replication operation is invalid.\\r\\r\\n\", \"stdout_lines\": [\"Syncing all NC's held on winterfell.\", \"\", \"Syncing partition: DC=north,DC=sevenkingdoms,DC=local\", \"\", \"CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\", \"\", \"    The RPC server is unavailable.\", \"\", \"\", \"\", \"SyncAll exited with fatal Win32 error: 8440 (0x20f8):\", \"\", \"    The naming context specified for this replication operation is invalid.\", \"\"]}\n
"},{"location":"troobleshoot/#vagrant-up-vagrant-cant-use-the-requested-machine-because-it-is-locked","title":"vagrant up - Vagrant can't use the requested machine because it is locked","text":"
==> GOAD-SRV03: Configuring and enabling network interfaces...\nVagrant can't use the requested machine because it is locked! This\nmeans that another Vagrant process is currently reading or modifying\nthe machine. Please wait for that Vagrant process to end and try\nagain. Details about the machine are shown below:\n
"},{"location":"troobleshoot/#the-server-has-rejected-the-client-credentials","title":"The server has rejected the client credentials","text":"
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [dc02] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\\\daenerys.targaryen']}) => {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"AcrossTheSea\", \"value\": [\"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: The server has rejected the client credentials.\"}\n
"},{"location":"troobleshoot/#groups-domain-error","title":"Groups domain error","text":" 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [192.168.56.xx] (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\\\tyron.lannister', 'essos.local\\\\daenerys.targaryen']}) => {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"DragonsFriends\", \"value\": [\"north.sevenkingdoms.local\\\\jon.snow\", \"sevenkingdoms.local\\\\tyron.lannister\", \"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials.\"}\n
"},{"location":"troobleshoot/#error-add-warning","title":"Error Add-Warning","text":" 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475\nfailed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',\n...\n\"msg\": \"Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.\"}+\n
"},{"location":"troobleshoot/#a-parameter-cannot-be-found-that-matches-parameter-name-acceptlicense","title":"A parameter cannot be found that matches parameter name 'AcceptLicense'","text":" 
fatal: [xxx]: FAILED! => {\n    \"changed\": false,\n    \"msg\": \"Problems installing XXXX module: A parameter cannot be found that matches parameter name 'AcceptLicense'.\",\n    \"nuget_changed\": false,\n    \"output\": \"\",\n    \"repository_changed\": false\n}\n
"},{"location":"troobleshoot/#old-ansible-version","title":"old Ansible version","text":"
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.\n\nThe error appears to have been in '/home/hrrb0032/Documents/mission/GOAD/roles/domain_controller/tasks/main.yml': line 8, column 3, but maybe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n- name: disable enhanced exit codes\n^ here\n

solution : upgrade Ansible

"},{"location":"troobleshoot/#old-ansiblewindows-version","title":"old ansible.windows version","text":"
ERROR! couldn't resolve module/action 'win_powershell'. This often indicates a misspelling, missing collection, or incorrect module path.\n
"},{"location":"troobleshoot/#winrm","title":"winrm","text":"
PLAY [DC01 - kingslanding] *******************************************************\n\n\n\nTASK [Gathering Facts] ***********************************************************\nfatal: [192.168.56.10]: FAILED! => {\"msg\": \"winrm or requests is not installed: No module named winrm\"}\n\n\n\nPLAY RECAP ***********************************************************************\n192.168.56.10              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \n

solution : pip install pywinrm

"},{"location":"troobleshoot/#winrm-send-input-timeout","title":"winrm send input timeout","text":"
TASK [Gathering Facts] ****************************************************************************************************************************************************\n[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMOperationTimeoutError\nok: [192.168.56.11]\n

solution : wait or if crashed then re-run install

"},{"location":"troobleshoot/#domain-controller-ensure-users-are-present","title":"Domain controller : ensure Users are present","text":"

TASK [domain_controller : Ensure that Users presents in ou=<kingdom>,dc=SEVENKINGDOMS,dc=local] ***************************************************************************\nAn exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()\nfailed: [192.168.56.10] (item={u'key': u'lord.varys', u'value': {u'city': u\"King's Landing\", u'password': u'_W1sper_$', u'name': u'Lord Varys', u'groups': u'Small Council', u'path': u'OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local'}}) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": {\"key\": \"lord.varys\", \"value\": {\"city\": \"King's Landing\", \"groups\": \"Small Council\", \"name\": \"Lord Varys\", \"password\": \"_W1sper_$\", \"path\": \"OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local\"}}, \"msg\": \"Unhandled exception while executing module: An unspecified error has occurred\"}\n
solution : re-run install

"},{"location":"troobleshoot/#mssql-unable-to-install-sql-server","title":"mssql : Unable to install SQL Server","text":"
TASK [mssql : Install the database]\nfatal: [192.168.56.22]: FAILED! => {\"attempts\": 3, \"changed\": true, \"cmd\": \"c:\\\\setup\\\\mssql\\\\sql_installer.exe /configurationfile=c:\\\\setup\\\\mssql\\\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\\\setup\\\\mssql\\\\media /QUIET /HIDEPROGRESSBAR\", \"delta\": \"0:00:34.891185\", \"end\": \"2022-08-17 21:26:53.976793\", \"msg\": \"non-zero return code\", \"rc\": 2226323458, \"start\": \"2022-08-17 21:26:19.085608\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Microsoft (R) SQL Server Installer\\r\\nCopyright (c) 2019 Microsoft.  All rights reserved.\\r\\n\\r\\nDownloading install package...\\r\\n\\r\\n\\r\\nOperation finished with result: Failure\\r\\n\\r\\nOops...\\r\\n\\r\\nUnable to install SQL Server (setup.exe).\\r\\n\\r\\n      Exit code (Decimal): -2068643838\\r\\n      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\\r\\n\\r\\n  SQL SERVER INSTALL LOG FOLDER\\r\\n      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\\r\\n\\r\\n\", \"stdout_lines\": [\"Microsoft (R) SQL Server Installer\", \"Copyright (c) 2019 Microsoft.  All rights reserved.\", \"\", \"Downloading install package...\", \"\", \"\", \"Operation finished with result: Failure\", \"\", \"Oops...\", \"\", \"Unable to install SQL Server (setup.exe).\", \"\", \"      Exit code (Decimal): -2068643838\", \"      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\", \"\", \"  SQL SERVER INSTALL LOG FOLDER\", \"      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\", \"\"]}\n

solution : re-run installer

"},{"location":"troobleshoot/#vagrant-not-working-on-ubuntu-2204","title":"vagrant: Not working on Ubuntu 22.04","text":"

I was using the version of Vagrant in the Ubuntu repo, and then tried to use the version 2.4.0 and 2.3.4 binaries from hashicorp, but kept on running into this error:

The guest machine entered an invalid state while waiting for it\nto boot. Valid states are 'starting, running'. The machine is in the\n'poweroff' state. Please verify everything is configured\nproperly and try again.\n\nIf the provider you're using has a GUI that comes with it,\nit is often helpful to open that and watch the machine, since the\nGUI often has more helpful error messages than Vagrant can retrieve.\nFor example, if you're using VirtualBox, run `vagrant up` while the\nVirtualBox GUI is open.\n\nThe primary issue for this error is that the provider you're using\nis not properly configured. This is very rarely a Vagrant issue.\n
Solution : install vagrant from the hashicorp repo

"},{"location":"troobleshoot/#proxmox-error-creating-vm-403-permission-check-failed-sdnzoneslocalnetworkvmbr310-sdnuse","title":"proxmox: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use)","text":"

The error may look similar to below: 

==> proxmox-iso.windows: Error creating VM: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use), \nerror status: {\"data\":null} (params: ......\n

It may be fixed by delegating the SDN.Use privilege to the packer user 

pveum role modify Packer -privs \"VM.Config.Disk VM.Config.CPU VM.Config.Memory Datastore.AllocateTemplate Datastore.Audit Datastore.AllocateSpace Sys.Modify VM.Config.Options VM.Allocate VM.Audit VM.Console VM.Config.CDROM VM.Config.Cloudinit VM.Config.Network VM.PowerMgmt VM.Config.HWType VM.Monitor SDN.Use\"\n

"},{"location":"troobleshoot/#proxmox-proxmox-isowindows-error-creating-vm-error-creating-vm-unable-to-create-vm-103-unsupported-format-qcow2","title":"proxmox: ==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2'","text":"

The error may look similar to below: 

root@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==> proxmox-iso.windows: Retrieving additional ISO\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==> proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 => /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Creating VM\n==> proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2' at /usr/share/perl5/PVE/Storage/LvmThinPlugin.pm line 87., error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug: ide2:local:iso/windows_server_2019.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2 net0:virtio=5E:5D:24:C4:0F:DA,bridge=vmbr3,tag=10 numa:false onboot:false ostype:win10 pool:GOAD sata0:vms:40,discard=ignore,format=qcow2 scsihw:lsi sockets:1 startup: tags: vmid:103])......\n

Filesystems such as ZFS (and others) do not support qcow2. From my reading the best approach is to use an ext4 filesystem and modify config.auto.pkrvars.hcl with the newly created ext4 volume.

root@goadprovisioning:~/GOAD/packer/proxmox# vi config.auto.pkrvars.hcl\n...\nproxmox_vm_storage      = \"ext4-qcow2\"\n...\nroot@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==> proxmox-iso.windows: Retrieving additional ISO\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==> proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 => /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Creating VM\n==> proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==> proxmox-iso.windows: Starting VM\n
"},{"location":"troobleshoot/#proxmox-packer-error-creating-vm-volume-localisowindows_xxxiso-does-not-exist","title":"proxmox - packer error creating vm : volume 'local:iso/windows_XXX.iso' does not exist","text":"
==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 116 - volume 'local:iso/windows_server2019_XXX_en-us.iso' does not exist, error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug\n: ide2:local:iso/windows_server2019_XXX_en-us.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2-uptodate net0:virtio=DA:CB:EB:85:08:0E,bridge=vmbr3,tag=10,firewall=false onboot:false ostype:win10 pool:Templates sata0:local:80,format=q\ncow2 scsihw:lsi sockets:1 startup: tags: vmid:116])   \n

verify your iso files inside proxmox and be sure the iso you want to use exist in proxmox

"},{"location":"troobleshoot/#ansible-adapter-name-error","title":"ansible adapter name error","text":"
No MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet'\n\nor \n\nNo MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet2 '\n
"},{"location":"troobleshoot/#unreachable-proxmox-ansible","title":"unreachable - proxmox, ansible","text":"
fatal: [dc01]: UNREACHABLE! => {\"changed\": false, \"msg\": \"ssl: HTTPSConnectionPool(host='192.168.10.40', port=5986): Max retries exceeded with url: /wsman\n
"},{"location":"vulnerabilities/","title":"Vulnerabilities","text":"

vulnerabilities

"},{"location":"developpers/provisioning/","title":"Provisioning","text":""},{"location":"developpers/provisioning/#provisioning","title":"Provisioning","text":""},{"location":"developpers/structure/","title":"Structure","text":""},{"location":"developpers/structure/#lab-organization","title":"Lab organization","text":" 
ad/\n  labname/            # The lab name must be the same as the variable : domain_name from the data/inventory\n    data/\n      config.json     # The json file containing all the variables and configuration of the lab\n      inventory       # The global lab inventory (provider independent) (this should no contains variables)\n    files/            # This folder contains files you want to copy on your vms\n    scripts/          # This folder contains ps1 scripts you want to play on your vm (Must be added in the \"scripts\" entries of your vms)\n    providers/        # Your lab available provider\n      vmware/\n        inventory     # specific vmware inventory\n        Vagrantfile   # specific vmware vagrantfile\n      virtualbox/\n        inventory     # specific virtualbox inventory\n        Vagrantfile   # specific virtualbox vagrantfile\n      proxmox/\n        terraform/    # specific proxmox terraform recipe\n        inventory     # specific proxmox inventory\n      azure/\n        terraform/    # specific azure terraform recipe\n        inventory     # specific azure inventory\n
"},{"location":"extensions/","title":"Extensions","text":""},{"location":"extensions/elk/","title":"elk","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/elk/#elk_1","title":"elk","text":""},{"location":"extensions/exchange/","title":"exchange","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/wazuh/","title":"wazuh","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/ws01/","title":"ws01","text":"

\ud83d\udea7 TODO

"},{"location":"installation/","title":"\ud83d\ude80 Installation","text":"

In the last version, GOAD use no more bash for the installation/management script. The goad management script is now written in python to permit more flexibility and cover the needs to create a Windows WSL support.

"},{"location":"installation/#tldr-quick-install","title":"TLDR - quick install","text":"TLDR : ubuntu 22.04 quick install 
# Install vbox\nsudo apt install virtualbox\n\n# Install vagrant\nwget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\necho \"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\nsudo apt update && sudo apt install vagrant\n\n# Install Vagrant plugins\nvagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n\n# Add some dependencies\nsudo apt install sshpass lftp rsync openssh-client python3.10-venv\n\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n# verify installation\n./goad.sh -t check -l GOAD -p virtualbox\n\n# install\n./goad.sh -t install -l GOAD -p virtualbox\n\n# launch goad in interactive mode\n./goad.sh\n
"},{"location":"installation/#installation_1","title":"Installation","text":""},{"location":"installation/linux/","title":"Linux","text":""},{"location":"installation/linux/#prepare-your-hypervisor","title":"Prepare your hypervisor","text":"Virtualbox Vmware workstation Azure Aws Proxmox\ud83c\udfdf\ufe0f Ludus

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

Tip

Vmware workstation is now free for personal use !

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\n...>exit\nvim ~/.goad/goad.ini # add the api_key in the config file (keep impersonate to yes and use an admin user)\n./goad.sh -p ludus\n...>set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\n...>install\n
"},{"location":"installation/linux/#prepare-your-python-environment","title":"Prepare your python environment","text":" 
sudo apt install python<version>-venv\n
sudo apt install python3.10-venv\n

Python version

Be sure to use a python version between python3.8 and python 3.11. Others python versions are not supported by now due to incompatibility with the fixed version in the requirements.

"},{"location":"installation/windows/","title":"Windows","text":"

Info

To use GOAD on windows you will need WSL.

"},{"location":"installation/windows/#prepare-windows-host","title":"Prepare Windows Host","text":"Virtualbox Vmware Workstation Aws Azure Promox\ud83c\udfdf\ufe0f Ludus

If you want to use virtualbox as an hypervisor to create your vm.

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

If you want to use vmware workstation as an hypervisor to create your vm.

Tip

Vmware workstation is now free for personal use !

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

Nothing to prepare on windows host, install and prepare wsl and next follow linux install from your wsl console : see aws linux install

Nothing to prepare on windows host, install and prepare wsl and next linux install from your wsl console see azure linux install

Not supported, you will have to create a provisioning machine on your proxmox and run goad from then (see proxmox linux install)

Not supported, you will have to act from your ludus server (see ludus linux install)

"},{"location":"installation/windows/#prepare-wsl-environment","title":"Prepare WSL environment","text":"

Now your host environment is ready for virtual machine creation. Now we will install WSL to run the goad installation script.

"},{"location":"installation/windows/#install-wsl","title":"Install WSL","text":""},{"location":"installation/windows/#prepare-wsl-distribution","title":"Prepare WSL distribution","text":" 
cd /mnt/c/whatever_folder_you_want\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n./goad.sh\n
"},{"location":"labs/","title":"Labs","text":""},{"location":"labs/GOAD-Light/","title":"GOAD-Light","text":"

This is a light version of goad without the essos domain. This lab was build for computer with less performance (min ~20GB).

Missing scenarios:

"},{"location":"labs/GOAD-Light/#servers","title":"Servers","text":"

This lab is actually composed of five virtual machines:

domain : sevenkingdoms.local

domain : north.sevenkingdoms.local

"},{"location":"labs/GOAD-Light/#usersgroups-and-associated-vulnerabilitesscenarios","title":"Users/Groups and associated vulnerabilites/scenarios","text":"

NORTH.SEVENKINGDOMS.LOCAL

SEVENKINGDOMS.LOCAL

"},{"location":"labs/GOAD-Light/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":""},{"location":"labs/GOAD/","title":"GOAD","text":"

GOAD is the first and main lab of this project. It contains 3 domains and 2 forest.

"},{"location":"labs/GOAD/#servers","title":"Servers","text":"

This lab is actually composed of five virtual machines:

domain sevenkingdoms.local

domain north.sevenkingdoms.local

domain essos.local

"},{"location":"labs/GOAD/#writeup","title":"WRITEUP","text":""},{"location":"labs/GOAD/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":""},{"location":"labs/GOAD/#usersgroups-and-associated-scenarios","title":"Users/Groups and associated scenarios","text":"

NORTH.SEVENKINGDOMS.LOCAL

SEVENKINGDOMS.LOCAL

ESSOS.LOCAL

"},{"location":"labs/MINILAB/","title":"MINI lab","text":""},{"location":"labs/NHA/","title":"NINJA HACKER ACADEMY","text":" 
./goad.sh -t install -l NHA -p virtualbox -m docker\n
./goad.sh -t disablevagrant -l NHA -p virtualbox -m docker\n
./goad.sh -t stop -l NHA -p virtualbox -m docker\n./goad.sh -t start -l NHA -p virtualbox -m docker\n

And you are ready to play ! :)

./goad.sh -t enablevagrant -l NHA -p virtualbox -m docker\n

Tip

No bruteforce, if not in rockyou do not waste your time and your cpu/gpu cycle.

"},{"location":"labs/SCCM/","title":"SCCM lab","text":"

Thanks!

Thanks a lot to my colleague Issam (@KenjiEndo15), who start the project and provide me a lot of ansible roles to start from !

"},{"location":"labs/SCCM/#servers","title":"Servers","text":"

4 virtual machines with Windows Server 2019

All vms got defender activated

"},{"location":"labs/SCCM/#prerequisites","title":"Prerequisites","text":""},{"location":"labs/SCCM/#writeup","title":"Writeup","text":""},{"location":"labs/SCCM/#proxmox-installation","title":"proxmox installation","text":"

1) create a template with the windows_server2019_proxmox_cloudinit_uptodate.pkvars.hcl packer file (guide here: https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/) (note the id after the creation)

2) create the variable file (ad/SCCM/providers/proxmox/terraform/variables.tf) by coping the template (ad/SCCM/providers/proxmox/terraform/variables.tf.template) and change the value according to your proxmox environnement

3) on the provisioning computer : 

./goad.sh -t check -l SCCM -p proxmox -m local\n./goad.sh -t install -l SCCM -p proxmox -m local\n

4) if something goes wrong (restart of the vms during install, etc...), you can rerun only ansible with -a 

./goad.sh -t install -l SCCM -p proxmox -m local -a\n

"},{"location":"providers/","title":"\ud83c\udfd7 Providers","text":"

The architecture is slightly different depending on the provider. Please consult the provider you use to understand the behavior.

"},{"location":"providers/aws/","title":"Aws","text":"

Thanks!

Thx to @ArnC_CarN for the initial work on the aws provider

The architecture is quite the same than the Azure deployment.

Warning

LLMNR, NBTNS and other poisoning network attacks will not work in aws environment. Only network coerce attacks will work.

"},{"location":"providers/aws/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/aws/#aws-configuration","title":"AWS configuration","text":"

You need to configre AWS cli. Use a key with enough privileges on the tenant.

aws configure\n
"},{"location":"providers/aws/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n
"},{"location":"providers/aws/#installation","title":"Installation","text":"
# check prerequisites\n./goad.sh -t check -l GOAD -p aws\n# Install\n./goad.sh -t install -l GOAD -p aws\n

or from the interactive console :

GOAD/aws/remote/192.168.56.X > install\n
"},{"location":"providers/aws/#startstopstatus","title":"start/stop/status","text":""},{"location":"providers/aws/#vms-ami","title":"VMs ami","text":" 
\"dc01\" = {\n  name               = \"dc01\"\n  domain             = \"sevenkingdoms.local\"\n  windows_sku        = \"2019-Datacenter\"\n  ami                = \"ami-018ebfbd6b0a4c605\"\n  instance_type      = \"t2.medium\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n}\n
"},{"location":"providers/aws/#how-it-works","title":"How it works ?","text":""},{"location":"providers/aws/#install-step-by-step","title":"Install step by step","text":"
GOAD/aws/remote/192.168.56.X > create_empty # create empty instance\nGOAD/aws/remote/192.168.56.X > load <instance_id>\nGOAD/aws/remote/192.168.56.X (<instance_id>) > provide # play terraform\nGOAD/aws/remote/192.168.56.X (<instance_id>) > sync_source_jumpbox # sync jumpbox source\nGOAD/aws/remote/192.168.56.X (<instance_id>) > prepare_jumpbox # install dependencies on jumpbox\nGOAD/aws/remote/192.168.56.X (<instance_id>) > provision_lab # run ansible\n
"},{"location":"providers/aws/#tips","title":"Tips","text":""},{"location":"providers/azure/","title":"Azure","text":"

Thanks!

Thx to Julien Arault for the initial work on the azure provider

Warning

LLMNR, NBTNS and other poisoning network attacks will not work in azure environment. Only network coerce attacks will work.

"},{"location":"providers/azure/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/azure/#azure-configuration","title":"Azure configuration","text":"

You need to login to Azure with the CLI.

az login\n
"},{"location":"providers/azure/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[azure]\naz_location = westeurope\n
"},{"location":"providers/azure/#installation","title":"Installation","text":"
# check prerequisites\n./goad.sh -t check -l GOAD -p azure\n# Install\n./goad.sh -t install -l GOAD -p azure\n

or from the interactive console :

GOAD/azure/remote/192.168.56.X > install\n
"},{"location":"providers/azure/#startstopstatus","title":"start/stop/status","text":"

Info

The command stop use deallocate, it take a long time to run but it is not only stopping the vms, it will deallocate them. By doing that, you will stop paying from them (but you still paying storage) and can save some money.

"},{"location":"providers/azure/#vms-sku","title":"VMs sku","text":" 
\"dc01\" = {\n  name               = \"dc01\"\n  publisher          = \"MicrosoftWindowsServer\"\n  offer              = \"WindowsServer\"\n  windows_sku        = \"2019-Datacenter\"\n  windows_version    = \"17763.4377.230505\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n  size               = \"Standard_B2s\"\n}\n
"},{"location":"providers/azure/#how-it-works","title":"How it works ?","text":""},{"location":"providers/azure/#install-step-by-step","title":"Install step by step","text":"
GOAD/azure/remote/192.168.56.X > create_empty # create empty instance\nGOAD/azure/remote/192.168.56.X > load <instance_id>\nGOAD/azure/remote/192.168.56.X (<instance_id>) > provide # play terraform\nGOAD/azure/remote/192.168.56.X (<instance_id>) > sync_source_jumpbox # sync jumpbox source\nGOAD/azure/remote/192.168.56.X (<instance_id>) > prepare_jumpbox # install dependencies on jumpbox\nGOAD/azure/remote/192.168.56.X (<instance_id>) > provision_lab # run ansible\n
"},{"location":"providers/azure/#tips","title":"Tips","text":""},{"location":"providers/ludus/","title":"\ud83c\udfdf\ufe0f Ludus","text":"

Thanks!

Huge shootout to @badsectorlabs for Ludus and Erik for his support and tests during the ludus provider creation

Install on ludus server only

To add GOAD on Ludus please use goad directly on the server. By now goad can work only directly on the server and not from a workstation client.

git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\nexit\n
"},{"location":"providers/ludus/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[ludus]\nludus_api_key = changeme\nuse_impersonation = yes\n
"},{"location":"providers/ludus/#install","title":"Install","text":"
./goad.sh -p ludus\nGOAD/ludus/local > set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\nGOAD/ludus/local > install\n

Info

On ludus the config ip_range is not used and is ignored. The ips will be setup automatically during the lab installation

"},{"location":"providers/proxmox/","title":"Proxmox","text":""},{"location":"providers/proxmox/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/proxmox/#installation","title":"Installation","text":" 
# check prerequisites\n./goad.sh -t check -l GOAD -p proxmox\n# Install\n./goad.sh -t install -l GOAD -p proxmox\n
"},{"location":"providers/virtualbox/","title":"Virtualbox","text":""},{"location":"providers/virtualbox/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/virtualbox/#check-dependencies","title":"Check dependencies","text":"
./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X > check\n

Info

If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.

Note

check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)

"},{"location":"providers/virtualbox/#install","title":"Install","text":" 
./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X > set_lab <lab>  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/virtualbox/local/192.168.56.X > set_ip_range <ip_range>  # here choose the  ip range you want to use ex: 192.168.56\nGOAD/virtualbox/local/192.168.56.X > install\n
./goad.sh -t install -p virtualbox -l <lab> -ip <ip_range_to_use>\n
"},{"location":"providers/vmware/","title":"Vmware","text":"

Quote

\"Virtualbox c'est no way\" @mpgn

"},{"location":"providers/vmware/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/vmware/#check-dependencies","title":"check dependencies","text":"
./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X > check\n

Info

If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.

Note

check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)

"},{"location":"providers/vmware/#install","title":"Install","text":" 
./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X > set_lab <lab>  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/vmware/local/192.168.56.X > set_ip_range <ip_range>  # here choose the  ip range you want to use ex: 192.168.56 (only the first three digits)\nGOAD/vmware/local/192.168.56.X > install\n
./goad.sh -t install -p vmware -l <lab> -ip <ip_range_to_use>\n
"},{"location":"usage/","title":"Usage","text":""},{"location":"usage/goad_args/","title":"Argument mode","text":" 
usage: goad.py [-h] [-t TASK] [-l LAB] [-p PROVIDER] [-ip IP_RANGE] [-m METHOD] [-i INSTANCE] [-e EXTENSIONS] [-a ANSIBLE_ONLY] [-r RUN_PLAYBOOK]\n\nDescription : goad lab management console.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t TASK, --task TASK  tasks available : (install/start/stop/restart/destroy/status/show)\n  -l LAB, --lab LAB     lab to use (default: GOAD)\n  -p PROVIDER, --provider PROVIDER\n                        provider to use (default: vmware)\n  -ip IP_RANGE, --ip_range IP_RANGE\n                        ip range to use (default: 192.168.56)\n  -m METHOD, --method METHOD\n                        deploy method to use (default: local)\n  -i INSTANCE, --instance INSTANCE\n                        use a specific instance (use default if not selected)\n  -e EXTENSIONS, --extensions EXTENSIONS\n                        extensions to use\n  -a ANSIBLE_ONLY, --ansible_only ANSIBLE_ONLY\n                        run only provisioning (ansible) on instance (-i) (for task install only)\n  -r RUN_PLAYBOOK, --run_playbook RUN_PLAYBOOK\n                        run only one ansible playbook on instance (-i) (for task install only)\n\nExample :\n - Install GOAD on virtualbox : python3 goad.py -t install -l GOAD -p virtualbox\n - Launch GOAD interactive console : python3 goad.py\n
"},{"location":"usage/goad_console/","title":"GOAD interactive mode","text":"

\ud83d\udea7 TODO complete me

Launch goad interactive mode

"},{"location":"usage/goad_console/#enter-interactive-mode","title":"Enter interactive mode","text":"

To enter interactive mode just launch goad without the -t parameter

./goad.sh\n
"},{"location":"usage/goad_console/#no-lab-instance-selected","title":"No lab instance selected","text":"
*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall / create ........................ install the selected lab and create a lab instance\ncreate_empty ............................ prepare a lab instance folder without providing and provisioning\nlist .................................... list lab instances\nload <instance_id> ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nlabs .................................... show all labs and available providers\nset_lab <lab> ........................... set the lab to use\nset_provider <provider> ................. set the provider to use\nset_provisioning_method <method> ........ set the provisioning method\nset_ip_range <range> .................... set the 3 first digit of the ip to use (ex: 192.168.56)\n
"},{"location":"usage/goad_console/#check","title":"check","text":"

Will check the lab dependencies

check\n

"},{"location":"usage/goad_console/#install","title":"install","text":"

Install the lab with the current select config

install\n

"},{"location":"usage/goad_console/#create_empty","title":"create_empty","text":"

Create an empty instance folder (into the workspaces/ folder)

create_empty\n

"},{"location":"usage/goad_console/#list","title":"list","text":"

List instances

alias : ls

list\n

"},{"location":"usage/goad_console/#load","title":"load","text":"

Select an instance by his name

alias : use, cd

load <instance name>\n

"},{"location":"usage/goad_console/#config","title":"config","text":"

show current configuration

config\n

"},{"location":"usage/goad_console/#labs","title":"labs","text":"

show available labs

labs\n

"},{"location":"usage/goad_console/#set_lab","title":"set_lab","text":"

Choose the lab to use (GOAD/GOAD-Light/NHA/SCCM/MINILAB)

set_lab <lab_name>\n
"},{"location":"usage/goad_console/#set_provider","title":"set_provider","text":"

Choose the provider to use (virtualbox/vmware/aws/azure/ludus/proxmox)

set_provider <lab_name>\n
"},{"location":"usage/goad_console/#set_provisioning_method","title":"set_provisioning_method","text":"

Choose the provisioning method (local/runner/docker/remote) (most of the time you don't have to change it)

set_provisioning <provisioning_method>\n
"},{"location":"usage/goad_console/#set_ip_range","title":"set_ip_range","text":"

Set the ip range you want to use (Three first digit, example : 192.168.10)

set_ip_range <ip_range>\n
"},{"location":"usage/goad_console/#instance-selected","title":"Instance selected","text":"
*** Manage Lab instance commands ***\nstatus .................................. show current status\nstart ................................... start lab\nstop .................................... stop lab\ndestroy ................................. destroy lab\n\n*** Manage one vm commands ***\nstart_vm <vm_name> ...................... start selected virtual machine\nstop_vm <vm_name> ....................... stop selected virtual machine\nrestart_vm <vm_name> .................... restart selected virtual machine\ndestroy_vm <vm_name> .................... destroy selected virtual machine\n\n*** Extensions ***\nlist_extensions ......................... list extensions\ninstall_extension <extension> ........... install extension (providing + provisioning)\nprovision_extension <extension> ......... provision extension (provisioning only)\n\n*** JumpBox ***\nprepare_jumpbox ......................... install package on the jumpbox for provisioning\nsync_source_jumpbox ..................... sync source of the jumpbox\nssh_jumpbox ............................. connect to jump box with ssh\nssh_jumpbox_proxy <proxy_port> .......... connect to jump box with ssh and start a socks proxy\n\n*** Providing (Vagrant/Terrafom) ***\nprovide ................................. run only the providing (vagrant/terraform)\n\n*** Provisioning (Ansible) ***\nprovision <playbook> .................... run specific ansible playbook\nprovision_lab ........................... run all the current lab ansible playbooks\nprovision_lab_from <playbook> ........... run all the current lab ansible playbooks from specific playbook to the end\n\n*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall ................................. install the current instance (provide + prepare_jumpbox + provision_lab\nset_as_default .......................... set instance as default\nupdate_instance_files ................... update lab instance files\nlist .................................... list lab instances\nload <instance_id> ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nunload .................................. unload current instance\ndelete .................................. delete the currently selected lab instance\n
"},{"location":"usage/goad_console/#status","title":"status","text":""},{"location":"usage/goad_console/#start","title":"start","text":""},{"location":"usage/goad_console/#stop","title":"stop","text":""},{"location":"usage/goad_console/#destroy","title":"destroy","text":""},{"location":"usage/goad_console/#start_vm","title":"start_vm","text":""},{"location":"usage/goad_console/#stop_vm","title":"stop_vm","text":""},{"location":"usage/goad_console/#restart_vm","title":"restart_vm","text":""},{"location":"usage/goad_console/#destroy_vm","title":"destroy_vm","text":""}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Game Of Active Directory","text":"

Welcome to GOAD (v3) documentation !

Game Of Active Directory is a free pentest active directory LAB(s) project (1).

  1. GOAD is free if you use your own computer, obviously we will not pay your electricity bill and your cloud provider invoice ;)

The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice

Note

GOAD main labs (GOAD/GOAD-Light/SCCM) are not pro labs environments (like those you can find on HTB). Theses labs give you an environment to practice a lot of vulnerability and missconfig exploitations. Sure you can use them like pro labs, but it will certainly be too easy due to the number of vulns. Consider more GOAD like a DVWA but for Active Directory. If you want a chall deploy the lab NHA.

Warning

This lab is extremely vulnerable, do not reuse recipe to build your production environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk).

Windows Licenses

This lab use free windows VM only (180 days). After that delay enter a license on each server or rebuild all the lab (may be it's time for an update ;))

"},{"location":"changelog/","title":"Road Map","text":""},{"location":"changelog/#sccm","title":"SCCM","text":""},{"location":"changelog/#extensions","title":"Extensions","text":""},{"location":"provisioning/","title":"\ud83d\udee0\ufe0f provisioning","text":"

\ud83d\udea7 TODO

"},{"location":"questions/","title":"Frequent asked questions","text":"

I already got a lab installed with v2, is v3 will use it ?

Sorry no, the v3 of GOAD doesn't look for already installed lab. Best way to migrate is trash your old lab and build a new one.

Can i use goad to create a course for my student ?

Sure GOAD is a GPL project. Feel free to reuse it to give course.

"},{"location":"references/","title":"References","text":"

\ud83d\udea7 TODO

"},{"location":"thx/","title":"Special Thanks to","text":""},{"location":"thx/#enterprise","title":"Enterprise","text":""},{"location":"troobleshoot/","title":"troubleshoot","text":"

Tip

In most case if you get errors during install, don't think. Select the failed instance \u0300load <instance_id> and just replay the install with provision_lab to relaunch all or provision_lab_from <playbook> if you know the last failed playbook (most of the errors which could came up are due to windows latency during installation, wait few minutes and replay the install)

\ud83d\udea7 TODO refresh me with new goad version :)

"},{"location":"troobleshoot/#vagrant-up-winrm-digest-initialization-failed-initialization-error","title":"vagrant up - WinRM - digest initialization failed : Initialization Error","text":"
DC01: WinRM username: vagrant\nDC01: WinRM execution_time_limit: PT2H\nDC01: WinRM transport: negotiate\nAn error occurred executing a remote WinRM command.\n\nShell: Cmd\nCommand: hostname\nMessage: Digest initialization failed: initialization error\n
"},{"location":"troobleshoot/#vagrant-up-cannot-load","title":"vagrant up - cannot load","text":"
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': cannot load such file -- winrm (LoadError)\n    from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:9:in `block in <top (required)>'\n    from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/lib/vagrant/util/silence_warnings.rb:8:in `silence!'\n
"},{"location":"troobleshoot/#vagrant-up-cannot-load-such-file-winrm-elevated-loaderror","title":"vagrant up - cannot load such file -- winrm-elevated (LoadError)","text":"
<internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require': cannot load such file -- winrm-elevated (LoadError)\n        from <internal:/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb>:85:in `require'\n        from /usr/share/rubygems-integration/all/gems/vagrant-2.3.4/plugins/communicators/winrm/shell.rb:12:in `<top (required)>'\n        ...\n
"},{"location":"troobleshoot/#ansible-persistent-unreachable-error","title":"ansible persistent \"unreachable error\"","text":""},{"location":"troobleshoot/#the-naming-context-specified-for-this-replication-operation-is-invalid","title":"The naming context specified for this replication operation is invalid","text":"
TASK [groups_domains : synchronizes all domains] *******************************************************************************************************************************************************************************************************************************\nchanged: [dc03]\nchanged: [dc01]\nfatal: [dc02]: FAILED! => {\"changed\": true, \"cmd\": \"repadmin /syncall /Ade\", \"delta\": \"0:00:01.090773\", \"end\": \"2023-10-18 09:30:26.016579\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2023-10-18 09:30:24.925805\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Syncing all NC's held on winterfell.\\r\\r\\nSyncing partition: DC=north,DC=sevenkingdoms,DC=local\\r\\r\\nCALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\\r\\r\\n    The RPC server is unavailable.\\r\\r\\n\\r\\r\\nSyncAll exited with fatal Win32 error: 8440 (0x20f8):\\r\\r\\n    The naming context specified for this replication operation is invalid.\\r\\r\\n\", \"stdout_lines\": [\"Syncing all NC's held on winterfell.\", \"\", \"Syncing partition: DC=north,DC=sevenkingdoms,DC=local\", \"\", \"CALLBACK MESSAGE: Error contacting server CN=NTDS Settings,CN=WINTERFELL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sevenkingdoms,DC=local (network error): 1722 (0x6ba):\", \"\", \"    The RPC server is unavailable.\", \"\", \"\", \"\", \"SyncAll exited with fatal Win32 error: 8440 (0x20f8):\", \"\", \"    The naming context specified for this replication operation is invalid.\", \"\"]}\n
"},{"location":"troobleshoot/#vagrant-up-vagrant-cant-use-the-requested-machine-because-it-is-locked","title":"vagrant up - Vagrant can't use the requested machine because it is locked","text":"
==> GOAD-SRV03: Configuring and enabling network interfaces...\nVagrant can't use the requested machine because it is locked! This\nmeans that another Vagrant process is currently reading or modifying\nthe machine. Please wait for that Vagrant process to end and try\nagain. Details about the machine are shown below:\n
"},{"location":"troobleshoot/#the-server-has-rejected-the-client-credentials","title":"The server has rejected the client credentials","text":"
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [dc02] (item={'key': 'AcrossTheSea', 'value': ['essos.local\\\\daenerys.targaryen']}) => {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"AcrossTheSea\", \"value\": [\"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: The server has rejected the client credentials.\"}\n
"},{"location":"troobleshoot/#groups-domain-error","title":"Groups domain error","text":" 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.BeginProcessing()\nfailed: [192.168.56.xx] (item={'key': 'DragonsFriends', 'value': ['sevenkingdoms.local\\\\tyron.lannister', 'essos.local\\\\daenerys.targaryen']}) => {\"ansible_loop_var\": \"item\", \"attempts\": 3, \"changed\": false, \"item\": {\"key\": \"DragonsFriends\", \"value\": [\"north.sevenkingdoms.local\\\\jon.snow\", \"sevenkingdoms.local\\\\tyron.lannister\", \"essos.local\\\\daenerys.targaryen\"]}, \"msg\": \"Unhandled exception while executing module: Either the target name is incorrect or the server has rejected the client credentials.\"}\n
"},{"location":"troobleshoot/#error-add-warning","title":"Error Add-Warning","text":" 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: at , : line 475\nfailed: [192.168.56.11] (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark',\n...\n\"msg\": \"Unhandled exception while executing module: The term 'Add-Warning' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.\"}+\n
"},{"location":"troobleshoot/#a-parameter-cannot-be-found-that-matches-parameter-name-acceptlicense","title":"A parameter cannot be found that matches parameter name 'AcceptLicense'","text":" 
fatal: [xxx]: FAILED! => {\n    \"changed\": false,\n    \"msg\": \"Problems installing XXXX module: A parameter cannot be found that matches parameter name 'AcceptLicense'.\",\n    \"nuget_changed\": false,\n    \"output\": \"\",\n    \"repository_changed\": false\n}\n
"},{"location":"troobleshoot/#old-ansible-version","title":"old Ansible version","text":"
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.\n\nThe error appears to have been in '/home/hrrb0032/Documents/mission/GOAD/roles/domain_controller/tasks/main.yml': line 8, column 3, but maybe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n- name: disable enhanced exit codes\n^ here\n

solution : upgrade Ansible

"},{"location":"troobleshoot/#old-ansiblewindows-version","title":"old ansible.windows version","text":"
ERROR! couldn't resolve module/action 'win_powershell'. This often indicates a misspelling, missing collection, or incorrect module path.\n
"},{"location":"troobleshoot/#winrm","title":"winrm","text":"
PLAY [DC01 - kingslanding] *******************************************************\n\n\n\nTASK [Gathering Facts] ***********************************************************\nfatal: [192.168.56.10]: FAILED! => {\"msg\": \"winrm or requests is not installed: No module named winrm\"}\n\n\n\nPLAY RECAP ***********************************************************************\n192.168.56.10              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \n

solution : pip install pywinrm

"},{"location":"troobleshoot/#winrm-send-input-timeout","title":"winrm send input timeout","text":"
TASK [Gathering Facts] ****************************************************************************************************************************************************\n[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMOperationTimeoutError\nok: [192.168.56.11]\n

solution : wait or if crashed then re-run install

"},{"location":"troobleshoot/#domain-controller-ensure-users-are-present","title":"Domain controller : ensure Users are present","text":"

TASK [domain_controller : Ensure that Users presents in ou=<kingdom>,dc=SEVENKINGDOMS,dc=local] ***************************************************************************\nAn exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()\nfailed: [192.168.56.10] (item={u'key': u'lord.varys', u'value': {u'city': u\"King's Landing\", u'password': u'_W1sper_$', u'name': u'Lord Varys', u'groups': u'Small Council', u'path': u'OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local'}}) => {\"ansible_loop_var\": \"item\", \"changed\": false, \"item\": {\"key\": \"lord.varys\", \"value\": {\"city\": \"King's Landing\", \"groups\": \"Small Council\", \"name\": \"Lord Varys\", \"password\": \"_W1sper_$\", \"path\": \"OU=Users,OU=Crownlands,OU=kingdoms,DC=SEVENKINGDOMS,DC=local\"}}, \"msg\": \"Unhandled exception while executing module: An unspecified error has occurred\"}\n
solution : re-run install

"},{"location":"troobleshoot/#mssql-unable-to-install-sql-server","title":"mssql : Unable to install SQL Server","text":"
TASK [mssql : Install the database]\nfatal: [192.168.56.22]: FAILED! => {\"attempts\": 3, \"changed\": true, \"cmd\": \"c:\\\\setup\\\\mssql\\\\sql_installer.exe /configurationfile=c:\\\\setup\\\\mssql\\\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\\\setup\\\\mssql\\\\media /QUIET /HIDEPROGRESSBAR\", \"delta\": \"0:00:34.891185\", \"end\": \"2022-08-17 21:26:53.976793\", \"msg\": \"non-zero return code\", \"rc\": 2226323458, \"start\": \"2022-08-17 21:26:19.085608\", \"stderr\": \"\", \"stderr_lines\": [], \"stdout\": \"Microsoft (R) SQL Server Installer\\r\\nCopyright (c) 2019 Microsoft.  All rights reserved.\\r\\n\\r\\nDownloading install package...\\r\\n\\r\\n\\r\\nOperation finished with result: Failure\\r\\n\\r\\nOops...\\r\\n\\r\\nUnable to install SQL Server (setup.exe).\\r\\n\\r\\n      Exit code (Decimal): -2068643838\\r\\n      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\\r\\n\\r\\n  SQL SERVER INSTALL LOG FOLDER\\r\\n      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\\r\\n\\r\\n\", \"stdout_lines\": [\"Microsoft (R) SQL Server Installer\", \"Copyright (c) 2019 Microsoft.  All rights reserved.\", \"\", \"Downloading install package...\", \"\", \"\", \"Operation finished with result: Failure\", \"\", \"Oops...\", \"\", \"Unable to install SQL Server (setup.exe).\", \"\", \"      Exit code (Decimal): -2068643838\", \"      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\", \"\", \"  SQL SERVER INSTALL LOG FOLDER\", \"      c:\\\\Program Files\\\\Microsoft SQL Server\\\\150\\\\Setup Bootstrap\\\\Log\\\\20220817_142624\", \"\"]}\n

solution : re-run installer

"},{"location":"troobleshoot/#vagrant-not-working-on-ubuntu-2204","title":"vagrant: Not working on Ubuntu 22.04","text":"

I was using the version of Vagrant in the Ubuntu repo, and then tried to use the version 2.4.0 and 2.3.4 binaries from hashicorp, but kept on running into this error:

The guest machine entered an invalid state while waiting for it\nto boot. Valid states are 'starting, running'. The machine is in the\n'poweroff' state. Please verify everything is configured\nproperly and try again.\n\nIf the provider you're using has a GUI that comes with it,\nit is often helpful to open that and watch the machine, since the\nGUI often has more helpful error messages than Vagrant can retrieve.\nFor example, if you're using VirtualBox, run `vagrant up` while the\nVirtualBox GUI is open.\n\nThe primary issue for this error is that the provider you're using\nis not properly configured. This is very rarely a Vagrant issue.\n
Solution : install vagrant from the hashicorp repo

"},{"location":"troobleshoot/#proxmox-error-creating-vm-403-permission-check-failed-sdnzoneslocalnetworkvmbr310-sdnuse","title":"proxmox: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use)","text":"

The error may look similar to below: 

==> proxmox-iso.windows: Error creating VM: error creating VM: 403 Permission check failed (/sdn/zones/localnetwork/vmbr3/10, SDN.Use), \nerror status: {\"data\":null} (params: ......\n

It may be fixed by delegating the SDN.Use privilege to the packer user 

pveum role modify Packer -privs \"VM.Config.Disk VM.Config.CPU VM.Config.Memory Datastore.AllocateTemplate Datastore.Audit Datastore.AllocateSpace Sys.Modify VM.Config.Options VM.Allocate VM.Audit VM.Console VM.Config.CDROM VM.Config.Cloudinit VM.Config.Network VM.PowerMgmt VM.Config.HWType VM.Monitor SDN.Use\"\n

"},{"location":"troobleshoot/#proxmox-proxmox-isowindows-error-creating-vm-error-creating-vm-unable-to-create-vm-103-unsupported-format-qcow2","title":"proxmox: ==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2'","text":"

The error may look similar to below: 

root@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==> proxmox-iso.windows: Retrieving additional ISO\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==> proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 => /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Creating VM\n==> proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 103 - unsupported format 'qcow2' at /usr/share/perl5/PVE/Storage/LvmThinPlugin.pm line 87., error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug: ide2:local:iso/windows_server_2019.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2 net0:virtio=5E:5D:24:C4:0F:DA,bridge=vmbr3,tag=10 numa:false onboot:false ostype:win10 pool:GOAD sata0:vms:40,discard=ignore,format=qcow2 scsihw:lsi sockets:1 startup: tags: vmid:103])......\n

Filesystems such as ZFS (and others) do not support qcow2. From my reading the best approach is to use an ext4 filesystem and modify config.auto.pkrvars.hcl with the newly created ext4 volume.

root@goadprovisioning:~/GOAD/packer/proxmox# vi config.auto.pkrvars.hcl\n...\nproxmox_vm_storage      = \"ext4-qcow2\"\n...\nroot@goadprovisioning:~/GOAD/packer/proxmox# packer build -var-file=windows_server2019_proxmox_cloudinit.pkvars.hcl .\nproxmox-iso.windows: output will be in this color.\n\n==> proxmox-iso.windows: Retrieving additional ISO\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Trying ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4\n==> proxmox-iso.windows: ./iso/Autounattend_winserver2019_cloudinit.iso?checksum=sha256%3A43857cb780de3a58696285f644034499d4b29608b3c511feb27e315832b696c4 => /root/GOAD/packer/proxmox/iso/Autounattend_winserver2019_cloudinit.iso\n    proxmox-iso.windows: Uploaded ISO to local:iso/Autounattend_winserver2019_cloudinit.iso\n==> proxmox-iso.windows: Creating VM\n==> proxmox-iso.windows: No VM ID given, getting next free from Proxmox\n==> proxmox-iso.windows: Starting VM\n
"},{"location":"troobleshoot/#proxmox-packer-error-creating-vm-volume-localisowindows_xxxiso-does-not-exist","title":"proxmox - packer error creating vm : volume 'local:iso/windows_XXX.iso' does not exist","text":"
==> proxmox-iso.windows: Error creating VM: error creating VM: unable to create VM 116 - volume 'local:iso/windows_server2019_XXX_en-us.iso' does not exist, error status:  (params: map[agent:1 args: boot: cores:2 cpu:kvm64 description:Packer ephemeral build VM hotplug\n: ide2:local:iso/windows_server2019_XXX_en-us.iso,media=cdrom kvm:true machine: memory:4096 name:WinServer2019x64-cloudinit-qcow2-uptodate net0:virtio=DA:CB:EB:85:08:0E,bridge=vmbr3,tag=10,firewall=false onboot:false ostype:win10 pool:Templates sata0:local:80,format=q\ncow2 scsihw:lsi sockets:1 startup: tags: vmid:116])   \n

verify your iso files inside proxmox and be sure the iso you want to use exist in proxmox

"},{"location":"troobleshoot/#ansible-adapter-name-error","title":"ansible adapter name error","text":"
No MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet'\n\nor \n\nNo MSFT_NetAdapter objects found with property 'Name' equal to 'Ethernet2 '\n
"},{"location":"troobleshoot/#unreachable-proxmox-ansible","title":"unreachable - proxmox, ansible","text":"
fatal: [dc01]: UNREACHABLE! => {\"changed\": false, \"msg\": \"ssl: HTTPSConnectionPool(host='192.168.10.40', port=5986): Max retries exceeded with url: /wsman\n
"},{"location":"vulnerabilities/","title":"Vulnerabilities","text":"

vulnerabilities

"},{"location":"developpers/provisioning/","title":"Provisioning","text":""},{"location":"developpers/provisioning/#provisioning","title":"Provisioning","text":""},{"location":"developpers/structure/","title":"Structure","text":""},{"location":"developpers/structure/#lab-organization","title":"Lab organization","text":" 
ad/\n  labname/            # The lab name must be the same as the variable : domain_name from the data/inventory\n    data/\n      config.json     # The json file containing all the variables and configuration of the lab\n      inventory       # The global lab inventory (provider independent) (this should no contains variables)\n    files/            # This folder contains files you want to copy on your vms\n    scripts/          # This folder contains ps1 scripts you want to play on your vm (Must be added in the \"scripts\" entries of your vms)\n    providers/        # Your lab available provider\n      vmware/\n        inventory     # specific vmware inventory\n        Vagrantfile   # specific vmware vagrantfile\n      virtualbox/\n        inventory     # specific virtualbox inventory\n        Vagrantfile   # specific virtualbox vagrantfile\n      proxmox/\n        terraform/    # specific proxmox terraform recipe\n        inventory     # specific proxmox inventory\n      azure/\n        terraform/    # specific azure terraform recipe\n        inventory     # specific azure inventory\n
"},{"location":"extensions/","title":"Extensions","text":""},{"location":"extensions/elk/","title":"elk","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/elk/#elk_1","title":"elk","text":""},{"location":"extensions/exchange/","title":"exchange","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/wazuh/","title":"wazuh","text":"

\ud83d\udea7 TODO

"},{"location":"extensions/ws01/","title":"ws01","text":"

\ud83d\udea7 TODO

"},{"location":"installation/","title":"\ud83d\ude80 Installation","text":"

In the last version, GOAD use no more bash for the installation/management script. The goad management script is now written in python to permit more flexibility and cover the needs to create a Windows WSL support.

"},{"location":"installation/#tldr-quick-install","title":"TLDR - quick install","text":"TLDR : ubuntu 22.04 quick install 
# Install vbox\nsudo apt install virtualbox\n\n# Install vagrant\nwget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\necho \"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\nsudo apt update && sudo apt install vagrant\n\n# Install Vagrant plugins\nvagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated\n\n# Add some dependencies\nsudo apt install sshpass lftp rsync openssh-client python3.10-venv\n\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n# verify installation\n./goad.sh -t check -l GOAD -p virtualbox\n\n# install\n./goad.sh -t install -l GOAD -p virtualbox\n\n# launch goad in interactive mode\n./goad.sh\n
"},{"location":"installation/#installation_1","title":"Installation","text":""},{"location":"installation/linux/","title":"Linux","text":""},{"location":"installation/linux/#prepare-your-hypervisor","title":"Prepare your hypervisor","text":"Virtualbox Vmware workstation Azure Aws Proxmox\ud83c\udfdf\ufe0f Ludus

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

Tip

Vmware workstation is now free for personal use !

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\n...>exit\nvim ~/.goad/goad.ini # add the api_key in the config file (keep impersonate to yes and use an admin user)\n./goad.sh -p ludus\n...>set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\n...>install\n
"},{"location":"installation/linux/#prepare-your-python-environment","title":"Prepare your python environment","text":" 
sudo apt install python<version>-venv\n
sudo apt install python3.10-venv\n

Python version

Be sure to use a python version between python3.8 and python 3.11. Others python versions are not supported by now due to incompatibility with the fixed version in the requirements.

"},{"location":"installation/windows/","title":"Windows","text":"

Info

To use GOAD on windows you will need WSL.

"},{"location":"installation/windows/#prepare-windows-host","title":"Prepare Windows Host","text":"Virtualbox Vmware Workstation Aws Azure Promox\ud83c\udfdf\ufe0f Ludus

If you want to use virtualbox as an hypervisor to create your vm.

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

If you want to use vmware workstation as an hypervisor to create your vm.

Tip

Vmware workstation is now free for personal use !

Disk space

The lab takes about 77GB (but you have to get the space for the vms vagrant images windows server 2016 (22GB) / windows server 2019 (14GB) / ubuntu 18.04 (502M)) The total space needed for the lab is ~115 GB (depend on the lab you use and it will take more space if you take snapshots), be sure you have enough disk space before install.

RAM

Depending on the lab you will need a lot of ram to run all the virtual machines. Be sure to have at least 20GB for GOAD-Light and 24GB for GOAD.

Nothing to prepare on windows host, install and prepare wsl and next follow linux install from your wsl console : see aws linux install

Nothing to prepare on windows host, install and prepare wsl and next linux install from your wsl console see azure linux install

Not supported, you will have to create a provisioning machine on your proxmox and run goad from then (see proxmox linux install)

Not supported, you will have to act from your ludus server (see ludus linux install)

"},{"location":"installation/windows/#prepare-wsl-environment","title":"Prepare WSL environment","text":"

Now your host environment is ready for virtual machine creation. Now we will install WSL to run the goad installation script.

"},{"location":"installation/windows/#install-wsl","title":"Install WSL","text":""},{"location":"installation/windows/#prepare-wsl-distribution","title":"Prepare WSL distribution","text":" 
cd /mnt/c/whatever_folder_you_want\ngit clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\n./goad.sh\n
"},{"location":"labs/","title":"Labs","text":""},{"location":"labs/GOAD-Light/","title":"GOAD-Light","text":"

This is a light version of goad without the essos domain. This lab was build for computer with less performance (min ~20GB).

Missing scenarios:

"},{"location":"labs/GOAD-Light/#servers","title":"Servers","text":"

This lab is actually composed of five virtual machines:

domain : sevenkingdoms.local

domain : north.sevenkingdoms.local

"},{"location":"labs/GOAD-Light/#usersgroups-and-associated-vulnerabilitesscenarios","title":"Users/Groups and associated vulnerabilites/scenarios","text":"

NORTH.SEVENKINGDOMS.LOCAL

SEVENKINGDOMS.LOCAL

"},{"location":"labs/GOAD-Light/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":""},{"location":"labs/GOAD/","title":"GOAD","text":"

GOAD is the first and main lab of this project. It contains 3 domains and 2 forest.

"},{"location":"labs/GOAD/#servers","title":"Servers","text":"

This lab is actually composed of five virtual machines:

domain sevenkingdoms.local

domain north.sevenkingdoms.local

domain essos.local

"},{"location":"labs/GOAD/#writeup","title":"WRITEUP","text":""},{"location":"labs/GOAD/#computers-users-and-group-permissions","title":"Computers Users and group permissions","text":""},{"location":"labs/GOAD/#usersgroups-and-associated-scenarios","title":"Users/Groups and associated scenarios","text":"

NORTH.SEVENKINGDOMS.LOCAL

SEVENKINGDOMS.LOCAL

ESSOS.LOCAL

"},{"location":"labs/MINILAB/","title":"MINI lab","text":""},{"location":"labs/NHA/","title":"NINJA HACKER ACADEMY","text":" 
./goad.sh -t install -l NHA -p virtualbox -m docker\n
./goad.sh -t disablevagrant -l NHA -p virtualbox -m docker\n
./goad.sh -t stop -l NHA -p virtualbox -m docker\n./goad.sh -t start -l NHA -p virtualbox -m docker\n

And you are ready to play ! :)

./goad.sh -t enablevagrant -l NHA -p virtualbox -m docker\n

Tip

No bruteforce, if not in rockyou do not waste your time and your cpu/gpu cycle.

"},{"location":"labs/SCCM/","title":"SCCM lab","text":"

Thanks!

Thanks a lot to my colleague Issam (@KenjiEndo15), who start the project and provide me a lot of ansible roles to start from !

"},{"location":"labs/SCCM/#servers","title":"Servers","text":"

4 virtual machines with Windows Server 2019

All vms got defender activated

"},{"location":"labs/SCCM/#prerequisites","title":"Prerequisites","text":""},{"location":"labs/SCCM/#writeup","title":"Writeup","text":""},{"location":"labs/SCCM/#proxmox-installation","title":"proxmox installation","text":"

1) create a template with the windows_server2019_proxmox_cloudinit_uptodate.pkvars.hcl packer file (guide here: https://mayfly277.github.io/posts/GOAD-on-proxmox-part2-packer/) (note the id after the creation)

2) create the variable file (ad/SCCM/providers/proxmox/terraform/variables.tf) by coping the template (ad/SCCM/providers/proxmox/terraform/variables.tf.template) and change the value according to your proxmox environnement

3) on the provisioning computer : 

./goad.sh -t check -l SCCM -p proxmox -m local\n./goad.sh -t install -l SCCM -p proxmox -m local\n

4) if something goes wrong (restart of the vms during install, etc...), you can rerun only ansible with -a 

./goad.sh -t install -l SCCM -p proxmox -m local -a\n

"},{"location":"providers/","title":"\ud83c\udfd7 Providers","text":"

The architecture is slightly different depending on the provider. Please consult the provider you use to understand the behavior.

"},{"location":"providers/aws/","title":"Aws","text":"

Thanks!

Thx to @ArnC_CarN for the initial work on the aws provider

The architecture is quite the same than the Azure deployment.

Warning

LLMNR, NBTNS and other poisoning network attacks will not work in aws environment. Only network coerce attacks will work.

"},{"location":"providers/aws/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/aws/#aws-configuration","title":"AWS configuration","text":"

You need to configre AWS cli. Use a key with enough privileges on the tenant.

aws configure\n
"},{"location":"providers/aws/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[aws]\naws_region = eu-west-3\naws_zone = eu-west-3c\n
"},{"location":"providers/aws/#installation","title":"Installation","text":"
# check prerequisites\n./goad.sh -t check -l GOAD -p aws\n# Install\n./goad.sh -t install -l GOAD -p aws\n

or from the interactive console :

GOAD/aws/remote/192.168.56.X > install\n
"},{"location":"providers/aws/#startstopstatus","title":"start/stop/status","text":""},{"location":"providers/aws/#vms-ami","title":"VMs ami","text":" 
\"dc01\" = {\n  name               = \"dc01\"\n  domain             = \"sevenkingdoms.local\"\n  windows_sku        = \"2019-Datacenter\"\n  ami                = \"ami-018ebfbd6b0a4c605\"\n  instance_type      = \"t2.medium\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n}\n
"},{"location":"providers/aws/#how-it-works","title":"How it works ?","text":""},{"location":"providers/aws/#install-step-by-step","title":"Install step by step","text":"
GOAD/aws/remote/192.168.56.X > create_empty # create empty instance\nGOAD/aws/remote/192.168.56.X > load <instance_id>\nGOAD/aws/remote/192.168.56.X (<instance_id>) > provide # play terraform\nGOAD/aws/remote/192.168.56.X (<instance_id>) > sync_source_jumpbox # sync jumpbox source\nGOAD/aws/remote/192.168.56.X (<instance_id>) > prepare_jumpbox # install dependencies on jumpbox\nGOAD/aws/remote/192.168.56.X (<instance_id>) > provision_lab # run ansible\n
"},{"location":"providers/aws/#tips","title":"Tips","text":""},{"location":"providers/azure/","title":"Azure","text":"

Thanks!

Thx to Julien Arault for the initial work on the azure provider

Warning

LLMNR, NBTNS and other poisoning network attacks will not work in azure environment. Only network coerce attacks will work.

"},{"location":"providers/azure/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/azure/#azure-configuration","title":"Azure configuration","text":"

You need to login to Azure with the CLI.

az login\n
"},{"location":"providers/azure/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[azure]\naz_location = westeurope\n
"},{"location":"providers/azure/#installation","title":"Installation","text":"
# check prerequisites\n./goad.sh -t check -l GOAD -p azure\n# Install\n./goad.sh -t install -l GOAD -p azure\n

or from the interactive console :

GOAD/azure/remote/192.168.56.X > install\n
"},{"location":"providers/azure/#startstopstatus","title":"start/stop/status","text":"

Info

The command stop use deallocate, it take a long time to run but it is not only stopping the vms, it will deallocate them. By doing that, you will stop paying from them (but you still paying storage) and can save some money.

"},{"location":"providers/azure/#vms-sku","title":"VMs sku","text":" 
\"dc01\" = {\n  name               = \"dc01\"\n  publisher          = \"MicrosoftWindowsServer\"\n  offer              = \"WindowsServer\"\n  windows_sku        = \"2019-Datacenter\"\n  windows_version    = \"17763.4377.230505\"\n  private_ip_address = \"{{ip_range}}.10\"\n  password           = \"8dCT-DJjgScp\"\n  size               = \"Standard_B2s\"\n}\n
"},{"location":"providers/azure/#how-it-works","title":"How it works ?","text":""},{"location":"providers/azure/#install-step-by-step","title":"Install step by step","text":"
GOAD/azure/remote/192.168.56.X > create_empty # create empty instance\nGOAD/azure/remote/192.168.56.X > load <instance_id>\nGOAD/azure/remote/192.168.56.X (<instance_id>) > provide # play terraform\nGOAD/azure/remote/192.168.56.X (<instance_id>) > sync_source_jumpbox # sync jumpbox source\nGOAD/azure/remote/192.168.56.X (<instance_id>) > prepare_jumpbox # install dependencies on jumpbox\nGOAD/azure/remote/192.168.56.X (<instance_id>) > provision_lab # run ansible\n
"},{"location":"providers/azure/#tips","title":"Tips","text":""},{"location":"providers/ludus/","title":"\ud83c\udfdf\ufe0f Ludus","text":"

Thanks!

Huge shootout to @badsectorlabs for Ludus and Erik for his support and tests during the ludus provider creation

Install on ludus server only

To add GOAD on Ludus please use goad directly on the server. By now goad can work only directly on the server and not from a workstation client.

git clone https://github.com/Orange-Cyberdefense/GOAD.git\ncd GOAD\nsudo apt install python3.11-venv\n./goad.sh\nexit\n
"},{"location":"providers/ludus/#goad-configuration","title":"Goad configuration","text":" 
# ~/.goad/goad.ini\n...\n[ludus]\nludus_api_key = changeme\nuse_impersonation = yes\n
"},{"location":"providers/ludus/#install","title":"Install","text":"
./goad.sh -p ludus\nGOAD/ludus/local > set_lab XXX # GOAD/GOAD-Light/NHA/SCCM\nGOAD/ludus/local > install\n

Info

On ludus the config ip_range is not used and is ignored. The ips will be setup automatically during the lab installation

"},{"location":"providers/proxmox/","title":"Proxmox","text":""},{"location":"providers/proxmox/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/proxmox/#installation","title":"Installation","text":" 
# check prerequisites\n./goad.sh -t check -l GOAD -p proxmox\n# Install\n./goad.sh -t install -l GOAD -p proxmox\n
"},{"location":"providers/virtualbox/","title":"Virtualbox","text":""},{"location":"providers/virtualbox/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/virtualbox/#check-dependencies","title":"Check dependencies","text":"
./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X > check\n

Info

If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.

Note

check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)

"},{"location":"providers/virtualbox/#install","title":"Install","text":" 
./goad.sh -p virtualbox\nGOAD/virtualbox/local/192.168.56.X > set_lab <lab>  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/virtualbox/local/192.168.56.X > set_ip_range <ip_range>  # here choose the  ip range you want to use ex: 192.168.56\nGOAD/virtualbox/local/192.168.56.X > install\n
./goad.sh -t install -p virtualbox -l <lab> -ip <ip_range_to_use>\n
"},{"location":"providers/vmware/","title":"Vmware","text":"

Quote

\"Virtualbox c'est no way\" @mpgn

"},{"location":"providers/vmware/#prerequisites","title":"Prerequisites","text":""},{"location":"providers/vmware/#check-dependencies","title":"check dependencies","text":"
./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X > check\n

Info

If there is some missing dependencies goes to the installation chapter and follow the guide according to your os.

Note

check give mandatory dependencies in red and non mandatory in yellow (but you should be compliant with them too depending one your operating system)

"},{"location":"providers/vmware/#install","title":"Install","text":" 
./goad.sh -p vmware\nGOAD/vmware/local/192.168.56.X > set_lab <lab>  # here choose the lab you want (GOAD/GOAD-Light/NHA/SCCM)\nGOAD/vmware/local/192.168.56.X > set_ip_range <ip_range>  # here choose the  ip range you want to use ex: 192.168.56 (only the first three digits)\nGOAD/vmware/local/192.168.56.X > install\n
./goad.sh -t install -p vmware -l <lab> -ip <ip_range_to_use>\n
"},{"location":"usage/","title":"Usage","text":""},{"location":"usage/goad_args/","title":"Argument mode","text":" 
usage: goad.py [-h] [-t TASK] [-l LAB] [-p PROVIDER] [-ip IP_RANGE] [-m METHOD] [-i INSTANCE] [-e EXTENSIONS] [-a ANSIBLE_ONLY] [-r RUN_PLAYBOOK]\n\nDescription : goad lab management console.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t TASK, --task TASK  tasks available : (install/start/stop/restart/destroy/status/show)\n  -l LAB, --lab LAB     lab to use (default: GOAD)\n  -p PROVIDER, --provider PROVIDER\n                        provider to use (default: vmware)\n  -ip IP_RANGE, --ip_range IP_RANGE\n                        ip range to use (default: 192.168.56)\n  -m METHOD, --method METHOD\n                        deploy method to use (default: local)\n  -i INSTANCE, --instance INSTANCE\n                        use a specific instance (use default if not selected)\n  -e EXTENSIONS, --extensions EXTENSIONS\n                        extensions to use\n  -a ANSIBLE_ONLY, --ansible_only ANSIBLE_ONLY\n                        run only provisioning (ansible) on instance (-i) (for task install only)\n  -r RUN_PLAYBOOK, --run_playbook RUN_PLAYBOOK\n                        run only one ansible playbook on instance (-i) (for task install only)\n\nExample :\n - Install GOAD on virtualbox : python3 goad.py -t install -l GOAD -p virtualbox\n - Launch GOAD interactive console : python3 goad.py\n
"},{"location":"usage/goad_console/","title":"GOAD interactive mode","text":"

Launch goad interactive mode

"},{"location":"usage/goad_console/#enter-interactive-mode","title":"Enter interactive mode","text":"

To enter interactive mode just launch goad without the -t parameter

./goad.sh\n
"},{"location":"usage/goad_console/#no-lab-instance-selected","title":"No lab instance selected","text":"
*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall / create ........................ install the selected lab and create a lab instance\ncreate_empty ............................ prepare a lab instance folder without providing and provisioning\nlist .................................... list lab instances\nload <instance_id> ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nlabs .................................... show all labs and available providers\nset_lab <lab> ........................... set the lab to use\nset_provider <provider> ................. set the provider to use\nset_provisioning_method <method> ........ set the provisioning method\nset_ip_range <range> .................... set the 3 first digit of the ip to use (ex: 192.168.56)\n
"},{"location":"usage/goad_console/#check","title":"check","text":"

Will check the lab dependencies

check\n

"},{"location":"usage/goad_console/#install","title":"install","text":"

Install the lab with the current select config

install\n

"},{"location":"usage/goad_console/#create_empty","title":"create_empty","text":"

Create an empty instance folder (into the workspaces/ folder)

create_empty\n

"},{"location":"usage/goad_console/#list","title":"list","text":"

List instances

alias : ls

list\n

"},{"location":"usage/goad_console/#load","title":"load","text":"

Select an instance by his name

alias : use, cd

load <instance name>\n

"},{"location":"usage/goad_console/#config","title":"config","text":"

show current configuration

config\n

"},{"location":"usage/goad_console/#labs","title":"labs","text":"

show available labs

labs\n

"},{"location":"usage/goad_console/#set_lab","title":"set_lab","text":"

Choose the lab to use (GOAD/GOAD-Light/NHA/SCCM/MINILAB)

set_lab <lab_name>\n
"},{"location":"usage/goad_console/#set_provider","title":"set_provider","text":"

Choose the provider to use (virtualbox/vmware/aws/azure/ludus/proxmox)

set_provider <lab_name>\n
"},{"location":"usage/goad_console/#set_provisioning_method","title":"set_provisioning_method","text":"

Choose the provisioning method (local/runner/docker/remote) (most of the time you don't have to change it)

set_provisioning <provisioning_method>\n
"},{"location":"usage/goad_console/#set_ip_range","title":"set_ip_range","text":"

Set the ip range you want to use (Three first digit, example : 192.168.10)

set_ip_range <ip_range>\n
"},{"location":"usage/goad_console/#instance-selected","title":"Instance selected","text":"
*** Manage Lab instance commands ***\nstatus .................................. show current status\nstart ................................... start lab\nstop .................................... stop lab\ndestroy ................................. destroy lab\n\n*** Manage one vm commands ***\nstart_vm <vm_name> ...................... start selected virtual machine\nstop_vm <vm_name> ....................... stop selected virtual machine\nrestart_vm <vm_name> .................... restart selected virtual machine\ndestroy_vm <vm_name> .................... destroy selected virtual machine\n\n*** Extensions ***\nlist_extensions ......................... list extensions\ninstall_extension <extension> ........... install extension (providing + provisioning)\nprovision_extension <extension> ......... provision extension (provisioning only)\n\n*** JumpBox ***\nprepare_jumpbox ......................... install package on the jumpbox for provisioning\nsync_source_jumpbox ..................... sync source of the jumpbox\nssh_jumpbox ............................. connect to jump box with ssh\nssh_jumpbox_proxy <proxy_port> .......... connect to jump box with ssh and start a socks proxy\n\n*** Providing (Vagrant/Terrafom) ***\nprovide ................................. run only the providing (vagrant/terraform)\n\n*** Provisioning (Ansible) ***\nprovision <playbook> .................... run specific ansible playbook\nprovision_lab ........................... run all the current lab ansible playbooks\nprovision_lab_from <playbook> ........... run all the current lab ansible playbooks from specific playbook to the end\n\n*** Lab Instances ***\ncheck ................................... check dependencies before creation\ninstall ................................. install the current instance (provide + prepare_jumpbox + provision_lab\nset_as_default .......................... set instance as default\nupdate_instance_files ................... update lab instance files\nlist .................................... list lab instances\nload <instance_id> ...................... load a lab instance\n\n*** Configuration ***\nconfig .................................. show current configuration\nunload .................................. unload current instance\ndelete .................................. delete the currently selected lab instance\n
"},{"location":"usage/goad_console/#status","title":"status","text":"

Give the current lab status

status\n
"},{"location":"usage/goad_console/#start","title":"start","text":"

Start the current lab instance

start\n
"},{"location":"usage/goad_console/#stop","title":"stop","text":"

Stop the current lab instance

stop\n
"},{"location":"usage/goad_console/#destroy","title":"destroy","text":"

Danger

Destroy the current lab instance vms

destroy\n
"},{"location":"usage/goad_console/#start_vm","title":"start_vm","text":"

Start a vm

start_vm <vm_name>\n
"},{"location":"usage/goad_console/#stop_vm","title":"stop_vm","text":"

Stop a vm

stop_vm <vm_name>\n
"},{"location":"usage/goad_console/#restart_vm","title":"restart_vm","text":"

Restart a vm (start and stop)

restart_vm <vm_name>\n
"},{"location":"usage/goad_console/#destroy_vm","title":"destroy_vm","text":"

Danger

Destroy a vm

destroy_vm <vm_name>\n
"},{"location":"usage/goad_console/#list_extensions","title":"list_extensions","text":"

List available extensions

list_extensions\n
"},{"location":"usage/goad_console/#install_extension","title":"install_extension","text":"

Add an extension to the lab (providing + provisioning)

Warning

An installed extension can be deleted

install_extension <extension_name>\n
"},{"location":"usage/goad_console/#provision_extension","title":"provision_extension","text":"

Launch provisioning (ansible) for the extension

provision_extension <extension_name>\n
"},{"location":"usage/goad_console/#prepare_jumpbox","title":"prepare_jumpbox","text":"

Prepare jumpbox : run the preparation script on the jumpbox (install dependencies)

prepare_jumpbox\n
"},{"location":"usage/goad_console/#sync_source_jumpbox","title":"sync_source_jumpbox","text":"

Rsync goad source with the jumpbox

sync_source_jumpbox\n
"},{"location":"usage/goad_console/#ssh_jumpbox","title":"ssh_jumpbox","text":"

SSH into the jumpbox

ssh_jumpbox\n
"},{"location":"usage/goad_console/#ssh_jumpbox_proxy","title":"ssh_jumpbox_proxy","text":"

SSH into the jumpbox with a socks proxy option (-D)

ssh_jumpbox_proxy <socks_proxy_port>\n
"},{"location":"usage/goad_console/#provide","title":"provide","text":"

Launch providing (machine creation)

provide\n
"},{"location":"usage/goad_console/#provision","title":"provision","text":"

Launch specific playbook (use playbook in ansible/ folder) 

provision <playbook.yml>\n
"},{"location":"usage/goad_console/#provision_lab","title":"provision_lab","text":"

Launch all the lab provisioning (install labs on machines with ansible)

provision_lab\n
"},{"location":"usage/goad_console/#provision_lab_from","title":"provision_lab_from","text":"

Launch the lab provisioning from a specific playbook (use playbook in ansible/ folder)

Tip

useful if the install crash to not redo all the provisioning

provision_lab_from <playbook.yml>\n
"},{"location":"usage/goad_console/#check_1","title":"check","text":"

Launch the check (same as without instance) 

check\n

"},{"location":"usage/goad_console/#install_1","title":"install","text":"

Launch the install (useful if you created an empty instance) 

install\n

"},{"location":"usage/goad_console/#set_as_defualt","title":"set_as_defualt","text":"

Set the current instance as default (automatically loaded on goad start) 

set_as_defualt\n

"},{"location":"usage/goad_console/#update_instance_files","title":"update_instance_files","text":"

Recreate the files inside the workspace folder 

update_instance_files\n

"},{"location":"usage/goad_console/#list_1","title":"list","text":"

List instances

alias : ls

list\n
"},{"location":"usage/goad_console/#load_1","title":"load","text":"

Select an instance by his name (here change the current instance)

alias : use, cd

load <instance name>\n
"},{"location":"usage/goad_console/#config_1","title":"config","text":"

Show current configuration 

config\n

"},{"location":"usage/goad_console/#unload","title":"unload","text":"

Unload the instance (alias cd ..) 

unload\n

"},{"location":"usage/goad_console/#delete","title":"delete","text":"

Danger

delete the current instance lab and vms

delete\n
"}]} \ No newline at end of file diff --git a/usage/goad_console/index.html b/usage/goad_console/index.html index 6db971fb..abd58b28 100644 --- a/usage/goad_console/index.html +++ b/usage/goad_console/index.html @@ -1224,6 +1224,186 @@ + + +
  • + + + list_extensions + + + +
    • + +
  • + + + install_extension + + + +
    • + +
  • + + + provision_extension + + + +
    • + +
  • + + + prepare_jumpbox + + + +
    • + +
  • + + + sync_source_jumpbox + + + +
    • + +
  • + + + ssh_jumpbox + + + +
    • + +
  • + + + ssh_jumpbox_proxy + + + +
    • + +
  • + + + provide + + + +
    • + +
  • + + + provision + + + +
    • + +
  • + + + provision_lab + + + +
    • + +
  • + + + provision_lab_from + + + +
    • + +
  • + + + check + + + +
    • + +
  • + + + install + + + +
    • + +
  • + + + set_as_defualt + + + +
    • + +
  • + + + update_instance_files + + + +
    • + +
  • + + + list + + + +
    • + +
  • + + + load + + + +
    • + +
  • + + + config + + + +
    • + +
  • + + + unload + + + +
    • + +
  • + + + delete + + +
    • @@ -1596,6 +1776,186 @@ + + +
  • + + + list_extensions + + + +
    • + +
  • + + + install_extension + + + +
    • + +
  • + + + provision_extension + + + +
    • + +
  • + + + prepare_jumpbox + + + +
    • + +
  • + + + sync_source_jumpbox + + + +
    • + +
  • + + + ssh_jumpbox + + + +
    • + +
  • + + + ssh_jumpbox_proxy + + + +
    • + +
  • + + + provide + + + +
    • + +
  • + + + provision + + + +
    • + +
  • + + + provision_lab + + + +
    • + +
  • + + + provision_lab_from + + + +
    • + +
  • + + + check + + + +
    • + +
  • + + + install + + + +
    • + +
  • + + + set_as_defualt + + + +
    • + +
  • + + + update_instance_files + + + +
    • + +
  • + + + list + + + +
    • + +
  • + + + load + + + +
    • + +
  • + + + config + + + +
    • + +
  • + + + unload + + + +
    • + +
  • + + + delete + + +
    • @@ -1622,7 +1982,6 @@

    GOAD interactive mode

    -

    🚧 TODO complete me

    Launch goad interactive mode

    console

    Enter interactive mode

    @@ -1765,13 +2124,140 @@

    Instance selected

    delete .................................. delete the currently selected lab instance

    status

    +

    Give the current lab status

    +
    status
+

    start

    +

    Start the current lab instance

    +
    start
+

    stop

    +

    Stop the current lab instance

    +
    stop
+

    destroy

    +
    +

    Danger

    +

    Destroy the current lab instance vms

    +
    +
    destroy
+

    start_vm

    +

    Start a vm

    +
    start_vm <vm_name>
+

    stop_vm

    +

    Stop a vm

    +
    stop_vm <vm_name>
+

    restart_vm

    +

    Restart a vm (start and stop)

    +
    restart_vm <vm_name>
+

    destroy_vm

    +
    +

    Danger

    +

    Destroy a vm

    +
    +
    destroy_vm <vm_name>
+
    +

    list_extensions

    +

    List available extensions

    +
    list_extensions
+
    +

    install_extension

    +

    Add an extension to the lab (providing + provisioning)

    +
    +

    Warning

    +

    An installed extension can be deleted

    +
    +
    install_extension <extension_name>
+
    +

    provision_extension

    +

    Launch provisioning (ansible) for the extension

    +
    provision_extension <extension_name>
+
    +

    prepare_jumpbox

    +

    Prepare jumpbox : run the preparation script on the jumpbox (install dependencies)

    +
    prepare_jumpbox
+
    +

    sync_source_jumpbox

    +

    Rsync goad source with the jumpbox

    +
    sync_source_jumpbox
+
    +

    ssh_jumpbox

    +

    SSH into the jumpbox

    +
    ssh_jumpbox
+
    +

    ssh_jumpbox_proxy

    +

    SSH into the jumpbox with a socks proxy option (-D)

    +
    ssh_jumpbox_proxy <socks_proxy_port>
+
    +

    provide

    +

    Launch providing (machine creation)

    +
    provide
+
    +

    provision

    +

    Launch specific playbook (use playbook in ansible/ folder)

    +
    provision <playbook.yml>
+
    +

    provision_lab

    +

    Launch all the lab provisioning (install labs on machines with ansible)

    +
    provision_lab
+
    +

    provision_lab_from

    +

    Launch the lab provisioning from a specific playbook (use playbook in ansible/ folder)

    +
    +

    Tip

    +

    useful if the install crash to not redo all the provisioning

    +
    +
    provision_lab_from <playbook.yml>
+
    +

    check

    +

    Launch the check (same as without instance) +

    check
+

    +

    install

    +

    Launch the install (useful if you created an empty instance) +

    install
+

    +

    set_as_defualt

    +

    Set the current instance as default (automatically loaded on goad start) +

    set_as_defualt
+

    +

    update_instance_files

    +

    Recreate the files inside the workspace folder +

    update_instance_files
+

    +

    list

    +

    List instances

    +
    +

    alias : ls

    +
    +
    list
+
    +

    load

    +

    Select an instance by his name (here change the current instance)

    +
    +

    alias : use, cd

    +
    +
    load <instance name>
+
    +

    config

    +

    Show current configuration +

    config
+

    +

    unload

    +

    Unload the instance (alias cd ..) +

    unload
+

    +

    delete

    +
    +

    Danger

    +

    delete the current instance lab and vms

    +
    +
    delete
+