Phase 1: System Tools & Compilers
These packages provide the networking, compilation, and cross-platform headers needed for the lab.
# Update and install system dependencies
sudo apt update && sudo apt install -y \
python3-pip \
python3-venv \
pipx \
git \
tmux \
curl \
iputils-ping \
vim \
gcc-mingw-w64-x86-64 \
ntpsec-ntpdate \
krb5-user \
zip \
python3-impacket \
impacket-scripts \
smbclient \
netexec \
nmap \
responder \
hashcat \
mimikatz \
windows-binaries \
rubeus \
sharphound \
wordlistsEnter blanks on all the krb5 stuff.
Phase 2: Modern AD Tooling
We use pipx to install some tools in isolated environments to prevent dependency conflicts with the system’s Impacket.
# Ensure pipx is ready and in your PATH
pipx ensurepath
echo 'export PATH="$PATH:/root/.local/bin"' >> /root/.bashrc
source /root/.bashrc
# Install modern successors to legacy tools
pipx install certipy-ad # Essential for ADCS/Certifried
pipx install bloodhound # Modern Python collectorGrab kerbrute
wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64
chmod +x kerbrute_linux_amd64
sudo mv kerbrute_linux_amd64 /usr/local/bin/kerbrute
Phase 3: Networking & Time Sync
Kerberos authentication (required for almost every GOAD exploit) will fail if your clock is off by more than 5 minutes or if you cannot resolve FQDNs.
# 1. Sync time with the Domain Controller
ntpdate 192.168.66.11
# 2. Configure Host Resolution
sudo cat <<EOF >> /etc/hosts
# Root domain DC
192.168.66.10 kingslanding.sevenkingdoms.local kingslanding
# Child domain DCs
192.168.66.11 winterfell.north.sevenkingdoms.local winterfell
192.168.66.12 meereen.essos.local meereen
# Member servers
192.168.66.22 castelblack.north.sevenkingdoms.local castelblack
192.168.66.23 braavos.essos.local braavos
EOF
0 Comments