From 3071b424cc583ececdef20c344b4cc808534c487 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 11:29:53 +0100 Subject: [PATCH 1/9] Update CreateUsers.ps1 Configured no expiration on the user passwords --- AD_Users_Create/CreateUsers.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AD_Users_Create/CreateUsers.ps1 b/AD_Users_Create/CreateUsers.ps1 index cbdce4e..2b73d72 100644 --- a/AD_Users_Create/CreateUsers.ps1 +++ b/AD_Users_Create/CreateUsers.ps1 @@ -290,7 +290,7 @@ return $true } - new-aduser -server $setdc -Description $Description -DisplayName $name -name $name -SamAccountName $name -Surname $name -Enabled $true -Path $ouLocation -AccountPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) + new-aduser -server $setdc -Description $Description -DisplayName $name -name $name -SamAccountName $name -Surname $name -Enabled $true -Path $ouLocation -AccountPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) -passwordneverexpires $true From 8e996aa771a712ff59c18774eee2414e49042159 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 11:38:40 +0100 Subject: [PATCH 2/9] Update Invoke-BadBlood.ps1 --- Invoke-BadBlood.ps1 | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index 2bc3781..c50a004 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -28,7 +28,7 @@ param [Int32]$UserCount = 2500, [Parameter(Mandatory = $false, Position = 2, - HelpMessage = 'Supply a count for user creation default 500')] + HelpMessage = 'Supply a count for group creation default 500')] [int32]$GroupCount = 500, [Parameter(Mandatory = $false, Position = 3, @@ -45,7 +45,11 @@ param [Parameter(Mandatory = $false, Position = 6, HelpMessage = 'Make non-interactive for automation')] - [switch]$NonInteractive + [switch]$NonInteractive, + [Parameter(Mandatory = $false, + Position = 7, + HelpMessage = 'Add a few uses with weak passwords')] + [switch]$WeakPasswords ) function Get-ScriptDirectory { Split-Path -Parent $PSCommandPath @@ -198,24 +202,23 @@ if ($badblood -eq 'badblood') { .($basescriptpath + '\AD_Attack_Vectors\ASREP_NotReqPreAuth.ps1') ADREP_NotReqPreAuth -UserList $ASREPUsers - <# - write-host "Adding Weak User Passwords for a few users" -ForegroundColor Green - Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) - # get .05 percent of the all users output and asrep them - $WeakCount = [Math]::Ceiling($AllUsers.count * .02) - $WeakUsers = @() - $asrep = 1 - do { - - $WeakUsers += get-random($AllUsers) - $asrep++}while($asrep -le $WeakCount) - - .($basescriptpath + '\AD_Attack_Vectors\WeakUserPasswords.ps1') - WeakUserPasswords -UserList $WeakUsers - #> - - -} + + if ($PSBoundParameters.ContainsKey('SkipOuCreation') -eq $false) { + write-host "Adding Weak User Passwords for a few users" -ForegroundColor Green + Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) + # get .05 percent of the all users output and asrep them + $WeakCount = [Math]::Ceiling($AllUsers.count * .02) + $WeakUsers = @() + $asrep = 1 + do { + + $WeakUsers += get-random($AllUsers) + $asrep++}while($asrep -le $WeakCount) + + .($basescriptpath + '\AD_Attack_Vectors\WeakUserPasswords.ps1') + WeakUserPasswords -UserList $WeakUsers + } + } # $Definition = Get-Content Function:\CreateUser -ErrorAction Stop <# Attempt at multi threading. Issues with AD Limits and connections per user per second. @@ -351,4 +354,4 @@ if ($badblood -eq 'badblood') { } $RunspacePool.Close() $RunspacePool.Dispose() -#> \ No newline at end of file +#> From 8aac4e3641ee0c220706227562903574086a0036 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 11:47:47 +0100 Subject: [PATCH 3/9] Update Invoke-BadBlood.ps1 Added Weak Password parameter --- Invoke-BadBlood.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index c50a004..493abb0 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -203,7 +203,7 @@ if ($badblood -eq 'badblood') { .($basescriptpath + '\AD_Attack_Vectors\ASREP_NotReqPreAuth.ps1') ADREP_NotReqPreAuth -UserList $ASREPUsers - if ($PSBoundParameters.ContainsKey('SkipOuCreation') -eq $false) { + if ($PSBoundParameters.ContainsKey('WeakPasswords')) { write-host "Adding Weak User Passwords for a few users" -ForegroundColor Green Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) # get .05 percent of the all users output and asrep them From 0252cabe36d919fff5134e9177328481b9cdccbe Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 11:55:03 +0100 Subject: [PATCH 4/9] Update Invoke-BadBlood.ps1 typo --- Invoke-BadBlood.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index 493abb0..b100cd8 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -48,7 +48,7 @@ param [switch]$NonInteractive, [Parameter(Mandatory = $false, Position = 7, - HelpMessage = 'Add a few uses with weak passwords')] + HelpMessage = 'Add a few users with weak passwords')] [switch]$WeakPasswords ) function Get-ScriptDirectory { From d5ebce14a575021f1bd612ea9a2f03c34eb103c3 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 13:50:49 +0100 Subject: [PATCH 5/9] Update Invoke-BadBlood.ps1 --- Invoke-BadBlood.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index b100cd8..aaba404 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -83,6 +83,9 @@ if($NonInteractive -eq $false){ } write-host "`n" write-host "Domain size generated via parameters `n Users: $UserCount `n Groups: $GroupCount `n Computers: $ComputerCount" +if ($PSBoundParameters.ContainsKey('WeakPasswords')) { + write-host "Some of these users will have weak passwords`n. Note! Default password Group Policy does not accept these, edit as needed" +} write-host "`n" $badblood = "badblood" if($NonInteractive -eq $false){ From 684a617c10f969b52590407d3dc5df3ee638612a Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 13:55:54 +0100 Subject: [PATCH 6/9] Update Invoke-BadBlood.ps1 --- Invoke-BadBlood.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index aaba404..b62f2b7 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -84,7 +84,7 @@ if($NonInteractive -eq $false){ write-host "`n" write-host "Domain size generated via parameters `n Users: $UserCount `n Groups: $GroupCount `n Computers: $ComputerCount" if ($PSBoundParameters.ContainsKey('WeakPasswords')) { - write-host "Some of these users will have weak passwords`n. Note! Default password Group Policy does not accept these, edit as needed" + write-host " -> Some of these users will have weak passwords.`n Note! Default password Group Policy does not accept these, edit as needed" } write-host "`n" $badblood = "badblood" From e29974e6ff5a8b5c6529145da25cbee21a59c751 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 14:23:02 +0100 Subject: [PATCH 7/9] Update Invoke-BadBlood.ps1 Formatting Output --- Invoke-BadBlood.ps1 | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index b62f2b7..e060cd8 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -192,10 +192,11 @@ if ($badblood -eq 'badblood') { .($basescriptpath + '\AD_Attack_Vectors\AD_SPN_Randomizer\CreateRandomSPNs.ps1') CreateRandomSPNs -SPNCount 50 - write-host "Adding ASREP for a few users" -ForegroundColor Green - Write-Progress -Activity "Adding ASREP Now" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) # get .05 percent of the all users output and asrep them $ASREPCount = [Math]::Ceiling($AllUsers.count * .05) + write-host "Adding ASREP for $ASREPCount users" -ForegroundColor Green + Write-Progress -Activity "Adding ASREP Now" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) + $ASREPUsers = @() $asrep = 1 do { @@ -207,16 +208,16 @@ if ($badblood -eq 'badblood') { ADREP_NotReqPreAuth -UserList $ASREPUsers if ($PSBoundParameters.ContainsKey('WeakPasswords')) { - write-host "Adding Weak User Passwords for a few users" -ForegroundColor Green - Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) - # get .05 percent of the all users output and asrep them + # get .02 percent of all users and set weak passwords $WeakCount = [Math]::Ceiling($AllUsers.count * .02) + write-host "Adding Weak User Passwords for $WeakCount users" -ForegroundColor Green + Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) $WeakUsers = @() - $asrep = 1 + $weakcount = 1 do { $WeakUsers += get-random($AllUsers) - $asrep++}while($asrep -le $WeakCount) + $weakcount++}while($weakcount -le $WeakCount) .($basescriptpath + '\AD_Attack_Vectors\WeakUserPasswords.ps1') WeakUserPasswords -UserList $WeakUsers From 98550bea7912ba7321b29beab8c0555f00253621 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 15:55:35 +0100 Subject: [PATCH 8/9] Update Invoke-BadBlood.ps1 Fixed some PowerShell cases and a count bug --- Invoke-BadBlood.ps1 | 57 ++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index e060cd8..2ff735e 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -55,38 +55,38 @@ function Get-ScriptDirectory { Split-Path -Parent $PSCommandPath } $basescriptPath = Get-ScriptDirectory -$totalscripts = 8 +$totalscripts = 9 $i = 0 Clear-host -write-host "Welcome to BadBlood" +Write-Host "Welcome to BadBlood" if($NonInteractive -eq $false){ Write-Host 'Press any key to continue...'; - write-host "`n" + Write-Host "`n" $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown'); } -write-host "The first tool that absolutely mucks up your TEST domain" -write-host "This tool is never meant for production and can totally screw up your domain" +Write-Host "The first tool that absolutely mucks up your TEST domain" +Write-Host "This tool is never meant for production and can totally screw up your domain" if($NonInteractive -eq $false){ Write-Host 'Press any key to continue...'; - write-host "`n" + Write-Host "`n" $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown'); } Write-Host 'Press any key to continue...'; -write-host "You are responsible for how you use this tool. It is intended for personal use only" -write-host "This is not intended for commercial use" +Write-Host "You are responsible for how you use this tool. It is intended for personal use only" +Write-Host "This is not intended for commercial use" if($NonInteractive -eq $false){ Write-Host 'Press any key to continue...'; - write-host "`n" + Write-Host "`n" $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown'); } -write-host "`n" -write-host "Domain size generated via parameters `n Users: $UserCount `n Groups: $GroupCount `n Computers: $ComputerCount" +Write-Host "`n" +Write-Host "Domain size generated via parameters `n Users: $UserCount `n Groups: $GroupCount `n Computers: $ComputerCount" if ($PSBoundParameters.ContainsKey('WeakPasswords')) { - write-host " -> Some of these users will have weak passwords.`n Note! Default password Group Policy does not accept these, edit as needed" + Write-Host " -> Some of these users will have weak passwords.`n Note! Default password Group Policy does not accept these, edit as needed" } -write-host "`n" +Write-Host "`n" $badblood = "badblood" if($NonInteractive -eq $false){ @@ -122,7 +122,7 @@ if ($badblood -eq 'badblood') { # User Creation $ousAll = Get-adorganizationalunit -filter * - write-host "Creating Users on Domain" -ForegroundColor Green + Write-Host "Creating Users on Domain" -ForegroundColor Green Write-Progress -Activity "Random Stuff into A domain - Creating Users" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) @@ -136,9 +136,9 @@ if ($badblood -eq 'badblood') { $x++ }while ($x -lt $UserCount) - #Group Creation - $AllUsers = Get-aduser -Filter * - write-host "Creating Groups on Domain" -ForegroundColor Green + #Group Creation + $AllUsers = Get-ADUser -Filter * + Write-Host "Creating Groups on Domain" -ForegroundColor Green $x = 1 Write-Progress -Activity "Random Stuff into A domain - Creating $GroupCount Groups" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) @@ -155,7 +155,7 @@ if ($badblood -eq 'badblood') { $LocalGroupList = Get-ADGroup -Filter { GroupScope -eq "domainlocal" } -Properties isCriticalSystemObject #Computer Creation Time - write-host "Creating Computers on Domain" -ForegroundColor Green + Write-Host "Creating Computers on Domain" -ForegroundColor Green $X = 1 Write-Progress -Activity "Random Stuff into A domain - Creating Computers" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) @@ -171,14 +171,14 @@ if ($badblood -eq 'badblood') { #Permission Creation of ACLs $I++ - write-host "Creating Permissions on Domain" -ForegroundColor Green + Write-Host "Creating Permissions on Domain" -ForegroundColor Green Write-Progress -Activity "Random Stuff into A domain - Creating Random Permissions" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) .($basescriptPath + '\AD_Permissions_Randomizer\GenerateRandomPermissions.ps1') # Nesting of objects $I++ - write-host "Nesting objects into groups on Domain" -ForegroundColor Green + Write-Host "Nesting objects into groups on Domain" -ForegroundColor Green .($basescriptPath + '\AD_Groups_Create\AddRandomToGroups.ps1') Write-Progress -Activity "Random Stuff into A domain - Adding Stuff to Stuff and Things" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) AddRandomToGroups -Domain $Domain -Userlist $AllUsers -GroupList $Grouplist -LocalGroupList $LocalGroupList -complist $Complist @@ -187,14 +187,14 @@ if ($badblood -eq 'badblood') { # SPN Generation $I++ - write-host "Adding random SPNs to a few User and Computer Objects" -ForegroundColor Green + Write-Host "Adding random SPNs to a few User and Computer Objects" -ForegroundColor Green Write-Progress -Activity "SPN Stuff Now" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) .($basescriptpath + '\AD_Attack_Vectors\AD_SPN_Randomizer\CreateRandomSPNs.ps1') CreateRandomSPNs -SPNCount 50 # get .05 percent of the all users output and asrep them $ASREPCount = [Math]::Ceiling($AllUsers.count * .05) - write-host "Adding ASREP for $ASREPCount users" -ForegroundColor Green + Write-Host "Adding ASREP for $ASREPCount users" -ForegroundColor Green Write-Progress -Activity "Adding ASREP Now" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) $ASREPUsers = @() @@ -207,21 +207,24 @@ if ($badblood -eq 'badblood') { .($basescriptpath + '\AD_Attack_Vectors\ASREP_NotReqPreAuth.ps1') ADREP_NotReqPreAuth -UserList $ASREPUsers + $I++ + # Weak Passwords if ($PSBoundParameters.ContainsKey('WeakPasswords')) { # get .02 percent of all users and set weak passwords $WeakCount = [Math]::Ceiling($AllUsers.count * .02) - write-host "Adding Weak User Passwords for $WeakCount users" -ForegroundColor Green + Write-Host "Adding Weak User Passwords for $WeakCount users" -ForegroundColor Green Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) $WeakUsers = @() - $weakcount = 1 + $weak = 1 do { $WeakUsers += get-random($AllUsers) - $weakcount++}while($weakcount -le $WeakCount) + $weak++}while($weak -le $WeakCount) .($basescriptpath + '\AD_Attack_Vectors\WeakUserPasswords.ps1') WeakUserPasswords -UserList $WeakUsers } + Write-Host "All done" } # $Definition = Get-Content Function:\CreateUser -ErrorAction Stop <# @@ -270,7 +273,7 @@ if ($badblood -eq 'badblood') { $I++ $AllUsers = Get-aduser -Filter * Write-Progress -Activity "Random Stuff into A domain - Creating Groups" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) - write-host "Creating Groups on Domain" -ForegroundColor Green + Write-Host "Creating Groups on Domain" -ForegroundColor Green $x = 1 .($basescriptPath + '\AD_Groups_Create\CreateGroup.ps1') @@ -321,7 +324,7 @@ if ($badblood -eq 'badblood') { $LocalGroupList = Get-ADGroup -Filter { GroupScope -eq "domainlocal" } -Properties isCriticalSystemObject #Computer Creation Time - write-host "Creating Computers on Domain" -ForegroundColor Green + Write-Host "Creating Computers on Domain" -ForegroundColor Green $I++ $X = 1 $Jobs = @() From 583b4766c0b21fc42d6ac3a34104cd41614daa71 Mon Sep 17 00:00:00 2001 From: Tijl Deneut Date: Sat, 15 Jan 2022 16:06:27 +0100 Subject: [PATCH 9/9] Update Invoke-BadBlood.ps1 For some reason the progress bar blocks the script from running --- Invoke-BadBlood.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Invoke-BadBlood.ps1 b/Invoke-BadBlood.ps1 index 2ff735e..4d41dbe 100644 --- a/Invoke-BadBlood.ps1 +++ b/Invoke-BadBlood.ps1 @@ -55,7 +55,7 @@ function Get-ScriptDirectory { Split-Path -Parent $PSCommandPath } $basescriptPath = Get-ScriptDirectory -$totalscripts = 9 +$totalscripts = 8 $i = 0 Clear-host @@ -213,7 +213,7 @@ if ($badblood -eq 'badblood') { # get .02 percent of all users and set weak passwords $WeakCount = [Math]::Ceiling($AllUsers.count * .02) Write-Host "Adding Weak User Passwords for $WeakCount users" -ForegroundColor Green - Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) + #Write-Progress -Activity "Adding Weak User Passwords" -Status "Progress:" -PercentComplete ($i / $totalscripts * 100) $WeakUsers = @() $weak = 1 do {