I just wrapped up an Azure Government Hack-a-thon, where our team had to come up with a solution based on five different scenario choices. Now this is not a hack-a-thon from the perspective of penetration testing. It was a make-it-real type of training and challenge.

We designed and built a simple solution to automate spinning up a small network with two VMs, a front-end and back-end network security group (NSG), a web application and a SQL database. While crafting this solution I got an idea on how to utilize this solution myself. Last week I read another blog by Moti Bani at Microsoft on how to build out a security lab in Azure, but it was using Azure Resource Manager (ARM) via the portal. I wanted to build this lab, but do it from the command line interface (CLI) for Azure. I also wanted to do it from my Kali Linux system using bash. Make sure you follow his steps for configuring Active Directory, because I don't address those steps here. The following are the steps I took to prep my system and deploy this automated solution, including the bash script.

The script is available on my Github site, here.

Installing the Azure CLI

My first step was to install the Azure CLI on my Kali Linux system. Since Kali Linux is based on Debian Linux I thought I would use the apt-get method from the Azure CLI webpage. I followed the instruction, but ran into issues that I did not feel like troubleshooting. So I tried the script method and it worked great for me. I am not including those instructions here because if Microsoft make changes to the process, it is better you go to the source.

BASH Script

Now that the Azure CLI is installed, I will describe the script I am utilizing to deploy the security lab. I called the script "buildCyberRange.sh".

*Note: Use az vm image list --all --publisher MicrosoftWindowsDesktop --output table command to get a list of Microsoft Desktop Images. Use az vm image list --all --publisher MicrosoftWindowsServer --output table command to get a list of Microsoft Server Images. Use az vm image list --all --publisher kali-linus --output table command to get a list of Kali Linux Images.

#!/bin/bash
#Collect the varibles to build the environment

read -p "Enter Your Azure Username (leave blank if you are using two-factor authentication): " Username

read -p "Enter a name for the Resource Group you want to create: " myResourceGroup

read -p "Enter a Username to be used for the administrator on the VMs: " AdminUser

echo "Enter a Password to be used for the administrator on the VMs (between 12 and 123 characters): "

read -s AdminPassword

The first part of the script gets input to be utilized in the building of the lab.

#Login to Azure
if [ -z "$Username" ]; then
az login
else
az login -u $Username
fi

This checks if there was a username provide and determines if two-factor authentication will be used to log into the Azure services.

#Create a resource group.
echo "Creating Resource Group..."
az group create --name $myResourceGroup --location eastus

#Create a virtual network.
echo "Creating Virtual Network..."
az network vnet create --resource-group $myResourceGroup --name myVnet --subnet-name mySubnet --dns-servers "10.0.0.254"

##############Windows 2016 Domain Controller#####################

#Create a virtual machine.
echo "Creating Windows 2016 Domain Controller Virtual Machine..."
az vm create \
--resource-group $myResourceGroup \
--name SRV-DC01 \
--location eastus \
--image win2016datacenter \
--size Standard_DS2_v2 \
--private-ip-address "10.0.0.254" \
--storage-sku Standard_LRS \
--admin-username $AdminUser \
--admin-password $AdminPassword

#Attach a new data disk to the virtual machine.
echo "Creating and Attaching Data Disk for Domain Controller..."
az vm disk attach \
--resource-group $myResourceGroup \
--vm-name SRV-DC01 \
--disk DC01-DataDisk \
--size-gb 10 \
--sku Standard_LRS \
--caching None \
--new

#Add Active Directory role to the virtual machine
echo "Adding Active Directory Role to Domain Controller..."
az vm extension set \
--publisher Microsoft.Compute \
--version 1.8 \
--name CustomScriptExtension \
--vm-name SRV-DC01 \
--resource-group $myResourceGroup \
--settings '{"commandToExecute":"powershell.exe Install-WindowsFeature -Name AD-Domain-Services"}'

This section creates the virtual machine that will be utilized for the domain controller with a static IP address. Then creates a data disk to be utilized for Active Directory databases. Finally adds the Directory Service role to the virtual machine. FYI, the adding of this role takes awhile to complete. You may want to comment it out and do that part manually on the virtual machine.

I wanted to use the --no-wait parameter for the VM creation, but it gave me issues with adding the additional drive and role addition.

#####################Windows 10 Client#######################

#Create a virtual machine.
echo "Creating Windows 10 Virtual Machine..."
az vm create \
--resource-group $myResourceGroup \
--name WIN10 \
--location eastus \
--image "MicrosoftWindowsDesktop:Windows-10:RS3-Pro:16299.248.1" \
--size Standard_DS2_v2 \
--storage-sku Standard_LRS \
--no-wait \
--admin-username $AdminUser \
--admin-password $AdminPassword

This section creates the virtual machine to be used as a client, if needed.

#####################Windows 2012R2 Server#######################

#Create a virtual machine.
echo "Creating Windows 2012 R2 Virtual Machine..."
az vm create \
--resource-group $myResourceGroup \
--name SRV-2012 \
--location eastus \
--image Win2012Datacenter \
--size Standard_DS2_v2 \
--storage-sku Standard_LRS \
--no-wait \
--admin-username $AdminUser \
--admin-password $AdminPassword

This section creates an older server system that can be used as an application server.

#####################Kali Linux#######################

#Create a virtual machine.
echo "Creating Kali Linux Virtual Machine..."
az vm create \
--resource-group $myResourceGroup \
--name KALI \
--location eastus \
--image "kali-linux:kali-linux:kali:2017.3.0" \
--size Standard_DS2_v2 \
--storage-sku Standard_LRS \
--no-wait \
--admin-username $AdminUser \
--admin-password $AdminPassword

This section creates the attack and testing virtual machine, Kali Linux.

Be sure, no matter what you call your script. Make is executable. chmod +x buildCyberRange.sh.

If you would like to delete your security environment from CLI, just enter az group delete --name <groupName> --yes --no-wait