Add r2 support and malware uploading

Packer/sandbox.json

@@ -1,28 +1,9 @@
 {
-  "variables": {
-    "iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455",
-    "iso_checksum_type": "sha256",
-    "iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
-    "autounattend": "./answer_files/10/Autounattend.xml",
-    "disk_size": "61440"
-  },
   "builders": [
     {
-      "type": "virtualbox-iso",
-      "vm_name": "sandbox",
-      "communicator": "winrm",
-      "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
-      "iso_checksum": "{{user `iso_checksum`}}",
-      "headless": false,
-      "boot_wait": "6m",
       "boot_command": "",
-      "winrm_username": "vagrant",
-      "winrm_password": "vagrant",
-      "winrm_timeout": "4h",
-      "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
-      "guest_os_type": "Windows81_64",
-      "guest_additions_mode": "disable",
+      "boot_wait": "6m",
+      "communicator": "winrm",
       "disk_size": "{{user `disk_size`}}",
       "floppy_files": [
         "{{user `autounattend`}}",
@@ -39,6 +20,13 @@
         "./scripts/win-updates.ps1",
         "./scripts/oracle-cert.cer"
       ],
+      "guest_additions_mode": "disable",
+      "guest_os_type": "Windows81_64",
+      "headless": false,
+      "iso_checksum": "{{user `iso_checksum_type`}}:{{user `iso_checksum`}}",
+      "iso_url": "{{user `iso_url`}}",
+      "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
+      "type": "virtualbox-iso",
       "vboxmanage": [
         [
           "modifyvm",
@@ -52,53 +40,64 @@
           "--cpus",
           "2"
         ]
-      ]
+      ],
+      "vm_name": "sandbox",
+      "winrm_password": "vagrant",
+      "winrm_timeout": "4h",
+      "winrm_username": "vagrant"
+    }
+  ],
+  "post-processors": [
+    {
+      "keep_input_artifact": false,
+      "output": "sandbox_{{.Provider}}.box",
+      "type": "vagrant"
     }
   ],
   "provisioners": [
     {
-      "type": "windows-shell",
-      "remote_path": "/tmp/script.bat",
       "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
+      "remote_path": "/tmp/script.bat",
       "scripts": [
         "./scripts/enable-rdp.bat"
-      ]
+      ],
+      "type": "windows-shell"
     },
     {
-      "type": "powershell",
       "scripts": [
         "./scripts/debloat-windows.ps1",
         "./scripts/rearm-windows.ps1",
         "./scripts/MakeWindows10GreatAgain.ps1"
-      ]
+      ],
+      "type": "powershell"
     },
     {
       "type": "windows-restart"
     },
     {
-      "type": "powershell",
       "scripts": [
         "./scripts/set-powerplan.ps1",
         "./scripts/docker/disable-windows-defender.ps1"
-      ]
+      ],
+      "type": "powershell"
     },
     {
-      "type": "windows-shell",
-      "remote_path": "/tmp/script.bat",
       "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
+      "remote_path": "/tmp/script.bat",
       "scripts": [
         "./scripts/pin-powershell.bat",
         "./scripts/compile-dotnet-assemblies.bat",
         "./scripts/set-winrm-automatic.bat",
         "./scripts/compact.bat"
-      ]
+      ],
+      "type": "windows-shell"
     }
   ],
-  "post-processors": [
-    {
-      "type": "vagrant",
-      "keep_input_artifact": false,
-      "output": "sandbox_{{.Provider}}.box"
-    }
-  ]
-}
+  "variables": {
+    "autounattend": "./answer_files/10/Autounattend.xml",
+    "disk_size": "61440",
+    "iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455",
+    "iso_checksum_type": "sha256",
+    "iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso"
+  }
+}

Vagrant/Vagrantfile

@@ -18,11 +18,20 @@ Vagrant.configure("2") do |config|
     cfg.vm.provision "shell", path: "scripts/install_python.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install_pillow.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/install_agent.ps1", privileged: false
+	cfg.vm.provision "shell", path: "scripts/install_radare2.ps1", privileged: false
+
+	for argument_i in 0..ENV["UPLOAD_FILES"].split(" ").length() do
+      upload_file_path = ENV["UPLOAD_FILES"].split(" ")[argument_i]
+	  download_file_path = ENV["DOWNLOAD_FILES"].split(" ")[argument_i]
+	  cfg.vm.provision "shell", path: "scripts/upload_malware.ps1", args: "#{upload_file_path} #{download_file_path}", privileged: false
+	end
+
     cfg.vm.provision "shell", path: "scripts/enable_rpc.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/fix_networking.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/disable_defender.ps1", privileged: false
     cfg.vm.provision "shell", path: "scripts/disable_probing.ps1", privileged: false
 
+
     cfg.vm.synced_folder ".", "/vagrant", disabled: true
 
     cfg.vm.provider "virtualbox" do |vb, override|
@@ -54,4 +63,4 @@ Vagrant.configure("2") do |config|
       vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
     end
   end
-end
+end

Vagrant/scripts/install_radare2.ps1

@@ -0,0 +1,4 @@
+# Purpose: Install r2 from internet with choco
+# This is made in order to allow malware analyst to use r2 during the analysis
+
+choco install --yes vcredist-all radare2

Vagrant/scripts/upload_malware.ps1

@@ -0,0 +1 @@
+vagrant upload $args[0] $args[1]

build.ps1

@@ -1,4 +1,3 @@
-
 <#
 .Synopsis
   This script is used to build, deploy, and configure BoomBox
@@ -19,6 +18,9 @@
 
 .PARAMETER VagrantOnly
   This switch skips building packer boxes and instead builds from an existing box file.
+
+.PARAMETER UploadFile
+  Files to upload.
 
 .EXAMPLE
   build.ps1 -ProviderName virtualbox
@@ -36,6 +38,7 @@ Param(
   [ValidateSet('virtualbox')]
   [string]$ProviderName,
   [string]$PackerPath = 'C:\Hashicorp\packer.exe',
+  [switch]$UploadFile,
   [switch]$PackerOnly,
   [switch]$VagrantOnly
 )