search

Tunneling Windows VM to Target Environment (WireGuard)

There have been many cases where I needed a to use a Windows machine on internal tests but only had access to a Linux VM internally. Most of the time, I need a Windows VM the most when doing Active Directory testing and running into tooling issue on Linux. One option is to turn the Linux machine into a WireGuard VPN server and connect via a Windows VM. Once you have the connection, you can use the windows runas command to launch a PowerShell session as an authenticated domain user in the client environment.

Example Windows VM with Active AD Session in Foreign Environment

hashtag
Setup WireGuard VPN on Internal Network (Kali Linux)

hashtag
Install WireGuard

hashtag
Generate Keys

hashtag
Create Server Config

hashtag
Create Client Config

hashtag
Configure Network Adaptor

circle-info

The above assumes you are using eth0 as your primary network adaptor in the client environment.

circle-exclamation

Note that the above setup will not be persistent across reboots! In order to restart the VPN service, run sudo wg-quick up wg0 after a reboot. This is by design since I don’t want random VPNs active client devices. Make sure to reboot the Linux client device or shutdown the VPN once the test is complete.

hashtag
Configure Client (Windows VM)

hashtag
Install WireGuard Client (PowerShell)

hashtag
Configure VPN Profile

Create VPN Profile in WireGuard VPN (Windows)
circle-info

Paste in the contents of client.conf that was created during the sever setup

Example Config (Templated)

hashtag
Test VPN Access

After activating the WireGuard VPN profile, test the connect using the following command.

hashtag
Launch Shell as Domain User

circle-info

This technique of launching shells as AD user in non-AD connected system was originally found in the SharpHound Documentationarrow-up-right

Active AD Session in Foreign Environment

PreviousConfiguring Windows 11 for AD TestingNextInveigh

Last updated