[](<https://1.bp.blogspot.com/-LXoeoTubbWA/XzoR6hDmnBI/AAAAAAAATjg/sFtSIB3fx4obkEensjJrrRuDLfGCuo29gCNcBGAsYHQ/s1600/Active-Directory.jpg>)
Create a [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> "vulnerable" ) active directory that's allowing you to test most of active directory attacks in local lab.
**Main Features**
* Randomize Attacks
* Full Coverage of the mentioned attacks
* you need run the script in DC with [Active Directory](<https://www.kitploit.com/search/label/Active%20Directory> "Active Directory" ) installed
* Some of attacks require client workstation
**Supported Attacks**
* Abusing ACLs/ACEs
* Kerberoasting
* AS-REP Roasting
* Abuse DnsAdmins
* Password in AD User comment
* Password Spraying
* DCSync
* Silver Ticket
* Golden Ticket
* Pass-the-Hash
* Pass-the-Ticket
* SMB Signing Disabled
**Example**
# if you didn't install Active Directory yet , you can try
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true
# if you already installed Active Directory, just run the script !
IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"
**TODO**
* Add More realistic scenarios
* Click close issue button on github
**[Download vulnerable-AD](<https://github.com/WazeHell/vulnerable-AD> "Download vulnerable-AD" )**
{"id": "KITPLOIT:7888744854158471708", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab", "description": "[](<https://1.bp.blogspot.com/-LXoeoTubbWA/XzoR6hDmnBI/AAAAAAAATjg/sFtSIB3fx4obkEensjJrrRuDLfGCuo29gCNcBGAsYHQ/s1600/Active-Directory.jpg>)\n\n \nCreate a [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) active directory that's allowing you to test most of active directory attacks in local lab. \n \n**Main Features** \n\n\n * Randomize Attacks\n * Full Coverage of the mentioned attacks\n * you need run the script in DC with [Active Directory](<https://www.kitploit.com/search/label/Active%20Directory> \"Active Directory\" ) installed\n * Some of attacks require client workstation\n \n**Supported Attacks** \n\n\n * Abusing ACLs/ACEs\n * Kerberoasting\n * AS-REP Roasting\n * Abuse DnsAdmins\n * Password in AD User comment\n * Password Spraying\n * DCSync\n * Silver Ticket\n * Golden Ticket\n * Pass-the-Hash\n * Pass-the-Ticket\n * SMB Signing Disabled\n \n**Example** \n\n \n \n # if you didn't install Active Directory yet , you can try \n Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath \"C:\\\\Windows\\\\NTDS\" -DomainMode \"7\" -DomainName \"cs.org\" -DomainNetbiosName \"cs\" -ForestMode \"7\" -InstallDns:$true -LogPath \"C:\\\\Windows\\\\NTDS\" -NoRebootOnCompletion:$false -SysvolPath \"C:\\\\Windows\\\\SYSVOL\" -Force:$true\n # if you already installed Active Directory, just run the script !\n IEX((new-object net.webclient).downloadstring(\"https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1\"));\n Invoke-VulnAD -UsersLimit 100 -DomainName \"cs.org\"\n\n \n**TODO** \n\n\n * Add More realistic scenarios\n * Click close issue button on github\n \n \n\n\n**[Download vulnerable-AD](<https://github.com/WazeHell/vulnerable-AD> \"Download vulnerable-AD\" )**\n", "published": "2020-08-28T21:30:00", "modified": "2020-08-28T21:30:01", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2020/08/vulnerable-ad-create-vulnerable-active.html", "reporter": "KitPloit", "references": ["https://github.com/WazeHell/vulnerable-AD"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:40", "viewCount": 85, "enchantments": {"dependencies": {}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "_state": {"dependencies": 0}, "_internal": {}, "toolHref": "https://github.com/WazeHell/vulnerable-AD"}