diff --git a/Packer/sandbox.json b/Packer/sandbox.json index 223f1a3..6f9c654 100644 --- a/Packer/sandbox.json +++ b/Packer/sandbox.json @@ -1,28 +1,9 @@ { - "variables": { - "iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455", - "iso_checksum_type": "sha256", - "iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso", - "autounattend": "./answer_files/10/Autounattend.xml", - "disk_size": "61440" - }, "builders": [ { - "type": "virtualbox-iso", - "vm_name": "sandbox", - "communicator": "winrm", - "iso_url": "{{user `iso_url`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "headless": false, - "boot_wait": "6m", "boot_command": "", - "winrm_username": "vagrant", - "winrm_password": "vagrant", - "winrm_timeout": "4h", - "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", - "guest_os_type": "Windows81_64", - "guest_additions_mode": "disable", + "boot_wait": "6m", + "communicator": "winrm", "disk_size": "{{user `disk_size`}}", "floppy_files": [ "{{user `autounattend`}}", @@ -39,6 +20,13 @@ "./scripts/win-updates.ps1", "./scripts/oracle-cert.cer" ], + "guest_additions_mode": "disable", + "guest_os_type": "Windows81_64", + "headless": false, + "iso_checksum": "{{user `iso_checksum_type`}}:{{user `iso_checksum`}}", + "iso_url": "{{user `iso_url`}}", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "type": "virtualbox-iso", "vboxmanage": [ [ "modifyvm", @@ -52,53 +40,64 @@ "--cpus", "2" ] - ] + ], + "vm_name": "sandbox", + "winrm_password": "vagrant", + "winrm_timeout": "4h", + "winrm_username": "vagrant" + } + ], + "post-processors": [ + { + "keep_input_artifact": false, + "output": "sandbox_{{.Provider}}.box", + "type": "vagrant" } ], "provisioners": [ { - "type": "windows-shell", - "remote_path": "/tmp/script.bat", "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"", + "remote_path": "/tmp/script.bat", "scripts": [ "./scripts/enable-rdp.bat" - ] + ], + "type": "windows-shell" }, { - "type": "powershell", "scripts": [ "./scripts/debloat-windows.ps1", "./scripts/rearm-windows.ps1", "./scripts/MakeWindows10GreatAgain.ps1" - ] + ], + "type": "powershell" }, { "type": "windows-restart" }, { - "type": "powershell", "scripts": [ "./scripts/set-powerplan.ps1", "./scripts/docker/disable-windows-defender.ps1" - ] + ], + "type": "powershell" }, { - "type": "windows-shell", - "remote_path": "/tmp/script.bat", "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"", + "remote_path": "/tmp/script.bat", "scripts": [ "./scripts/pin-powershell.bat", "./scripts/compile-dotnet-assemblies.bat", "./scripts/set-winrm-automatic.bat", "./scripts/compact.bat" - ] + ], + "type": "windows-shell" } ], - "post-processors": [ - { - "type": "vagrant", - "keep_input_artifact": false, - "output": "sandbox_{{.Provider}}.box" - } - ] -} + "variables": { + "autounattend": "./answer_files/10/Autounattend.xml", + "disk_size": "61440", + "iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455", + "iso_checksum_type": "sha256", + "iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso" + } +} \ No newline at end of file diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile index 4ab0746..ec64428 100644 --- a/Vagrant/Vagrantfile +++ b/Vagrant/Vagrantfile @@ -18,11 +18,20 @@ Vagrant.configure("2") do |config| cfg.vm.provision "shell", path: "scripts/install_python.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install_pillow.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install_agent.ps1", privileged: false + cfg.vm.provision "shell", path: "scripts/install_radare2.ps1", privileged: false + + for argument_i in 0..ENV["UPLOAD_FILES"].split(" ").length() do + upload_file_path = ENV["UPLOAD_FILES"].split(" ")[argument_i] + download_file_path = ENV["DOWNLOAD_FILES"].split(" ")[argument_i] + cfg.vm.provision "shell", path: "scripts/upload_malware.ps1", args: "#{upload_file_path} #{download_file_path}", privileged: false + end + cfg.vm.provision "shell", path: "scripts/enable_rpc.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/fix_networking.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/disable_defender.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/disable_probing.ps1", privileged: false + cfg.vm.synced_folder ".", "/vagrant", disabled: true cfg.vm.provider "virtualbox" do |vb, override| @@ -54,4 +63,4 @@ Vagrant.configure("2") do |config| vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end -end +end \ No newline at end of file diff --git a/Vagrant/scripts/install_radare2.ps1 b/Vagrant/scripts/install_radare2.ps1 new file mode 100644 index 0000000..70e6d5d --- /dev/null +++ b/Vagrant/scripts/install_radare2.ps1 @@ -0,0 +1,4 @@ +# Purpose: Install r2 from internet with choco +# This is made in order to allow malware analyst to use r2 during the analysis + +choco install --yes vcredist-all radare2 \ No newline at end of file diff --git a/Vagrant/scripts/upload_malware.ps1 b/Vagrant/scripts/upload_malware.ps1 new file mode 100644 index 0000000..3c88e9a --- /dev/null +++ b/Vagrant/scripts/upload_malware.ps1 @@ -0,0 +1 @@ +vagrant upload $args[0] $args[1] \ No newline at end of file diff --git a/build.ps1 b/build.ps1 index 58a4c99..8023ee3 100644 --- a/build.ps1 +++ b/build.ps1 @@ -1,4 +1,3 @@ - <# .Synopsis This script is used to build, deploy, and configure BoomBox @@ -19,6 +18,9 @@ .PARAMETER VagrantOnly This switch skips building packer boxes and instead builds from an existing box file. + +.PARAMETER UploadFile + Files to upload. .EXAMPLE build.ps1 -ProviderName virtualbox @@ -36,6 +38,7 @@ Param( [ValidateSet('virtualbox')] [string]$ProviderName, [string]$PackerPath = 'C:\Hashicorp\packer.exe', + [switch]$UploadFile, [switch]$PackerOnly, [switch]$VagrantOnly )