Victim Infrastructure - ethanhillas/Atomic-Attack-Lab GitHub Wiki

Victim Infrastructure

The victim infrastructure contains several Windows-based resources in a Windows domain, mimicking a small production deployment. The infrastructure contains the following servers:

  • Domain Controller: Windows Server 2016
  • Member Server: Windows Server 2012R2
  • Member Server: Windows Server 2016
  • Member Server: Windows Server 2019
  • Red Hat Enterprise 7.1
  • Ubuntu Bionic 18.04

Windows

The Windows Active Directory domain is configured to mimick a small production domain and is set up with the following parameters:

  • Domain name: atomic-attack.lab
  • DNS: Domain Controller
  • NTP: AWS Time Service pre-configured in Windows AMI (Currently in UTC timezone)
  • Features: RSAT AD Admin Centre, AD Domain Services, DNS Server

Windows endpoints can be connected to via RDP using the Administrator, maveric or goose accounts. An active VPN connection is required before connecting via RDP.

Windows Server 2016 (Domain Controller)

  • Hostname: JARVIS
  • IP Address: 10.0.2.5

Windows Server 2016 (Member)

  • Hostname: Mark-XVI (Mark-16)
  • IP Address: 10.0.2.6

Windows Server 2012R2 (Member)

  • Hostname: Mark-XII (Mark-12)
  • IP Address: 10.0.2.7

Windows Server 2019 (Member)

  • Hostname: Mark-XIX (Mark-19)
  • IP Address: 10.0.2.8

Domain users:

  • (DA) atomic-attack\Administrator | Atom1cAtt&ckLab
  • atomic-attack\ansible | deployment_user_01234
  • atomic-attack\maveric | I feel the need3!
  • atomic-attack\goose | the need for speed3!
  • atomic-attack\iceman | You can be my wingman anytime3!

Linux

The two Linux servers are standalone Red Hat and Ubuntu servers. They are default AMIs and use default users and have default software. Password authentication is disabled by default on AMIs, certificate authentication is allowed.

Servers can be connected to using ssh and the private key provided during the AAL setup process. An active VPN connection is required before connecting via SSH.

ssh -i <private_key> -o StrictHostKeyChecking=no <username>@<ipaddress>

Red Hat Enterprise Linux (RHEL) 7.1

  • IP Address: 10.0.2.9
  • Username: ec2-user

Ubuntu Bionic 18.04

  • IP Address: 10.0.2.10
  • Username: ubuntu
⚠️ **GitHub.com Fallback** ⚠️