#
GOAD
This is my internal notes for getting GOAD - Game of Active Directory up and running on Proxmox.
#
Install the essentials
apt update && apt install curl sudo tmux -y
curl -s https://ludus.cloud/install | bash
Server may reboot a few times and you'll lose SSH connectivity temporarily.
#
Check install status
ludus-install-status
At the end of the install you'll get an API key. Write it down! You'll need it for the next step.
#
Make an admin user
export LUDUS_API_KEY='ROOT.xxx'
ludus user add --name "Brian Johnson" --userid brian --admin --url https://127.0.0.1:8081
#
Get that user's Proxmox creds
export LUDUS_API_KEY='brian.xxx'
ludus user creds get
#
Download GOAD
sudo apt install python3.11-venv
export LUDUS_API_KEY='brian.123@xxxx'
git clone https://github.com/Orange-Cyberdefense/GOAD.git ~/GOAD
#
Install Ludus
git clone https://gitlab.com/badsectorlabs/ludus ~/ludus
cd ~/ludus/templates
#
Build VM templates - 4 at a time
Note: before you do, edit ~/GOAD/extensions/ws01/providers/ludus/config.yml
and put win10-22h2-x64-enterprise-template
as the extension instead of the Win10 template name that comes by default.
ludus templates add -d ubuntu-22.04-x64-server
ludus templates add -d win10-22h2-x64-enterprise
ludus templates add -d win2016-server-x64
ludus templates add -d win2019-server-x64
ludus templates build -p 4
Note: normally you can run ludus templates status
to check status of the template install, but this will fail if you're building multiple templates at once with the -p
flag.
#
Run GOAD
cd ~/GOAD
./goad.sh -p ludus
check
set_lab GOAD
# GOAD/GOAD-Light/NHA/SCCM/etc
install
#
Install the GOAD extensions (optional)
install_extension elk
install_extension exchange
install_extension ws01
install_extension wazuh
#
Snapshot VMs (optional)
See this guide, but in general you could snapshot the whole range with:
ludus snapshots create <snapshot-name>
#
Redeploy a range
Under review
cd ~/GOAD
./goad.sh -p ludus
list
destroy
status
install (if reinstalling)
# Revisit this. I think you might need to get into GOAD command line and then do something like:
load 322332-goad-ludus (whatever the range name is)
destroy
delete
# Then deploy a new lab, like:
set_lab NHA
install
set_ip_something 10.0.7.
#
Troubleshooting
#
Elasticsearch reset
I had an issue where Elasticsearch dashboard was all jacked up with messages like:
“Failed to retrieve privileges”
“License is not available”
“Kibana server is not ready yet”
#
Reset Elasticsearch passwords
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
#
Test the new password
curl -u elastic:NewPass2026!!! http://10.3.10.50:9200
#
Update Kibana config
In /etc/kibana/kibana.yml
add:
elasticsearch.hosts: ["http://10.3.10.50:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "NewPass2026!!!"
#
Restart services
sudo systemctl restart elasticsearch
sudo systemctl restart kibana
#
Monitor logs
sudo journalctl -u kibana -f
#
Check that dashboard are actually working
Elasticsearch accessible at http://10.3.10.50:9200
Kibana working at http://10.3.10.50:5601
#
Reinstalling just certain parts of a GOAD install
From the author:
Yes you can retry certain parts. Use `>provision_extension wazuh` to relaunch only wazuh provision once instance is selected.
#
Wazuh install
invoke-webrequest https://packages.wazuh.com/4.x/windows/wazuh-agent-4.8.2-1.msi -outfile c:\tmp\wazuh-agent
msiexec.exe /i c:\tmp\wazuh-agent /q WAZUH_MANAGER=ip.of.wazuh.box WAZUH_REGISTRATION_SERVER=ip.of.wazuh.box
#
Winlogbeat install
Sometimes Windows systems don't get the winlogbeat.zip
properly so I manually visit them from VNC console and install via PowerShell:
invoke-webrequest https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-7.17.6-windows-x86_64.zip -outfile "c:\program files\elastic\winlogbeat\winlogbeat.zip"