This is my guide on setting up Game Of Active Directory(GOAD) inside of Ludus.

About

This home pentesting environment can come at a small price point, smaller than I originally thought I would need. You can find mini-pcs pretty cheap on eBay or on Facebook Marketplace in some cases. Just upgrade them a bit with more memory and potentially more storage, and you’re set.

Ludus

Ludus is a system to build easy to use cyber environments, or “ranges” for testing and development. Built on Proxmox, Ludus enables advanced automation while still allowing easy manual modifications or setup of virtual machines and networks. Ludus is implemented as a server that runs Packer and Ansible to create templates and deploy complex cyber environments from a single configuration file. Ludus is accessed via the Ludus CLI (client) or the Proxmox web interface. Normal users should not need to access Ludus via SSH.

There are also other environments guides, such as setting up an ADCS, Malware Lab, SCCM, and more to deploy on Ludus.

GOAD

Game Of Active Directory is a free pentest active directory LAB(s) project. The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself.

Ludus

Requirements

Ludus does have specific system requirements to be used. I’ve highlighted some specifics. image

Starting out

I am running this on a Lenovo ThinkCentre M70Q with:

  • Debian 12
  • 64GB RAM
  • A 1TB NVMe drive
  • Intel-i5-10400T

Installing

  1. After installing Debian 12, while on the machine physically or accessing remotely, change to the root user 
    su -
  2. Install the reqs 
    apt update && apt install curl sudo python3.11-venv

    image

  3. Install Ludus - This will go through and ask a name for the node within Proxmox, the network interface you want to use, etc. As I set a static IP for my machine already, I am going to keep the information already populated and just enter through. This will restart the machine twice. I would give this about 15-20 min. 
    curl -s https://ludus.cloud/install | bash

    image image image image image image image image

Making an Admin User

  1. Once installed, find the API Key. ** WRITE THIS DOWN ** 
    ludus-install-status

    image

  2. Make new admin user and get the new admin users API key. WRITE THIS DOWN. Replace ‘API-KEY’ with the root API key from the previous command. 
    LUDUS_API_KEY='API-KEY' \
 ludus user add --name "USER" --userid USER --admin --url https://127.0.0.1:8081
  3. Set the API key for the newly created admin user 
    export LUDUS_API_KEY='API-KEY-OF-NEW-ADMIN-USER'
  4. Getting Proxmox password for new user. ** WRITE THIS DOWN ** 
    ludus user creds get

    image

Building Templates for GOAD environment

  1. View current templates 
    ludus templates list

    image

  2. Get new templates needed for GOAD. 
    git clone https://gitlab.com/badsectorlabs/ludus && cd ludus/templates
ludus templates add -d win2019-server-x64
ludus templates add -d win2016-server-x64

    image

  3. Build the templates - This will take a while 
    ludus templates build
  4. While it builds, you can check status of builds with: 
    ludus templates logs -f

    image

Once the templates are installed, you will see it say it’s complete. image

GOAD

  1. Clone the GOAD repository 
    git clone https://github.com/Orange-Cyberdefense/GOAD.git && cd GOAD
  2. Start GOAD, check that everything is set with no errors, and install. This will take a long time. 
    ./goad.sh -p ludus
  3. Exit GOAD and update /root/.goad/goad.ini with your users API key
GOAD/ludus/local > check
GOAD/ludus/local > set_lab XXX # GOAD/GOAD-Light/NHA/SCCM
GOAD/ludus/local > install

image image image

I did have a couple error that stopped the install, so added the API of my admin user key to /root/.goad/goad.ini then started the install again.

./goad.sh -p ludus
GOAD/ludus/local > install

image image

Then once more when it was using the API key from the environment and deploying, so I had to load the instance from within GOAD.

./goad.sh
GOAD/ludus/local > ls
GOAD/ludus/local > load (INSTANCE-ID)
GOAD/ludus/local > install

image

Kali VM with Ludus and GOAD

  1. Find the GOAD UserID 
    ludus users list all

    image

  2. Get the config.yml file 
    ludus --user GOAD-USERID range config get > basic-config.yml

    image

  3. Edit the basic-config.yml file with the following added to the bottom 
      - vm_name: "-kali"
 hostname: "-kali"
 template: kali-x64-desktop-template
 vlan: 10
 ip_last_octet: 99
 ram_gb: 4
 cpus: 4
 linux: true
 testing:
   snapshot: false
   block_internet: false
  4. Set the new config file and deploy it 
    ludus --user GOAD-USERID range config set -f basic-config.yml
ludus --user GOAD-USERID range deploy -t vm-deploy
  5. Check on the deployment process 
    ludus --user GOAD-USERID range logs -f

    image image

  6. Deploy the Kali VM 
    ludus --user GOAD-USERID range deploy --limit localhost,GOAD-USERID-kali

    image image

  7. Verify all VMs with their status 
    ludus --user GOAD-USERID range status

    image

  8. Get Wireguard configuration file 
    ludus user wireguard | tee ludus.conf

    image

  9. Save the file as a .conf file and use Wireguard to connect to it. Once connected, access your Kali machine via GUI in the browser, over SSH. 
    sudo wg-quick up GOAD.conf

    image image

I will be posting how to attack this environment soon! Keep an eye out!