dreadnode · l50 · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026
diff --git a/.github/labeler.yaml b/.github/labeler.yaml
@@ -51,7 +51,9 @@ area/scripts:
 
 area/extensions:
   - changed-files:
-      - any-glob-to-any-file: "extensions/**/*"
+      - any-glob-to-any-file: "ansible/playbooks/templates/extensions/**/*"
+      - any-glob-to-any-file: "ansible/playbooks/files/extensions/**/*"
+      - any-glob-to-any-file: "providers/**/*"
 
 area/python:
   - changed-files:

diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
@@ -0,0 +1,40 @@
+---
+name: goreleaser
+on:
+  push:
+    tags:
+      - "*"
+
+env:
+  GO_VERSION: 1.26.1
+
+jobs:
+  goreleaser:
+    name: Run GoReleaser
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up git repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+
+      - name: Fetch all tags
+        run: git fetch --force --tags
+
+      - name: Set up Go
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
+        with:
+          go-version: "${{ env.GO_VERSION }}"
+          cache-dependency-path: "**/*.sum"
+
+      - name: Fix GOPATH
+        run: echo "PATH=$(go env GOPATH)/bin:$PATH" >> "$GITHUB_ENV"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,40 @@
+---
+version: 2
+
+snapshot:
+  version_template: "{{ .Version }}-next"
+
+builds:
+  - id: "dreadgoad"
+
+    binary: dreadgoad
+
+    dir: ./cli
+
+    main: .
+
+    ldflags:
+      - -s -w
+      - -X main.version={{.Summary}}
+      - -X main.commit={{.ShortCommit}}
+      - -X main.date={{.Date}}
+
+    goos:
+      - linux
+      - darwin
+
+    goarch:
+      - amd64
+      - arm
+      - arm64
+
+    goarm:
+      - "6"
+      - "7"
+
+    goamd64:
+      - v2
+      - v3
+
+    hooks:
+      pre: go mod tidy
diff --git a/.hooks/linters/ansible-lint.yaml b/.hooks/linters/ansible-lint.yaml
@@ -14,8 +14,12 @@ exclude_paths:
   - ansible/requirements_311.yml
   - template/provider/ludus/
   - playbooks.yml
-  - ansible/extensions/exchange/ansible/install.yml
-  - ansible/extensions/ws01/ansible/install.yml
+  # Extension playbooks reference roles/deps not resolvable in the linter sandbox
+  - ansible/playbooks/ext-exchange.yml
+  - ansible/playbooks/ext-guacamole.yml
+  - ansible/playbooks/ext-lx01.yml
+  - ansible/playbooks/ext-wazuh.yml
+  - ansible/playbooks/network_setup.yml
   - ansible/roles/onlyusers/
 
 skip_list:

diff --git a/.hooks/linters/markdownlint.json b/.hooks/linters/markdownlint.json
@@ -11,6 +11,7 @@
   "MD041": false,
   "MD055": false,
   "MD056": false,
+  "MD011": false,
   "MD057": false,
   "MD060": false,
   "line-length": false,

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -9,7 +9,9 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
       - id: check-added-large-files
+        exclude: 'docs/img/.*\.png$'
       - id: detect-private-key
+        exclude: 'ad/.*/files/.*'
       - id: check-shebang-scripts-are-executable
 
   - repo: https://github.com/rhysd/actionlint

diff --git a/ad/DRACARYS/README.md b/ad/DRACARYS/README.md
@@ -0,0 +1,65 @@
+# DRACARYS
+
+![DRACARYS](../../docs/img/dracarys_logo.png)
+
+- DRACARYS is written as a training challenge where GOAD was written as a lab with a maximum of vulns.
+- You should find your way in to get domain admin on the domain dracarys.lab
+- Using vagrant user is prohibited of course ^^
+- Starting point is on lx01 : `<ip_range>.12`
+- Obviously do not cheat by looking at the passwords and flags in the recipe files, the lab must start without user to full compromise.
+- If you use goad previously your ansible requirements may not be up to date. Be sure to do this before the install:
+
+```bash
+source ~/.goad/.venv/bin/activate
+cd ~/GOAD/ansible
+
+# if you python is >=3.11
+ansible-galaxy install -r requirements_311.yml
+# if you got a python <3.10
+ansible-galaxy install -r requirements.yml
+```
+
+- Install :
+
+```bash
+./goad.sh -t install -l DRACARYS -p virtualbox
+```
+
+or
+
+```bash
+./goad.sh
+> set_lab DRACARYS
+> set_provider <your_provider>
+> set_iprange 192.168.56  # select the one you want and you can skip this with ludus
+> install
+```
+
+- Once install finish disable vagrant user to avoid using it :
+
+```bash
+./goad.sh
+> load <instance_id>
+> disable_vagrant
+```
+
+- Now do a reboot of all the machine to avoid unintended secrets stored :
+
+```bash
+> stop
+> start
+```
+
+And you are ready to play ! :)
+
+- If you need to re-enable vagrant
+
+```bash
+> load <instance_id>
+> enable_vagrant
+```
+
+- If you want to create a write up of the chall, no problem, have fun. Please ping me on X (@M4yFly) or Discord, i will be happy to read it :)
+
+!!! tip
+    Be sure to get your arsenal up to date
diff --git a/ad/DRACARYS/data/config.json b/ad/DRACARYS/data/config.json
@@ -0,0 +1,170 @@
+{
+"lab" : {
+    "hosts" : {
+        "dc01" : {
+            "hostname" : "balerion",
+            "type" : "dc",
+            "local_admin_password": "8dCsfT-DJjgS3xdcp",
+            "domain" : "dracarys.lab",
+            "path" : "DC=dracarys,DC=lab",
+            "local_groups" : {
+                "Administrators" : [
+                    "dracarys\\Drogon"
+                ]
+            },
+            "scripts" : ["set_spn.ps1","wsman_kerb.ps1"],
+            "security": ["directory", "files", "ldaps"],
+            "security_vars": {
+                "directory": {
+                    "setup": "c:\\setup"
+                },
+                "files" : {
+                    "certificate" : {
+                        "src" : "dc01/ldaps.pfx",
+                        "dest" : "c:\\setup\\ldaps.pfx"
+                    }
+                },
+                "ldaps": {
+                    "certificate" : {
+                        "pfx" : "c:\\setup\\ldaps.pfx",
+                        "cert_password" : "MyStr@ngeCertP@ssword123"
+                    }
+                }
+            },
+            "vulns" : ["files", "enable_credssp_client", "schedule"],
+            "vulns_vars" : {
+                "files" : {
+                    "bot_keepass" : {
+                        "src" : "dc01/keepass_bot.ps1",
+                        "dest" : "c:\\keepass_bot.ps1"
+                    }
+                },
+                "schedule": {
+                    "bot": {
+                        "name": "keepass_bot",
+                        "cmd" : "powershell c:\\keepass_bot.ps1",
+                        "interval" : "PT1M",
+                        "multiple_instances" : "3"
+                    }
+                }
+            }
+        },
+        "srv01" : {
+            "hostname" : "vhagar",
+            "type" : "server",
+            "local_admin_password": "NgtkgtIAs75cKV+Pu",
+            "domain" : "dracarys.lab",
+            "path" : "DC=dracarys,DC=lab",
+            "use_laps": false,
+            "local_groups" : {
+                "Administrators" : [
+                    "dracarys\\Rhaegal"
+                ],
+                "Remote Desktop Users" : [
+                     "dracarys\\Rhaegal"
+                ]
+            },
+            "scripts" : [],
+            "vulns" : ["files", "enable_credssp_server", "schedule"],
+            "vulns_vars" : {
+                "files" : {
+                    "vault" : {
+                        "src" : "srv01/vault.kdbx",
+                        "dest" : "c:\\vault.kdbx"
+                    },
+                    "bot_ssh" : {
+                        "src" : "srv01/bot_ssh.ps1",
+                        "dest" : "c:\\bot_ssh.ps1"
+                    }
+                },
+                "schedule": {
+                    "bot": {
+                        "name": "bot_ssh",
+                        "cmd" : "powershell c:\\bot_ssh.ps1",
+                        "interval" : "PT1M"
+                    }
+                }
+            }
+        },
+        "lx01" : {
+              "hostname" : "syrax",
+              "type" : "server",
+              "os": "linux",
+              "local_admin_password": "HGLXaxQSP@ssw_rd$",
+              "domain" : "dracarys.lab",
+              "path" : "DC=dracarys,DC=lab",
+              "local_groups" : {
+                  "sudoers" : ["LinuxAdmins"],
+                  "ssh" : ["LinuxAdmins", "LinuxUsers"]
+              },
+              "security": [],
+              "security_vars": {},
+              "scripts" : []
+        }
+    },
+    "domains" : {
+        "dracarys.lab" : {
+            "dc": "dc01",
+            "domain_password" : "8dCsfT-DJjgS3xdcp",
+            "netbios_name": "DRACARYS",
+            "organisation_units" : {
+            },
+            "groups" : {
+                "universal" : {},
+                "global" : {
+                    "LinuxAdmins" : {
+                        "managed_by" : "drogon",
+                        "path" : "CN=Users,DC=dracarys,DC=lab"
+                    },
+                    "LinuxUsers" : {
+                        "managed_by" : "drogon",
+                        "path" : "CN=Users,DC=dracarys,DC=lab"
+                    }
+                },
+                "domainlocal" : {}
+            },
+            "multi_domain_groups_member" : {},
+            "acls" : {
+                "WriteSPN_viserion_vhagar": {"for": "viserion", "to": "vhagar$", "right": "Ext-Write-SPN", "inheritance": "None"}
+            },
+            "users" : {
+                "drogon" : {
+                    "firstname"   : "drogon",
+                    "surname"     : "-",
+                    "password"    : "sUIjHxs1i0yxZsGBreh0",
+                    "city"        : "-",
+                    "description" : "Domain admin",
+                    "groups"      : ["LinuxAdmins", "Domain Admins"],
+                    "path"        : "CN=Users,DC=dracarys,DC=lab"
+                },
+                "rhaegal" : {
+                    "firstname"   : "rhaegal",
+                    "surname"     : "-",
+                    "password"    : "ufsmcvDaFz1uEqzAtaiL",
+                    "city"        : "-",
+                    "description" : "Rhaegal",
+                    "groups"      : ["LinuxAdmins"],
+                    "path"        : "CN=Users,DC=dracarys,DC=lab"
+                },
+                "viserion" : {
+                    "firstname"   : "viserion",
+                    "surname"     : "-",
+                    "password"    : "aLHtz1WvIVmeV4Zh4CDE",
+                    "city"        : "-",
+                    "description" : "viserion",
+                    "groups"      : ["LinuxUsers"],
+                    "path"        : "CN=Users,DC=dracarys,DC=lab"
+                },
+                "sunfyre" : {
+                    "firstname"   : "sunfyre",
+                    "surname"     : "-",
+                    "password"    : "BSno5DP4tjJ4jIu8is3B",
+                    "city"        : "-",
+                    "description" : "glpi service account",
+                    "groups"      : ["LinuxUsers"],
+                    "path"        : "CN=Users,DC=dracarys,DC=lab"
+                }
+            }
+        }
+    }
+}}