Penetration Testing Lab
Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills. They’re great fun and an asset to any security tester.
Having your own lab is a great way to perform security testing techniques in a controlled environment.
If you’re attempting to build out a lab that replicates a real organisation it’s always good to do things properly. Let’s assume for this post that you’ve already built a Windows Domain Controller for your penetration testing lab.
You now need to create those virtual employees within Active Directory. Creating a few different accounts here and there is a relatively easy task I agree, but what if you want your virtual organisation to consist of hundreds of different users in different departments or organisational units, especially with real
Creating hundreds or even thousands of users is now achievable quickly and simply thanks to a tool called Youzer.
Youzer was written by Matt Lorentzen an ex-colleague of mine and an absolute brain on legs he describes Youzer’s goal on its GitHub page –
The goal of Youzer is to create information-rich Active Directory environments. This uses the python3 library ‘faker’ to generate random accounts.
You can either supply a wordlist or have the passwords generated.https://github.com/SpiderLabs/youzer
The generatedoption is great for testing things like hashcatrule masks. Wordlist option is useful when wanting to supply a specific password list seeded into an environment,or to practice dictionary attacks.
The output is a CSV and a PowerShell script where both can be
copied tothe target. When executed, the PowerShell script binds over LDAP so doesn’trely on the newer Active Directory modules and creates each user object. Currently the OU’s need to exist, but this tool is a sub-project of ‘Labseed’ where the Active Directory structure will be created.
Ok, so you want to give Youzer a try on your newly created Domain Controller for your lab? There are a few pre-requisites that we need to install before we can proceed.
For our environment, I used Microsoft Windows 2012 for reasons. We also need to install the following.
The first being Python 3 – https://www.python.org/ftp/python/3.7.3/python-3.7.3.exe
Once Python3 has been successfully installed we need to install the “faker” python library by issuing the following command from a command shell/powershell instance.
PS C:\Users\Administrator\> pip3 install faker
Now the faker library is installed we can move on to grabbing a password list for Youzer to utilise when generating the users passwords.
We’re now ready to start generating Youzers (see what I did there?), hopefully, by now you have created some organisational units within Active Directory. I created IT, Sales and Management
Let’s fire up Youzer and give it some parameters which I will explain…
PS C:\Users\Administrator\Downloads\youzer-master\> python youzer.py --wordlist probable-v2-top12000.txt --ou "ou=Sales,dc=EVILCORP,dc=local" --domain EVILCORP --users 500 --output sales-users.csv
Above we’ve run the Youzer script telling it the following:
–wordlist – Where our password list is located
–ou – The path to our Active Directory Organisational Unit
–domain – Our Domain
–users – How many users we’d like to generate
–output – The name of the CSV file we want to dump the data into, Youzer will then create a PowerShell script of the same name for you to run.
Youzer should have now generated your fake users.
Our output file should have also been populated with all of our newly generated users, Youzer would have also generated a PowerShell script to automate the task of taking these users and populating Active Directory.
Populating Active Directory
Now our users have been generated and the needed files created we can go ahead and launch the PowerShell script which Youzer created for us in order to populate our Active Directory.
PS C:\Users\Administrator\Downloads\youzer-master> .\sales-users.ps1
Voila, 500 users created with passwords supplied via our wordlist in a matter of minutes.
That brings us to the end of this post, I hope you found the information valuable the tool really does save time and has great potential. Having spoken to Matt Lorentzen he has some great plans coming in the near future so make sure to star the project in GitHub and keep up to date with any new developments.
Until next time.