Discord: -> Ping me if you need help setting up the environment or add new features.
The Capsulecorp Pentest is a small virtual network managed by Vagrant and Ansible on Hyper-V. It contains four Windows virtual machines configured with various vulnerable services. This project can be used to learn network Active Directory penetration testing, test Command And Control and develop software for future Active directory Audits.
This project took inspiration from the Royce's repo capsulecorp-pentest, and wanted to adapt it to an Active Directory environment using the power of Windows Hyper-V.
Nowadays, there is no free platform where you interact with a vulnerable Activery Directory environment unless you have a beefy computer with a huge amount of RAM and CPU. Thankfully, Hyper-V solves all these problems allowing you to have an AD environment consuming very few resources.
Furthermore, I created a small hacking path to become Domain Admin in this environment in several ways, starting as a local user named "auditor".
- A Windows system with at least 8GB of RAM and Windows Hyper-V capabilities.
-
Vulnerable Service
-
Unconstrained delegation
-
Constrained delegation
-
Abusing ACLs/ACEs
-
Kerberoasting
-
AS-REP Roasting
-
Abuse DnsAdmins
-
Password in an AD User comment
-
Password Spraying
-
DCSync
-
Silver Ticket
-
Golden Ticket
-
Pass-the-Hash
-
Pass-the-Ticket
-
SMB Signing Disabled
-
Bad WinRM permission
-
Anonymous LDAP query
-
Public SMB Share
The installation process can be followed in the INSTALLATION file.