Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node implemented as a docker container remotely accessible over RDP.
Fun Facts
AriaCloud Pentest Container – Automated Deployment
This repo now includes a Terraform template and Ansible Playbook that automatically deploys AriaCloud into an Azure VM with remote access over RDP. You can also do a standalone deployment of AriaCloud from within this repo. For this option, navigate into the aria-cloud directory and see the README. For more information on the AriaCloud docker container and included pentest tools, navigate to https://github.com/iknowjason/AriaCloud.
Purple Cloud Deployment Instructions
Note: Tested on Ubuntu Linux 20.04
Requirements:
Installation Steps
Note: Tested on Ubuntu 20.04
Download and install Terraform for your platform –> https://www.terraform.io/downloads.html
Install Ansible
$ sudo apt-get install ansible
Follow the exact instructions in this Microsoft link: https://docs.microsoft.com/en-us/azure/developer/terraform/getting-started-cloud-shell
These were the two basic commands that were run based on this link above:
az ad sp create-for-rbac –role=”Contributor” –scopes=”/subscriptions/
and this command below. From my testing I needed to use a role of “Owner” instead of “Contributor”. Default Microsoft documentation shows role of “Contributor” which resulted in errors.
az login –service-principal -u <service_principal_name> -p “<service_principal_password>”–tenant “<service_principal_tenant>”
Take note of the following which we will use next to configure our Terraform Azure provider:
subscription_id = “”
client_id = “”
client_secret = “”
tenant_id = “”
$ git clone https://github.com/iknowjason/PurpleCloud.git
Step 4: Using your favorite text editor, edit the terraform.tfvars file for the Azure resource provider matching your Azure Service Principal credentials
cd PurpleCloud/deploy
vi terraform.tfvars
Edit these parameters in the terraform.tfvars file:
subscription_id = “”
client_id = “”
client_secret = “”
tenant_id = “”
Your terraform.tfvars file should look similar to this but with your own Azure Service Principal credentials:
subscription_id = “aa9d8c9f-34c2-6262-89ff-3c67527c1b22”
client_id = “7e9c2cce-8bd4-887d-b2b0-90cd1e6e4781”
client_secret = “:+O$+adfafdaF-?%:.?d/EYQLK6po9`|E<[”
tenant_id = “8b6817d9-f209-2071-8f4f-cc03332847cb”
$ cd PurpleCloud/deploy
$ terraform init
$ terraform apply -var-file=terraform.tfvars -auto-approve
This should start the Terraform automated deployment plan
Known Issues or Bugs
There are issues that are WIP for me to debug and resolve based on timing. They are mentioned below with workarounds.
Sometimes one of the provisioning steps doesn’t work with the DC. It is the terraform module that calls the Ansible Playbook which runs a Powershell script to add domain users. The error will look like this when running the steps:
module.dc1-vm.null_resource.provision-dc-users (local-exec): TASK [dc : debug] **************************************************************
module.dc1-vm.null_resource.provision-dc-users (local-exec): ok: [52.255.151.90] => {
module.dc1-vm.null_resource.provision-dc-users (local-exec): "results.stdout_lines": [
module.dc1-vm.null_resource.provision-dc-users (local-exec): "WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services ",
module.dc1-vm.null_resource.provision-dc-users (local-exec): "running.'."
module.dc1-vm.null_resource.provision-dc-users (local-exec): ]
module.dc1-vm.null_resource.provision-dc-users (local-exec): }
If this happens, you can change into the modules/dc1-vm directory and immediately run the ansible playbook commands, as shown in README.ANSIBLE.txt: ansible-playbook -i hosts.cfg playbook.yml
If you run this command before the Windows 10 endpoints are provisioned, they will run just fine. If the entire script runs and you see this error, then you need to run the Ansible Playbook on the Windows server and all of the endpoints.
Sometimes the adversary will throw this error:
module.adversary1-vm.null_resource.ansible-deploy (local-exec): fatal: [40.121.138.118]: FAILED! => {“changed”: false, “msg”: “Failed to update apt cache: “}
To resolve the issue, change into the modules/adversary1-vm directory and run the Ansible Playbook commands shown in README.ANSIBLE.txt:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ./hosts.cfg –private-key ssh_key.pem ./playbook.yml
Sometimes the Windows 10 Endpoints don’t automatically log into the domain via registry entry. I’ve traced this issue to a timing issue with the Domain Controller creation. The powershell script creating the three users does not run correctly. To resolve the issue, simply run the Ansible Playbooks in each module directory. The following should resolve the issue:
$ cd ../modules/dc1-vm/
$ ansible-playbook -i hosts.cfg playbook.yml
$ cd ../win10-vm-1/
$ ansible-playbook -i hosts.cfg playbook.yml
$ cd ../win10-vm-2/
$ ansible-playbook -i hosts.cfg playbook.yml
$ cd ../win10-vm-3/
$ ansible-playbook -i hosts.cfg playbook.yml
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…