Below are some notes with a couple of simple Powershell scripts that I use to:
Promote a computer to Domain Controller
Create an Active Directory (AD) domain offense.local
Join computer to offense.local
domain
Create users in offense.local
domain
The scripts are not intended to fully automate building of the Active Directory lab, rather they serve as cheatsheets that suit most of my needs most of the time.
I use Hyper-V to run my virtual machines (VM) which I installed manually:
WS01 - Windows 10
DC01 - Windows Server 2019
Below script establishes a Powershell Remoting session to the DC01
VM using credentials administrator:123456
(I set that password on DC01
manually before running this script) and does the following:
Congifures the IP/DNS addresses
Installs AD services and management tools
Creates a domain offense.local
Promote-DC.ps1$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("administrator", $password)​$session = New-PSSession -Vmname dc01 -Credential $credential -Verbose​$code = {$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("administrator", $password)​netsh int ip set address "ethernet" static 10.0.0.6 255.255.255.0 10.0.0.6 1netsh int ip set dns "ethernet" static 10.0.0.6 primary​$domainName = "offense"$domain = "$domainName.local"​Write-Host "Installing management tools"Import-Module ServerManagerAdd-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter​Write-Host "Deploying Active Directory Domain..."Install-WindowsFeature AD-domain-services, DNS -IncludeAllSubFeature -IncludeManagementTools -RestartImport-Module ADDSDeploymentInstall-ADDSForest `-SafeModeAdministratorPassword $password `-CreateDnsDelegation:$false `-DatabasePath "C:\Windows\NTDS" `-DomainMode "7" `-DomainName $domain `-DomainNetbiosName $domainName `-ForestMode "7" `-InstallDns:$true `-LogPath "C:\Windows\NTDS" `-NoRebootOnCompletion:$true `-SysvolPath "C:\Windows\SYSVOL" `-Force:$true​Restart-Computer -Force -Verbose}​Invoke-Command -Session $session -ScriptBlock $code
Below script establishes a Powershell Remoting session to the WS01
VM using credentials mantvydas:123456
(I set that password on WS01
manually before running this script) and does the following:
Configures IP/DNS settings
Adds computer to the domain
Join-Member.ps1$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("mantvydas", $password)​$session = New-PSSession -Vmname ws01 -Credential $credential -Verbose​$code = {netsh int ip set address "ethernet" static 10.0.0.7 255.255.255.0 10.0.0.6 1netsh int ip set dns "ethernet" static 10.0.0.6 primary​$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("administrator", $password)Add-computer -domain offense.local -domaincredential $credential -Verbose -Restart}​Invoke-Command -Session $session -ScriptBlock $code
Below script establishes a Powershell Remoting session to the DC01
VM and does the following:
Creates some domain users
Sets their passwords to 123456
Create-Users.ps1$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("offense\administrator", $password)​$session = New-PSSession -Vmname dc01 -Credential $credential -Verbose​$code = {$plainPassword = "123456"$password = $plainPassword | ConvertTo-SecureString -asPlainText -Force$credential = New-Object System.Management.Automation.PSCredential("offense\administrator", $password)# Create users"spotless", "sandy", "bob" | % { New-ADUser $_ }# Reset users' passwordsGet-ADUser -Filter * -Properties samaccountname | select -exp samaccountname | ? {$_ -notmatch "krb|guest"} | ForEach-Object { Write-host Changing password for $_ to $plainPassword; net user $_ $plainPassword | out-null }}​Invoke-Command -Session $session -ScriptBlock $code
Before running this script, the password policy needs to be manually updated on DC01
:
Minimum password length: 0
Password must meet complexity requirements: disabled
Don't forget to run gpupdate.exe
on the DC01
for the new password policy to take affect. This step is mandatory before running Create-Users.ps1
script, otherwise the user passwords will not be changed.
Execute the below in kali:
sudo git clone https://github.com/mimura1133/linux-vm-tools /opt/linux-vm-toolssudo chmod 0755 /opt/linux-vm-tools/kali/2020.x/install.shsudo /opt/linux-vm-tools/kali/2020.x/install.shsudo reboot -f
Execute the below on the host OS with Hyper V, that is hosting your kali VM:
Set-VM "KALI02" -EnhancedSessionTransportType HVSocket