Hello,
I came here because the lab I had set up was not working as expected and after using your script I got the same error. Have you ever had this problem?

The default password routine appears to set a randomly generated password that has some complexity and is 12 chars long. This seems a bit borked from it's intended purpose.

Additionally the "default password" is set within the "password spraying" function - yet a 12 char randomly generated password is unlikely to succeed in a password spray.

But the password in the comments could be a 12 character random password (and is) yet the function is called "default password".

It just seems a little backwards, I'd expect something like a "changeme123!" or "thedomain1!" or something, not "d4pf?Ani4A7!" as a default password.

Happy to submit a pull request for the change if you think its worth the effort, just needs to wait until this evening once I get back from work.

hello i Do what they pepole say her, i open the vulnad.ps1 with notepad and delete between 20-34 lines, and again I cant do invoke to vulnad.ps1 please help me, this is the error .
please help guys

Invoke-VulnAD : The term 'Invoke-VulnAD' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

• Invoke-VulnAD -UsersLimit 100 -DomainName "omer.local"

•   + CategoryInfo          : ObjectNotFound: (Invoke-VulnAD:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
  

Hello, i'm newbie, when i run this scrip completed i dont know how start practice exploit to that AD. Should setup a workstation client then attack from that client or some thing else ? Hope you help me, thank you so much.

Hello,

I am learning AD attacks. I have questions about "vulnerable-AD" project that is it possible from anonymous users to attack and compromise cs.org domain ?. I have tried all methods but none of them works. If it has a way please give me a hint.

Thanks

When vulnad.ps1 executed , it says Invoke-VulnAD not found. Kindly see this as i have set execution policy to unrestricted and ran script as admin. Also command for creating Active directory does not work. It says CreateDNSDelegation not found .

I'm getting errors that appear to be triggered by the special characters in the banner.

I trimmed the banner and still getting ParameterArgumentValidationErrors..

If I run it using version 3.0 of powershell it appears some modules are running (PasswordSpray, DCSync, etc) but others are not.

This is a fresh install of 2016 setup as a Primary DC.

Uploaded and Ran the script on my Windows Server 2019 Domain controller. I ran the script once I already had my domain created. After deleting the banner function the script ran fine but when I went to perform a Kerberoasting attack there were no accounts configured with SPN's.

I know I can do this manually which I plan to do, just wanted to open an issue for visibility incase anyone else noticed this

It looks like script is not configuring password policy for the domain.

I got below error on "VulnAD-Kerberoasting" function. I am using "Windows Server 2016 Standard Evaluation"

[+] Kerberoasting Done
Set-AdAccountPassword : The password does not meet the length, complexity, or history requirement of the domain.
At line:5 char:9
+         Set-AdAccountPassword -Identity $randomuser -Reset -NewPasswo ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidData: (annadiane.genni:ADAccount) [Set-ADAccountPassword], ADPasswordComplexityException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1325,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword

PS C:\Users\Administrator> IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
IEX : At line:24 char:46

• ... $banner+= $Global:Spacing + '██║ ██║██║ █■...

•                                            ~~~~~~~~~~~~~~~~~~
  

Unexpected token '██║██║' in expression or statement.
At line:25 char:46

• ... $banner+= $Global:Spacing + '██║ ██║██║ █■...

•                                            ~~~~~~~~~~~~~~~~~~
  

Unexpected token '██║██║' in expression or statement.
At line:258 char:37

• Write-Good "SMB Signing Disabled"
  

•                                 ~
  

The string is missing the terminator: ".
At line:20 char:21

• function ShowBanner {

•                 ~
  

Missing closing '}' in statement block or type definition.
At line:1 char:1

• IEX((new-object net.webclient).downloadstring("https://raw.githubuser ...

•   + CategoryInfo          : ParserError: (:) [Invoke-Expression], ParseException
    + FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand
  

It looks like an error with Windows Server 2008 R2 when running IEX script

Invoke-Expression: Unexpected token 'â-^â-^â'â-^â-^â'' in expression or statement.
At line:1 char:4

• IEX <<<< ((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/
  vulnad.ps1"));
  • CategoryInfo : ParserError: (â-^â-^â'â-^â-^â':String) [Invoke-Expression], ParseException
  • FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand

Hello,

I love the idea of this project, it is great to practice.

It would have been even better if there was always a full path leveraging ACLs to go from a cracked account to domain admin :)

Regards

Test OS : Windows 2016

Invoke-VulnAD : 无法将“Invoke-VulnAD”项识别为 cmdlet、函数、脚本文件或可运行程序的名称。请检查名称的拼写，如果包括路
径，请确保路径正确，然后再试一次。
所在位置 行:1 字符: 1

• Invoke-VulnAD -UsersLimit 100 -DomainName "tdslab.local"

•   + CategoryInfo          : ObjectNotFound: (Invoke-VulnAD:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
  
  

if you didn't install Active Directory yet , you can try

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true

if you already installed Active Directory, just run the script !

IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/waz


ehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"

Hello is there Any version that can work on windows server 2016