Penetration Testing Lab
Whether you have a fully virtual organisation consisting of several different machines or the odd virtualised box you’re using to explore or freshen up on certain skills. They’re great fun and an asset to any security tester.
Having your own lab is a great way to perform security testing techniques in a controlled environment.
If you’re attempting to build out a lab that replicates a real organisation it’s always good to do things properly. Let’s assume for this post that you’ve already built a Windows Domain Controller for your penetration testing lab.
You now need to create those virtual employees within Active Directory. Creating a few different accounts here and there is a relatively easy task I agree, but what if you want your virtual organisation to consist of hundreds of different users in different departments or organisational units, especially with real
Enter Youzer
Creating hundreds or even thousands of users is now achievable quickly and simply thanks to a tool called Youzer.
Youzer was written by Matt Lorentzen an ex-colleague of mine and an absolute brain on legs he describes Youzer’s goal on its GitHub page –
The goal of Youzer is to create information-rich Active Directory environments. This uses the python3 library ‘faker’ to generate random accounts.
You can either supply a wordlist or have the passwords generated.
https://github.com/SpiderLabs/youzerThe generated option is great for testing things likehashcat rule masks. Wordlist option is useful when wanting to supply a specific passwordl ist seeded into anenvironment, or to practice dictionary attacks.
The output is a CSV and a PowerShell script where both can becopied to the target. When executed, the PowerShell script binds over LDAPso doesn’t rely on the newer Active Directory modules and creates eachuser object . Currently the OU’s need to exist, but this tool is a sub-project of ‘Labseed’ where the Active Directory structure willbe created .
Prerequisites
Ok, so you want to give Youzer a try on your newly created Domain Controller for your lab? There are a few pre-requisites that we need to install before we can proceed.
For our environment, I used Microsoft Windows 2012 for reasons. We also need to install the following.
The first being Python 3 – https://www.python.org/ftp/python/3.7.3/python-3.7.3.exe
Once Python3 has been successfully installed we need to install the “faker” python library by issuing the following command from a command shell/powershell instance.
PS C:\Users\Administrator\> pip3 install faker
Now the faker library is installed we can move on to grabbing a password list for Youzer to utilise when generating the users passwords.
A good place to start is Daniel Miessler’s github which has a great selection of Common Passwords. When using Youzer for the first time I grabbed the Probable Top 12000.
Generating Users
We’re now ready to start generating Youzers (see what I did there?), hopefully, by now you have created some organisational units within Active Directory. I created IT, Sales and Management
Let’s fire up Youzer and give it some parameters which I will explain…
PS C:\Users\Administrator\Downloads\youzer-master\> python youzer.py --wordlist probable-v2-top12000.txt --ou "ou=Sales,dc=EVILCORP,dc=local" --domain EVILCORP --users 500 --output sales-users.csvAbove we’ve run the Youzer script telling it the following:
–wordlist – Where our password list is located
–ou – The path to our Active Directory Organisational Unit
–domain – Our Domain
–users – How many users we’d like to generate
–output – The name of the CSV file we want to dump the data into, Youzer will then create a PowerShell script of the same name for you to run.
Youzer should have now generated your fake users.
Our output file should have also been populated with all of our newly generated users, Youzer would have also generated a PowerShell script to automate the task of taking these users and populating Active Directory.
Populating Active Directory
Now our users have been generated and the needed files created we can go ahead and launch the PowerShell script which Youzer created for us in order to populate our Active Directory.
PS C:\Users\Administrator\Downloads\youzer-master> .\sales-users.ps1
Voila, 500 users created with passwords supplied via our wordlist in a matter of minutes.
That brings us to the end of this post, I hope you found the information valuable the tool really does save time and has great potential. Having spoken to Matt Lorentzen he has some great plans coming in the near future so make sure to star the project in GitHub and keep up to date with any new developments.
Until next time.