|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: Dracarys |
| 4 | +category : [AD, GOAD, Dracarys] |
| 5 | +tags : AD, Dracarys |
| 6 | +image: |
| 7 | + path: /assets/blog/DRACARYS/dracarys_logo.png |
| 8 | + alt: Dracarys - writeup |
| 9 | +--- |
| 10 | + |
| 11 | +DRACARYS is a new lab environment challenge (not for beginners) on GOAD : [https://github.com/Orange-Cyberdefense/GOAD](https://github.com/Orange-Cyberdefense/GOAD) |
| 12 | + |
| 13 | +The lab consists of **three machines**: two Windows Server 2025 (one DC and one server) and one Ubuntu 24.04 server. All connected to the same Active Directory domain "dracarys.lab". |
| 14 | + |
| 15 | +The lab start on the **Linux machine with the .12 IP**, which serves as the starting point for reconnaissance and exploitation. The Ubuntu server is fully integrated into the domain, allowing us to (you will see :p). |
| 16 | +During the exploitation process, several techniques and tools will need to be used. |
| 17 | + |
| 18 | +The lab is available for the following providers: |
| 19 | +* virtualbox |
| 20 | +* vmware |
| 21 | +* ludus |
| 22 | +* proxmox |
| 23 | +* aws |
| 24 | +* azure |
| 25 | + |
| 26 | + |
| 27 | +DRACARYS is written as a training challenge where GOAD was written as a lab with a maximum of vulns. |
| 28 | +- You should find your way in to get domain admin on the domain dracarys.lab |
| 29 | +- Using vagrant user is prohibited of course ^^ |
| 30 | +-Starting point is on lx01 : <ip_range>.12 |
| 31 | +- Obviously do not cheat by looking at the passwords and flags in the recipe files, the lab must start without user to full compromise. |
| 32 | + |
| 33 | +- If you use goad previously your ansible requirements may not be up to date. Be sure to do this before the install: |
| 34 | + |
| 35 | +```bash |
| 36 | +source ~/.goad/.venv/bin/activate |
| 37 | +cd ~/GOAD/ansible |
| 38 | + |
| 39 | +# if you python is >=3.11 |
| 40 | +ansible-galaxy install -r requirements_311.yml |
| 41 | +# if you got a python <3.10 |
| 42 | +ansible-galaxy install -r requirements.yml |
| 43 | +``` |
| 44 | + |
| 45 | +- And install with : |
| 46 | + |
| 47 | +```bash |
| 48 | +./goad.sh -t install -l DRACARYS -p <provider> |
| 49 | +``` |
| 50 | + |
| 51 | +or |
| 52 | + |
| 53 | +```bash |
| 54 | +./goad.sh |
| 55 | +> set_lab DRACARYS |
| 56 | +> set_provider <your_provider> |
| 57 | +> set_iprange 192.168.56 # select the one you want and you can skip this with ludus |
| 58 | +> install |
| 59 | +``` |
| 60 | + |
| 61 | + |
| 62 | +- Once install finish disable vagrant user to avoid using it : |
| 63 | + |
| 64 | +```bash |
| 65 | +./goad.sh |
| 66 | +> load <instance_id> |
| 67 | +> disable_vagrant |
| 68 | +``` |
| 69 | + |
| 70 | +- Now do a reboot of all the machine to avoid unintended secrets stored : |
| 71 | + |
| 72 | +```bash |
| 73 | +> stop |
| 74 | +> start |
| 75 | +``` |
| 76 | + |
| 77 | +And you are ready to play ! :) |
| 78 | + |
| 79 | +- If you need to re-enable vagrant |
| 80 | + |
| 81 | +```bash |
| 82 | +> load <instance_id> |
| 83 | +> enable_vagrant |
| 84 | +``` |
| 85 | + |
| 86 | +- If you want to create a write up of the chall, no problem, have fun. Please ping me on X (@M4yFly) or Discord, i will be happy to read it :) |
| 87 | + |
| 88 | +> If you use aws or azure, i recommend you to exploit directly from the jump host to avoid any clock/kerberos issues ;) |
| 89 | +{: .prompt-tip } |
| 90 | + |
| 91 | +Stay tuned for more detailed walkthroughs on specific exploitation techniques within LINUX. |
| 92 | + |
0 commit comments