Configuring Windows 11 for AD Testing

Configure a Windows 11 machine to be using for testing Active Directory. These scripts can either be run as a ps1 or simply pasted into an Admin terminal

Config Script (Run as Administrator)

# Set ExecutionPolicy Unsigned
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

# Disable AV
Set-MpPreference -DisableRealtimeMonitoring $true
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -Force

# Make tools folder
mkdir $env:ProgramFiles\adtools

# Install WireGaurd
wget https://download.wireguard.com/windows-client/wireguard-installer.exe -o $env:ProgramFiles\adtools\wireguard-installer.exe
$env:ProgramFiles\adtools\wireguard-installer.exe

# Download tools
wget https://github.com/61106960/adPEAS/raw/refs/heads/main/adPEAS.ps1 -o $env:ProgramFiles\adtools\adPEAS.ps1
wget https://github.com/EmpireProject/Empire/raw/refs/heads/master/data/module_source/credentials/Invoke-Kerberoast.ps1 -o $env:ProgramFiles\adtools\Invoke-Kerberoast.ps1
wget https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/refs/heads/master/PowerView/powerview.ps1 -o $env:ProgramFiles\adtools\powerview.ps1
wget https://raw.githubusercontent.com/NetSPI/PowerUpSQL/refs/heads/master/PowerUpSQL.ps1 -o $env:ProgramFiles\adtools\PowerUpSQL.ps1
wget https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/refs/heads/master/dotnet%20v4.8.1%20compiled%20binaries/Rubeus.exe -o $env:ProgramFiles\adtools\Rubeus.exe
wget https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/refs/heads/master/dotnet%20v4.8.1%20compiled%20binaries/Certify.exe -o $env:ProgramFiles\adtools\Certify.exe
wget https://github.com/SnaffCon/Snaffler/releases/download/1.0.184/Snaffler.exe -o $env:ProgramFiles\adtools\Snaffler.exe
#wget https://github.com/CompassSecurity/mssqlrelay/archive/refs/heads/main.zip -o $env:ProgramFiles\adtools\mssqlrelay.zip

# Install Scoop (Currently not needed)
#Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
#scoop install python
#scoop install git
#scoop install pipx
#pipx ensurepath


# Install Python Tools (Currently Broken)
#Expand-Archive mssqlrelay.zip -DestinationPath mssqlrelay
#pipx install .\mssqlrelay\mssqlrelay-main\

# Create PowerShell profile if it does not exsist
if (!(Test-Path $PROFILE)) {New-Item -ItemType File -Path $PROFILE -Force}

# Add tool folder to path via profile
Add-Content -Path $PROFILE -Value "`$env:PATH += ';$env:ProgramFiles\adtools'"

# Add PowerShell script dot-sourcing to Profile
Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\adPEAS.ps1`""
Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\Invoke-Kerberoast.ps1`""
Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\powerview.ps1`""
Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\PowerUpSQL.ps1`""

# Reload profile
. $PROFILE

Configure Terminal Appearance (Optional)

Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://ohmyposh.dev/install.ps1'))
oh-my-posh font install meslo
wget https://raw.githubusercontent.com/Kudostoy0u/pwsh10k/master/pwsh10k.omp.json -o $env:USERPROFILE\pwsh10k.omp.json
Add-Content -Path $PROFILE -Value "oh-my-posh init pwsh --config $env:USERPROFILE\pwsh10k.omp.json | Invoke-Expression"
Add-Content -Path $PROFILE -Value "Install-Module posh-git -Scope CurrentUser"

# Edit Windows Terminal Config
$terminalConfigPath = "$env:LOCALAPPDATA\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\settings.json"
if (Test-Path $terminalConfigPath) {
    # Read the existing JSON file
    $jsonContent = Get-Content $terminalConfigPath -Raw | ConvertFrom-Json

    # Ensure the structure exists
    if (-not $jsonContent.profiles) { $jsonContent | Add-Member -MemberType NoteProperty -Name "profiles" -Value @{} }
    if (-not $jsonContent.profiles.defaults) { $jsonContent.profiles | Add-Member -MemberType NoteProperty -Name "defaults" -Value @{} }
    if (-not $jsonContent.profiles.defaults.font) { $jsonContent.profiles.defaults | Add-Member -MemberType NoteProperty -Name "font" -Value @{} }

    # Set the font face
    $jsonContent.profiles.defaults.font.face = "MesloLGM Nerd Font"

    # Convert back to JSON and format properly
    $newJson = $jsonContent | ConvertTo-Json -Depth 10

    # Write back to the settings.json file
    $newJson | Set-Content -Path $terminalConfigPath -Encoding UTF8

    Write-Host "Windows Terminal font updated successfully."
} else {
    Write-Host "Windows Terminal settings.json file not found."
}

To-Do

Find way to leave AV enabled while adding exceptions for tooling

PreviousKerberoasting NextAs-Rep Roasting

Last updated 9 days ago

# Set ExecutionPolicy Unsigned Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser # Disable AV Set-MpPreference -DisableRealtimeMonitoring $true Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -Force # Make tools folder mkdir $env:ProgramFiles\adtools # Install WireGaurd wget https://download.wireguard.com/windows-client/wireguard-installer.exe -o $env:ProgramFiles\adtools\wireguard-installer.exe $env:ProgramFiles\adtools\wireguard-installer.exe # Download tools wget https://github.com/61106960/adPEAS/raw/refs/heads/main/adPEAS.ps1 -o $env:ProgramFiles\adtools\adPEAS.ps1 wget https://github.com/EmpireProject/Empire/raw/refs/heads/master/data/module_source/credentials/Invoke-Kerberoast.ps1 -o $env:ProgramFiles\adtools\Invoke-Kerberoast.ps1 wget https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/refs/heads/master/PowerView/powerview.ps1 -o $env:ProgramFiles\adtools\powerview.ps1 wget https://raw.githubusercontent.com/NetSPI/PowerUpSQL/refs/heads/master/PowerUpSQL.ps1 -o $env:ProgramFiles\adtools\PowerUpSQL.ps1 wget https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/refs/heads/master/dotnet%20v4.8.1%20compiled%20binaries/Rubeus.exe -o $env:ProgramFiles\adtools\Rubeus.exe wget https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/refs/heads/master/dotnet%20v4.8.1%20compiled%20binaries/Certify.exe -o $env:ProgramFiles\adtools\Certify.exe wget https://github.com/SnaffCon/Snaffler/releases/download/1.0.184/Snaffler.exe -o $env:ProgramFiles\adtools\Snaffler.exe #wget https://github.com/CompassSecurity/mssqlrelay/archive/refs/heads/main.zip -o $env:ProgramFiles\adtools\mssqlrelay.zip # Install Scoop (Currently not needed) #Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression #scoop install python #scoop install git #scoop install pipx #pipx ensurepath # Install Python Tools (Currently Broken) #Expand-Archive mssqlrelay.zip -DestinationPath mssqlrelay #pipx install .\mssqlrelay\mssqlrelay-main\ # Create PowerShell profile if it does not exsist if (!(Test-Path $PROFILE)) {New-Item -ItemType File -Path $PROFILE -Force} # Add tool folder to path via profile Add-Content -Path $PROFILE -Value "`$env:PATH += ';$env:ProgramFiles\adtools'" # Add PowerShell script dot-sourcing to Profile Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\adPEAS.ps1`"" Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\Invoke-Kerberoast.ps1`"" Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\powerview.ps1`"" Add-Content -Path $PROFILE -Value ". `"`$env:ProgramFiles\adtools\PowerUpSQL.ps1`"" # Reload profile . $PROFILE

Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://ohmyposh.dev/install.ps1')) oh-my-posh font install meslo wget https://raw.githubusercontent.com/Kudostoy0u/pwsh10k/master/pwsh10k.omp.json -o $env:USERPROFILE\pwsh10k.omp.json Add-Content -Path $PROFILE -Value "oh-my-posh init pwsh --config $env:USERPROFILE\pwsh10k.omp.json | Invoke-Expression" Add-Content -Path $PROFILE -Value "Install-Module posh-git -Scope CurrentUser" # Edit Windows Terminal Config $terminalConfigPath = "$env:LOCALAPPDATA\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\settings.json" if (Test-Path $terminalConfigPath) { # Read the existing JSON file $jsonContent = Get-Content $terminalConfigPath -Raw | ConvertFrom-Json # Ensure the structure exists if (-not $jsonContent.profiles) { $jsonContent | Add-Member -MemberType NoteProperty -Name "profiles" -Value @{} } if (-not $jsonContent.profiles.defaults) { $jsonContent.profiles | Add-Member -MemberType NoteProperty -Name "defaults" -Value @{} } if (-not $jsonContent.profiles.defaults.font) { $jsonContent.profiles.defaults | Add-Member -MemberType NoteProperty -Name "font" -Value @{} } # Set the font face $jsonContent.profiles.defaults.font.face = "MesloLGM Nerd Font" # Convert back to JSON and format properly $newJson = $jsonContent | ConvertTo-Json -Depth 10 # Write back to the settings.json file $newJson | Set-Content -Path $terminalConfigPath -Encoding UTF8 Write-Host "Windows Terminal font updated successfully." } else { Write-Host "Windows Terminal settings.json file not found." }