Capsulecorp-Pentest – Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test
Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test.
1. Capsulecorp Pentest
The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019 servers configured with various vulnerable services. This project can be used to learn network penetration testing as a stand-alone environment but is ultimatly designed to compliment my book The Art of Network Penetration Testing
1.1. Current Funcionality
- Active directory domain with one DC and 3 server members
- Domain Controler:
goku.capsulecorp.local
- Server 01:
vegeta.capsulecorp.local
- Server 02:
gohan.capsulecorp.local
- Server 03:
trunks.capsulecorp.local
- Domain Controler:
- Vulnerable Jenkins server on
vegeta
- Vulnerable Apache Tomcat server on
trunks
- Vulnerable MSSQL server on
gohan
- Xubuntu pentest system running XRDP.
- Metasploit
- CrackMapExec
- Nmap
- Remmina RDP client
- RVM
- Python/Pip/Pipenv
- Impacket
1.2. Requirements
In order to use the Capsulecorp Pentest network you must have the following:
- VirtualBox
- https://www.virtualbox.org/wiki/Downloads
- Vagrant
- https://www.vagrantup.com/downloads.html
- Ansible
- https://docs.ansible.com/ansible/latest/installation_guide/index.html
1.3. OSX Configuration
In order to manage Windows hosts you’ll have to install pywinrm
with pip inside the ansible virtual environment
source ~/ansible/bin/activate
pip install pywinrm
deactivate
2. Installation
For a detailed installation walkthrough check out the MacOS Setup Guide
2.1. Configure the windows hosts
The first thing you should do is bring up and provision Goku the domain controller. This system will likely take the longest to bring up because the dcpromo stuff just takes a while.
Bring up the VM
vagrant up goku
Provision the VM
vagrant provision goku
Repeat the above two commands for gohan, vageta and trunks.
…WARNING…
This section of the provision is expected to take a while because after a dcpromo it takes a long time for the system to reboot.
TASK [promotedc : Set a static address to 172.28.128.100] **********************
changed: [goku]
TASK [promotedc : Change hostname to goku] *************************************
ok: [goku]
TASK [promotedc : Install Active Directory Services] ***************************
ok: [goku]
TASK [promotedc : Promote goku to domain controller] ***************************
changed: [goku]
TASK [promotedc : Reboot after promotion] **************************************
2.2. Configure your pentest platform
Bring up the virtual machines using vagrant. First cd into the project directory, for example: cd ~/capsulecorp-pentes
. Take note of the RDP port that gets forwarded to your localhost.
vagrant up pentest
Provision the pentest machine.
vagrant provision pentest
You can access your penitent machine either using your preferred RDP client to connect to the xrdp listener or via SSH with.
vagrant ssh pentest
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.