Windows Administrator credentials are not accepted in a fresh build
ivang-coder opened this issue · 2 comments
Description
Windows Administrator credentials are not accepted in a freshly built Windows 2016.
Steps to reproduce
This behaviour was tested on a freshly deployed AWS environment with 1x W2016 Domain Controller and 1x W2016 Client. The build was completed successfully, however the login attempts with Administrator credentials failed.
To verify, the behaviour was tested on a freshly deployed LOCAL environment with 1x W2016 Domain Controller and 1x W2016 Client. The build was completed successfully, however as with previous scenario, the login attempts with Administrator credentials failed.
Troubleshooting
During troubleshooting, vagrant/vagrant credentials were successfully used to log in to the Windows 2016 VM where Administrator account was found locked out due to the Password Complexity Policy. Once the policy was bypassed, the Administrator credentials became operational.
Upon further analysis of the build logs, it was identified that the Password Complexity Policy appears to get enforced in the last step before the final reboot.
Proposed solution
Given the issue is observed only when a non-system-generated password is used, i.e. some custom simplified password like "ChangeMe" or "ARPassword", the solutions below can help to avoid the described issue and potentially improve user experience:
- (Preferred solution) add a brief minimum password complexity requirements in the "? enter a master password for your attack_range" step, i.e. "? enter a master password for your attack_range (minimum 8 characters: one UPPERCASE, one lowercase, one numeric, and one non-alphanumeric)".
- (Alternative solution) disable the Password Complexity Policy system-wide or on the Administrator account during the build.
References
Attack Range Configuration Summary
# **python attack_range.py configure**
? select cloud provider aws
? enter a master password for your attack_range MasterPassword
? do you want to use packer for prebuilt images? Yes
> configuring attack_range settings
? detected existing key in /attack_range/root-30758.key, would you like to use it Yes
> included ssh private key: /attack_range/root-30758.key
? enter region to build in. ap-southeast-2
? enter public ips that are allowed to reach the attack_range.
Example: 218.214.216.197/32,0.0.0.0/0 0.0.0.0/0
? enter attack_range name, multiple can be build under different names in the same region ar
> using ssh key name: root-30758
> configuring attack_range environment
? shall we build a windows server Yes
? which version should it be 2016
? should the windows server be a domain controller Yes
? should we install red team tools on the windows server No
? should we install badblood on the windows server, which will populate the domain with objects Yes
? shall we build another windows server Yes
? which version should it be 2016
? should the windows server join the domain **Yes**
? should we install red team tools on the windows server **Yes**
? shall we build a linux server **Yes**
? shall we build a kali linux machine **Yes**
? shall we build nginx plus web proxy **Yes**
? shall we include Splunk SOAR **No**
This is great feedback @ivang-coder . We will add your preferred solution.
Changed the description. Thank you @ivang-coder