Credit to R3dy#23 for the establishment of this envirnoment.
This project was based in part on capsulecorp-pentest and a huge shout out to R3dy for the ground work!
The WaddleCorp Pentest is a virtual network managed by Vagrant and Ansible. It contains virtual machines configured with various vulnerable services. This project can be used to learn penetration testing in a standalone environment. The primary differences between CapsuleCorp and WaddleCorp (aside from the change in theme from DBZ to Penguins) is that WaddleCorp is configured with a Kali linux machine and will be updated periodically to reflect exploits as they are researched and discovered.
Setting up a virtual network to learn penetration testing can be tedious as well as time/resource consuming. Everything in the waddlecorp environment is pretty much done for you already. Once you get Vagrant, Ansible and VirtualBox installed on your machine you only need to run a couple of vagrant commands to have a fully functioning Active Directory domain that you can use for hacking/learning/pentesting etc.
In order to use the WaddleCorp Pentest network you must have the following:
-
VirtualBox
-
Vagrant
-
Ansible
-
Quad-core CPU with 16GB RAM is recommended.
- With 8GB or less you could still use the project but only run 2 or 3 VMs at a time.
- For All VMs running at once 16GB is required.
- Active directory domain with one DC and 3 server members. All windows server have evaluation licenses, which are activated on installation (for 180 days)
- Domain Controler:
skipper.waddlecorp.local - Server 01:
vegeta.waddlecorp.local - Server 02:
kowalski.waddlecorp.local - Server 03:
rico.waddlecorp.local - Wrkstn 01:
tien.waddlecorp.local - Server 04:
private.waddlecorp.loca
- Domain Controler:
- Print Nightmare server on
private - Vulnerable Jenkins server on
vegeta - Vulnerable Apache Tomcat server on
rico - Vulnerable MSSQL server on
kowalski - Vulnerable MS17-010 on
tien - Kali Pentest Box
- Impacket
In order to manage Windows hosts you'll have to install pywinrm with pip inside the ansible virtual environment
I prefer to run ansible in a virtualenv
cd <path you are working from>
virtualenv ansible
source ansible/bin/activate
pip install ansible
pip install pywinrmIf you receive the following error
objc[3534]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called.
objc[3534]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.Apply the bandaid fix
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
For a detailed installation walkthrough check out
The first thing you should do is bring up and provision Skipper the domain controller. This system will likely take the longest to bring up because the dcpromo stuff just takes a while.
Note: if you are running vagrant with sudo. use sudo -E vagrant option to run vagrant
Bring up the VM
vagrant up skipper
Provision the VM
vagrant provision skipper
Repeat the above two commands for the other boxes or you can simply leave out machine specification to run all of them.
WARNING: running all machines is resource intensive please make sure you understand your machines specifications before doing this!
...WARNING...
This section of the provision is expected to take a while because after a dcpromo it takes a long time for the system to reboot.
TASK [promotedc : Set a static address to 172.28.128.100] **********************
changed: [skipper]
TASK [promotedc : Change hostname to skipper] *************************************
ok: [skipper]
TASK [promotedc : Install Active Directory Services] ***************************
ok: [skipper]
TASK [promotedc : Promote skipper to domain controller] ***************************
changed: [skipper]
TASK [promotedc : Reboot after promotion] **************************************Bring up the virtual machines using Vagrant. First cd into the project directory, for example: cd ~/waddlecorp-pentest. Take note of the RDP port that gets forwarded to your localhost.
vagrant up pentest
Provision the pentest machine.
vagrant provision pentest
You can access your pentest machine either using your preferred RDP client to connect to the xrdp listener or via SSH with.
vagrant ssh pentest