metasploitable3/Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  # Base configuration for the VM and provisioner
  config.vm.box = "metasploitable3"
  config.vm.hostname = "metasploitable3"
  config.vm.communicator = "winrm"

  config.vm.network "private_network", type: "dhcp"

  # Install Chocolatey
  config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"
  config.vm.provision :reload # Hack to reset environment variables

  # Install BoxStarter
  config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Install 7zip
  config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Adjust password policy
  config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Add users and add to groups
  config.vm.provision :shell, path: "scripts/configs/create_users.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Unpatched IIS and FTP
  config.vm.provision :shell, path: "scripts/installs/setup_iis.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Setup for Apache Struts
  config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :reload # Hack to reset environment variables
  config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Setup for Glassfish
  config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Jenkins (1.8)
  config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Wordpress and phpMyAdmin
  # This must run after the WAMP setup.
  config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/start_wamp.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - JMX
  config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Rails Server
  config.vm.provision :shell, path: "scripts/installs/install_ruby.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/install_devkit.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
  config.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - WebDAV
  # This must run after the WAMP setup.
  config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - MySQL
  config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - ManageEngine Desktop Central
  config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Axis2
  # This must run after the Apache Struts setup.
  config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - Common backdoors
  config.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - SNMP
  config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Configure Firewall to open up vulnerable services
  case ENV['MS3_DIFFICULTY']
  when 'easy'
    config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
  else
    config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
  end

  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Vulnerability - ElasticSearch
  # This must run after the firewall rules, because it needs to make some HTTP requests in order to
  # set up the vulnerable state.
  config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614

  # Configure flags
  config.vm.provision :shell, path: "scripts/installs/install_flags.bat"
  config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
end
Initial commit. 2016-08-30 17:53:02 +02:00			`# -- mode: ruby --`
			`# vi: set ft=ruby :`

			`Vagrant.configure("2") do \|config\|`
Update Vagrantfile to remove base file's tutorial comments. Update README.md Add LICENSE and COPYING files 2016-09-07 20:57:55 +02:00			`# Base configuration for the VM and provisioner`
Initial commit. 2016-08-30 17:53:02 +02:00			`config.vm.box = "metasploitable3"`
			`config.vm.hostname = "metasploitable3"`
			`config.vm.communicator = "winrm"`

add a private network for VM so you can communicate without port forwards 2016-10-29 01:39:36 +02:00			`config.vm.network "private_network", type: "dhcp"`

Initial commit. 2016-08-30 17:53:02 +02:00			`# Install Chocolatey`
			`config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"`
			`config.vm.provision :reload # Hack to reset environment variables`

			`# Install BoxStarter`
			`config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

			`# Install 7zip`
			`config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

			`# Adjust password policy`
			`config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

			`# Add users and add to groups`
			`config.vm.provision :shell, path: "scripts/configs/create_users.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Enable FTP on IIS for uploaded backdoors. 2016-10-06 00:25:11 +02:00			`# Vulnerability - Unpatched IIS and FTP`
Initial commit. 2016-08-30 17:53:02 +02:00			`config.vm.provision :shell, path: "scripts/installs/setup_iis.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Enable FTP on IIS for uploaded backdoors. 2016-10-06 00:25:11 +02:00			`config.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Initial commit. 2016-08-30 17:53:02 +02:00
			`# Vulnerability - Setup for Apache Struts`
			`config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :reload # Hack to reset environment variables`
			`config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

			`# Vulnerability - Setup for Glassfish`
			`config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Ensure all services start on reboot. 2016-09-15 20:25:04 +02:00			`config.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Initial commit. 2016-08-30 17:53:02 +02:00
			`# Vulnerability - Jenkins (1.8)`
			`config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

VC2008 and Wamp successfully installing. 2016-09-15 23:34:31 +02:00			`# Vulnerability - Wordpress and phpMyAdmin`
Add ElasticSearch to Metasploitable3 2016-10-26 20:33:56 +02:00			`# This must run after the WAMP setup.`
VC2008 and Wamp successfully installing. 2016-09-15 23:34:31 +02:00			`config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Some touch ups to the WAMP install. 2016-09-21 21:32:27 +02:00			`config.vm.provision :shell, path: "scripts/installs/start_wamp.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Add Wordpress vuln 2016-09-28 11:03:32 +02:00			`config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Revert "Missed a jmx reference." This reverts commit 2a3b9728ce7a9fd17b95dddd1e43c9db5c379581. 2016-09-27 23:14:54 +02:00			`# Vulnerability - JMX`
Update JMX to use OpenJDK6. 2016-09-29 00:25:17 +02:00			`config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Revert "Missed a jmx reference." This reverts commit 2a3b9728ce7a9fd17b95dddd1e43c9db5c379581. 2016-09-27 23:14:54 +02:00			`config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
VC2008 and Wamp successfully installing. 2016-09-15 23:34:31 +02:00
Add rails vuln CVE-2015-3224 to Metasploitable3 2016-10-08 08:12:11 +02:00			`# Vulnerability - Rails Server`
			`config.vm.provision :shell, path: "scripts/installs/install_ruby.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/installs/install_devkit.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
			`config.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Add WebDAV 2016-10-19 23:43:10 +02:00			`# Vulnerability - WebDAV`
Add ElasticSearch to Metasploitable3 2016-10-26 20:33:56 +02:00			`# This must run after the WAMP setup.`
Add WebDAV 2016-10-19 23:43:10 +02:00			`config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`
Add rails vuln CVE-2015-3224 to Metasploitable3 2016-10-08 08:12:11 +02:00
Add MySQL remote access for Metasploitable3 2016-10-13 21:15:04 +02:00			`# Vulnerability - MySQL`
			`config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Add ManageEngine Desktop Central Vuln to Metasploitable3 2016-10-22 01:28:21 +02:00			`# Vulnerability - ManageEngine Desktop Central`
			`config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Update VagrantFile 2016-10-19 20:52:34 +02:00			`# Vulnerability - Axis2`
Add ElasticSearch to Metasploitable3 2016-10-26 20:33:56 +02:00			`# This must run after the Apache Struts setup.`
Update VagrantFile 2016-10-19 20:52:34 +02:00			`config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Update description 2016-10-25 22:38:57 +02:00			`# Vulnerability - Common backdoors`
Add common backdoors 2016-10-25 21:48:21 +02:00			`config.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Correct firewall rule name 2016-10-25 16:59:10 +02:00			`# Vulnerability - SNMP`
			`config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Initial commit. 2016-08-30 17:53:02 +02:00			`# Configure Firewall to open up vulnerable services`
Use environment variable for setting difficulty. 2016-11-08 22:02:26 +01:00			`case ENV['MS3_DIFFICULTY']`
			`when 'easy'`
Make difficulty configurable 2016-10-28 23:04:22 +02:00			`config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"`
Use environment variable for setting difficulty. 2016-11-08 22:02:26 +01:00			`else`
Make difficulty configurable 2016-10-28 23:04:22 +02:00			`config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"`
			`end`

Initial commit. 2016-08-30 17:53:02 +02:00			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Add ElasticSearch to Metasploitable3 2016-10-26 20:33:56 +02:00			`# Vulnerability - ElasticSearch`
			`# This must run after the firewall rules, because it needs to make some HTTP requests in order to`
			`# set up the vulnerable state.`
			`config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"`
			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614`

Progress on flags 2016-09-16 18:01:57 +02:00			`# Configure flags`
			`config.vm.provision :shell, path: "scripts/installs/install_flags.bat"`
Resolve merge conflict for Vagrantfile 2016-09-22 21:27:20 +02:00			`config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a`
Add rails vuln CVE-2015-3224 to Metasploitable3 2016-10-08 08:12:11 +02:00			`end`