github
/
metasploitable3
mirror of https://github.com/rapid7/metasploitable3
1
Fork 0
Code Releases Activity

Merge branch 'master' of github.com:rapid7/metasploitable3-ctf

This commit is contained in:
wchen-r7 2017-07-28 00:42:47 -05:00
parent e452ddd332 21f5bb6219
commit 54f4b66869
53 changed files with 1160 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -3,7 +3,7 @@ packer_cache/
*.exe
*.msi
*.msu
*.DS_Store
resources/manageengine/setup.log
windows_2008_r2_virtualbox.box
windows_2008_r2_vmware.box

6
README.md
View File

@ -13,7 +13,7 @@ System Requirements:
Requirements:
* [Packer](https://www.packer.io/intro/getting-started/setup.html)
* [Packer](https://www.packer.io/intro/getting-started/install.html)
* [Vagrant](https://www.vagrantup.com/docs/installation/) NOTE: Currently 1.9.1 is recommended as there are build issues with newer versions.
* [Vagrant Reload Plugin](https://github.com/aidanns/vagrant-reload#installation)
* [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
@ -28,8 +28,8 @@ To build automatically:
To build manually:
1. Clone this repo and navigate to the main directory.
2. Build the base VM image by running `packer build windows_2008_r2.json`. This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add windows_2008_r2_virtualbox.box --name=metasploitable3`.
2. Build the base VM image by running `packer build --only=<provider> windows_2008_r2.json` where `<provider>` is your preferred virtualization platform. Currently `virtualbox-iso` and `vmware-iso` are supported. This will take a while the first time you run it since it has to download the OS installation ISO.
3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add windows_2008_r2_<provider>.box --name=metasploitable3`.
4. Use `vagrant plugin install vagrant-reload` to install the reload vagrant provisioner if you haven't already.
5. To start the VM, run the command `vagrant up`. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.

115
Vagrantfile vendored
View File

@ -6,126 +6,17 @@ Vagrant.configure("2") do |config|
config.vm.box = "metasploitable3"
config.vm.hostname = "metasploitable3"
config.vm.communicator = "winrm"
config.winrm.retry_limit = 60
config.winrm.retry_delay = 10
config.vm.network "private_network", type: "dhcp"
# Install Chocolatey
config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"
config.vm.provision :reload # Hack to reset environment variables
# Install BoxStarter
config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Install 7zip
config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Adjust password policy
config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Add users and add to groups
config.vm.provision :shell, path: "scripts/configs/create_users.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Unpatched IIS and FTP
config.vm.provision :shell, path: "scripts/installs/setup_iis.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Apache Struts
config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :reload # Hack to reset environment variables
config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Glassfish
config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Jenkins (1.8)
config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Wordpress and phpMyAdmin
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - JMX
config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Rails Server
config.vm.provision :shell, path: "scripts/installs/install_ruby.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_devkit.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - WebDAV
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - MySQL
config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ManageEngine Desktop Central
config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Axis2
# This must run after the Apache Struts setup.
config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Common backdoors
config.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - SNMP
config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure Firewall to open up vulnerable services
case ENV['MS3_DIFFICULTY']
when 'easy'
config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
else
config.vm.provision :shell, path: "scripts/configs/enable_firewall.bat"
config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
end
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ElasticSearch
# This must run after the firewall rules, because it needs to make some HTTP requests in order to
# set up the vulnerable state.
config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure flags
config.vm.provision :shell, path: "scripts/installs/install_flags.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
end

28
answer_files/2008_r2/Autounattend.xml
View File

@ -36,6 +36,7 @@
<!-- Do not uncomment the Key element if you are using trial ISOs -->
<!-- You must uncomment the Key element (and optionally insert your own key) if you are using retail or volume license ISOs -->
<!--<Key>YC6KT-GKW9T-YTKYR-T4X34-R7VHC</Key>-->
<WillShowUI>Never</WillShowUI>
</ProductKey>
</UserData>
@ -249,13 +250,28 @@
<Order>25</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
<!-- WITHOUT WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine>
<Description>Install OpenSSH</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<CommandLine>cmd.exe /c mkdir -p C:\vagrant\scripts</CommandLine>
<Description>Create directory for vagrant files to avoid provisioner bug with packer.</Description>
<Order>26</Order>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\install_dotnet45.ps1 -AutoStart</CommandLine>
<Order>97</Order>
<Description>Install .NET 4.5.1</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\install_wmf.ps1 -AutoStart</CommandLine>
<Order>98</Order>
<Description>Installing Windows Management Framework 5.0</Description>
</SynchronousCommand>
<!--WITHOUT WINDOWS UPDATES -->
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart</CommandLine>
<Description>Install OpenSSH</Description>
<Order>99</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<!-- END WITHOUT WINDOWS UPDATES -->
<!-- WITH WINDOWS UPDATES -->
<!--<SynchronousCommand wcm:action="add">-->

2
build_win2008.ps1
View File

@ -99,7 +99,7 @@ If ($(Test-Path "windows_2008_r2_virtualbox.box") -eq $True) {
Write-Host "It looks like the Vagrant box already exists. Skipping the Packer build."
} else {
Write-Host "Building the Vagrant box..."
cmd.exe /c packer build windows_2008_r2.json
cmd.exe /c packer build --only=virtualbox-iso windows_2008_r2.json
if($?) {
Write-Host "Box successfully built by Packer."

2
build_win2008.sh
View File

@ -101,7 +101,7 @@ if ls | grep -q 'windows_2008_r2_virtualbox.box'; then
echo "It looks like the vagrant box already exists. Skipping the Packer build."
else
echo "Building the Vagrant box..."
if $packer_bin build windows_2008_r2.json; then
if $packer_bin build --only=virtualbox-iso windows_2008_r2.json; then
echo "Box successfully built by Packer."
else
echo "Error building the Vagrant box using Packer. Please check the output above for any error messages."

8
chef/cookbooks/metasploitable/test/windows/7zip.rb Normal file
View File

@ -0,0 +1,8 @@
control "7zip" do
title "Check 7zip"
desc "Check if choco installed 7zip. Installation script available at /scripts/chocolatey_installs/7zip.bat"
describe file('C:\\ProgramData\\chocolatey\\bin\\7z.exe') do
it { should exist }
end
end

21
chef/cookbooks/metasploitable/test/windows/apache_struts.rb Normal file
View File

@ -0,0 +1,21 @@
control "apache-struts" do
title "Check if apache struts is running"
desc "Check if the service is running. Installation script available at /scripts/installs/setup_apache_struts.bat"
describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\conf\\tomcat-users.xml') do
it { should exist }
end
describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\conf\\server.xml') do
it { should exist }
end
describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\webapps\\struts2-rest-showcase.war') do
it { should exist }
end
describe port('8282') do
it { should be_listening }
end
end

16
chef/cookbooks/metasploitable/test/windows/axis2.rb Normal file
View File

@ -0,0 +1,16 @@
control "axis2" do
title "Axis 2"
desc "Check if Axis 2 webapp is installed. Installation script available at /scripts/installs/setup_axis2.bat"
describe file('C:\\axis2') do
it { should_not exist }
end
describe file('C:\\Program Files\\Apache Software Foundation\\tomcat\\apache-tomcat-8.5.12\\webapps\\axis2') do
it { should exist }
end
describe port('8282') do
it { should be_listening }
end
end

16
chef/cookbooks/metasploitable/test/windows/backdoors.rb Normal file
View File

@ -0,0 +1,16 @@
control "backdoors" do
title "Backdoors"
desc "Check if the backdoors are correctly placed. Installation script present at: /scripts/installs/install_backdoors.bat"
describe file('C:\\inetpub\\wwwroot\\caidao.asp') do
it { should exist }
end
describe file('C:\\wamp\\www\\mma.php') do
it { should exist }
end
describe file('C:\\wamp\\www\\meterpreter.php') do
it { should exist }
end
end

12
chef/cookbooks/metasploitable/test/windows/boxstarter.rb Normal file
View File

@ -0,0 +1,12 @@
control "boxstarter" do
title "Check BoxStarter"
desc "Check if BoxStarter is installed successfully"
describe file('C:\\Users\\vagrant\\AppData\\Roaming\\Boxstarter') do
it { should exist }
end
describe file('C:\\Users\\vagrant\\AppData\\Roaming\\Boxstarter\\BoxstarterShell.ps1') do
it { should exist }
end
end

8
chef/cookbooks/metasploitable/test/windows/choco.rb Normal file
View File

@ -0,0 +1,8 @@
control "choco" do
title "Check chocolatey"
desc "Checks if chocolatey has been installed successfully"
describe command('choco --version') do
its(:exit_status) { should eq 0 }
end
end

117
chef/cookbooks/metasploitable/test/windows/create_users.rb Normal file
View File

@ -0,0 +1,117 @@
control "check-accounts" do
title "Check user accounts"
desc "This test is to make sure that all the user accounts are created and are assigned to correct localgroups"
describe user('anakin_skywalker') do
it { should exist }
its('groups') { should eq ["Network Configuration Operators", "Users"] }
end
describe user('artoo_detoo') do
it { should exist }
its('groups') { should eq ["Distributed COM Users", "Users"] }
end
describe user('ben_kenobi') do
it { should exist }
its('groups') { should eq ["Guests", "Users"] }
end
describe user('boba_fett') do
it { should exist }
its('groups') { should eq ["Power Users", "Users"] }
end
describe user('c_three_pio') do
it { should exist }
its('groups') { should eq ["Event Log Readers", "Users"] }
end
describe user('chewbacca') do
it { should exist }
its('groups') { should eq ["Replicator", "Users"] }
end
describe user('darth_vader') do
it { should exist }
its('groups') { should eq ["IIS_IUSRS", "Users"] }
end
describe user('greedo') do
it { should exist }
its('groups') { should eq ["Remote Desktop Users", "Users"] }
end
describe user('han_solo') do
it { should exist }
its('groups') { should eq ["Cryptographic Operators", "Users"] }
end
describe user('jabba_hutt') do
it { should exist }
its('groups') { should eq ["Print Operators", "Users"] }
end
describe user('jarjar_binks') do
it { should exist }
its('groups') { should eq ["Performance Log Users", "Users"] }
end
describe user('kylo_ren') do
it { should exist }
its('groups') { should eq ["Users"] }
end
describe user('lando_calrissian') do
it { should exist }
its('groups') { should eq ["Performance Monitor Users", "Users"] }
end
describe user('leia_organa') do
it { should exist }
its('groups') { should eq ["Backup Operators", "Users"] }
end
describe user('luke_skywalker') do
it { should exist }
its('groups') { should eq ["Certificate Service DCOM Access", "Users"] }
end
describe user('sshd') do
it { should exist }
its('groups') { should eq ["Users"] }
end
describe user('sshd_server') do
it { should exist }
its('groups') { should eq ["Administrators", "Users"] }
end
describe user('vagrant') do
it { should exist }
its('groups') { should eq ["Administrators", "Users"] }
end
end
control "reg-user-add" do
title "Check user registry entries"
desc "Check if the registry was updated with the new users and their groups. Configuration script available at /scripts/configs/create_users.bat"
describe registry_key('HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList') do
its('anakin_skywalker') { should eq 0 }
its('artoo_detoo') { should eq 0 }
its('ben_kenobi') { should eq 0 }
its('boba_fett') { should eq 0 }
its('c_three_pio') { should eq 0 }
its('chewbacca') { should eq 0 }
its('darth_vader') { should eq 0 }
its('greedo') { should eq 0 }
its('han_solo') { should eq 0 }
its('jabba_hutt') { should eq 0 }
its('jarjar_binks') { should eq 0 }
its('kylo_ren') { should eq 0 }
its('lando_calrissian') { should eq 0 }
its('leia_organa') { should eq 0 }
its('luke_skywalker') { should eq 0 }
end
end

16
chef/cookbooks/metasploitable/test/windows/devkit.rb Normal file
View File

@ -0,0 +1,16 @@
control "devkit" do
title "Rails Server - DevKit"
desc "Check if the rails server has installed along with devkit. Check the installation script at /scripts/installs/install_devkit.bat"
describe file('C:\\Program Files\\Rails_Server') do
it { should exist }
end
describe file('C:\\Program Files\\Rails_Server\\devkit') do
it { should exist }
end
describe port('3000') do
it { should be_listening }
end
end

8
chef/cookbooks/metasploitable/test/windows/disable_auto_logon.rb Normal file
View File

@ -0,0 +1,8 @@
control "disable-auto-logon" do
title "Disable Auto Logon"
desc "Check if the registry is updated to disable auto logon. Configuration script available at /scripts/configs/disable-auto-logon.bat"
describe command('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon') do
its('stdout') { should match ("AutoAdminLogon REG_SZ 0") }
end
end

9
chef/cookbooks/metasploitable/test/windows/disable_firewall.rb Normal file
View File

@ -0,0 +1,9 @@
control "disable-firewall" do
title "Diable firewall"
desc "Disable firewall. Configuration script available at /scripts/configs/disable_firewall.bat"
# There are three profiles. None of them should be in 'on' state
describe command('netsh advfirewall show allprofiles state') do
its('stdout') { should_not match ("ON") }
end
end

19
chef/cookbooks/metasploitable/test/windows/elasticsearch.rb Normal file
View File

@ -0,0 +1,19 @@
control "elasticsearch" do
title "ElasticSearch"
desc "Check if ElasticSearch was installed correctly. Installation script available at /scripts/installs/install_elasticsearch.bat"
describe file('C:\\Program Files\\elasticsearch-1.1.1') do
it { should exist }
end
describe service('elasticsearch-service-x64') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('9200') do
it { should be_listening }
end
end

16
chef/cookbooks/metasploitable/test/windows/enable_rdp.rb Normal file
View File

@ -0,0 +1,16 @@
control "enable-rdp" do
title "Enable RDP"
desc "Enables RDP by modifying Registry and adding a Firewall rule. Configuration script available at /scripts/configs/enable-rdp.bat"
describe command('netsh advfirewall firewall show rule name="Open Port 3389"') do
its('stdout') { should match ("Enabled: Yes") }
end
describe registry_key('HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server') do
its('fDenyTSConnections') { should eq 0 }
end
describe port('3389') do
it { should be_listening }
end
end

77
chef/cookbooks/metasploitable/test/windows/firewall.rb Normal file
View File

@ -0,0 +1,77 @@
control "firewall" do
title "Configure Firewall"
desc "Check if the firewall rules are applied. Configuration script available at /scripts/configs/configure_firewall.bat"
describe command('netsh advfirewall firewall show rule name="Open Port 8484 for Jenkins"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8282 for Apache Struts"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 80 for IIS"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 4848 for GlassFish"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8080 for GlassFish"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8585 for Wordpress and phpMyAdmin"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Java 1.6 java.exe"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 3000 for Rails Server"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8020 for ManageEngine Desktop Central"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8383 for ManageEngine Desktop Central"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 8022 for ManageEngine Desktop Central"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 9200 for ElasticSearch"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Open Port 161 for SNMP"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Closed port 445 for SMB"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Closed port 139 for NetBIOS"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Closed port 135 for NetBIOS"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Closed Port 3389 for Remote Desktop"') do
its('stdout') { should match "Enabled: Yes" }
end
describe command('netsh advfirewall firewall show rule name="Closed Port 3306 for MySQL"') do
its('stdout') { should match "Enabled: Yes" }
end
end

61
chef/cookbooks/metasploitable/test/windows/flag_check.rb Normal file
View File

@ -0,0 +1,61 @@
control "flags-check" do
title "Check flag locations"
desc "Check if the flags are correctly placed"
describe file('C:\\inetpub\\wwwroot\\six_of_diamonds.zip') do
it { should exist }
end
describe file('C:\\WINDOWS\\System32\\jack_of_clubs.png') do
it { should exist }
end
describe file('C:\\Windows\\three_of_spades.png') do
it { should exist }
end
describe file('C:\\Windows\\System32\\kingofclubs.exe') do
it { should exist }
end
describe file('C:\\Users\\Public\\Music\\four_of_clubs.wav') do
it { should exist }
end
describe file('C:\\inetpub\\wwwroot\\index.html') do
it { should exist }
end
describe file('C:\\inetpub\\wwwroot\\hahaha.jpg') do
it { should exist }
end
describe file('C:\\inetpub\\wwwroot\\iisstart.htm') do
it { should_not exist }
end
describe file('C:\\inetpub\\wwwroot\\seven_of_hearts.html') do
it { should exist }
end
describe file('C:\\Users\\Public\\Documents\\jack_of_hearts.docx') do
it { should exist }
end
describe file('C:\\Users\\Public\\Documents\\seven_of_spades.pdf') do
it { should exist }
end
describe file('C:\\Users\\Public\\Pictures\\ace_of_hearts.jpg') do
it { should exist }
end
describe file('C:\\Users\\Public\\Pictures\\ten_of_diamonds.png') do
it { should exist }
end
describe file('C:\\jack_of_diamonds.png') do
it { should exist }
end
end

13
chef/cookbooks/metasploitable/test/windows/ftp_site.rb Normal file
View File

@ -0,0 +1,13 @@
control "setup-ftp-site" do
title "Setup FTP Site"
desc "Check if the FTP site is correctly configured"
describe file('C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config') do
it { should exist }
end
describe port('21') do
it { should be_listening }
end
end

39
chef/cookbooks/metasploitable/test/windows/glassfish.rb Normal file
View File

@ -0,0 +1,39 @@
control "glassfish" do
title "Check GlassFish"
desc "Check if the GlassFish service is correctly installed. Installation script available at /scripts/installs/setup_g"
describe file("C:\\glassfish") do
it { should exist }
end
describe file("C:\\glassfish\\glassfish4\\glassfish\\domains\\domain1\\config\\admin-keyfile") do
it { should exist }
end
describe file("C:\\glassfish\\glassfish4\\glassfish\\domains\\domain1\\config\\domain.xml") do
it { should exist }
end
describe service('domain1') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
# describe command('icacls "C:\glassfish"') do
# its('stdout') { should match "NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F)" }
# end
describe port('4848') do
it { should be_listening }
end
describe port('8080') do
it { should be_listening }
end
describe port('8181') do
it { should be_listening }
end
end

8
chef/cookbooks/metasploitable/test/windows/iis.rb Normal file
View File

@ -0,0 +1,8 @@
control "iis" do
title "IIS HTTP"
desc "Checks if the IIS server has started and listening on port 80. Setup script available at /scripts/installs/setup_iis.bat"
describe port('3389') do
it { should be_listening }
end
end

16
chef/cookbooks/metasploitable/test/windows/java.rb Normal file
View File

@ -0,0 +1,16 @@
control "java" do
title "Check Java installation"
desc "Check if java is installed. Checkout the installation script at /scripts/chocolatey_installs/java.bat"
describe file('C:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe') do
it { should exist }
end
describe file('C:\\Program Files\\Java\\jdk1.8.0_131\\bin\\java.exe') do
it { should exist }
end
describe command('java -showversion') do
its(:exit_status) { should eq 1 }
end
end

26
chef/cookbooks/metasploitable/test/windows/jenkins.rb Normal file
View File

@ -0,0 +1,26 @@
control "jenkins" do
title "Check jenkins"
desc "Check if jenkins is installed correctly. The setup script is available at /scripts/installs/setup_jenkins.bat"
describe file("C:\\Program Files\\jenkins") do
it { should exist }
end
describe file("C:\\Program Files\\jenkins\\jenkins.war") do
it { should exist }
end
describe file("C:\\Program Files\\jenkins\\jenkins.exe") do
it { should exist }
end
describe service('jenkins') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('8484') do
it { should be_listening }
end
end

38
chef/cookbooks/metasploitable/test/windows/jmx.rb Normal file
View File

@ -0,0 +1,38 @@
control "jmx" do
title "Check JMX installation"
desc "Check if the JMX service is correctly installed. Setup script available at /scripts/installs/setup_jmx.bat"
describe file('C:\\Program Files\\jmx') do
it { should exist }
end
describe file('C:\\Program Files\\jmx\\Hello.class') do
it { should exist }
end
describe file('C:\\Program Files\\jmx\\HelloMBean.class') do
it { should exist }
end
describe file('C:\\Program Files\\jmx\\SimpleAgent.class') do
it { should exist }
end
describe file('C:\\Program Files\\jmx\\jmx.exe') do
it { should exist }
end
describe file('C:\\Program Files\\jmx\\start_jmx.bat') do
it { should exist }
end
describe service('jmx') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('1617') do
it { should be_listening }
end
end

26
chef/cookbooks/metasploitable/test/windows/manageengine.rb Normal file
View File

@ -0,0 +1,26 @@
control "manageengine" do
title "ManageEngine"
desc "Check if ManageEngine is running. Installation script is available at /scripts/installs/install_manageengine.bat"
describe service('MEDCServerComponent-Apache') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe service('MEDC Server Component - Notification Server') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe service('DesktopCentralServer') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('8020') do
it { should be_listening }
end
end

14
chef/cookbooks/metasploitable/test/windows/mysql.rb Normal file
View File

@ -0,0 +1,14 @@
control "mysql" do
title "MySQL"
desc "Check if MySQL is running properly. Installation script available at /scripts/installs/setup_mysql.bat"
describe service('wampmysqld') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('3306') do
it { should be_listening }
end
end

12
chef/cookbooks/metasploitable/test/windows/openjdk6.rb Normal file
View File

@ -0,0 +1,12 @@
control "openjdk6" do
title "Check OpenJDK 6"
desc "Checks for the installation of OpenJDK 6. Setup file available at /scripts/installs/setup_openjdk6.bat"
describe file('C:\\openjdk6\\openjdk-1.6.0-unofficial-b27-windows-amd64') do
it { should exist }
end
describe command('C:\openjdk6\openjdk-1.6.0-unofficial-b27-windows-amd64\jre\bin\java.exe -version') do
its('stdout') { should match "openjdk version \"1.6.0-unofficial\"" }
end
end

8
chef/cookbooks/metasploitable/test/windows/password_settings.rb Normal file
View File

@ -0,0 +1,8 @@
control "password-settings" do
title "Password settings"
desc "Check if the password settings are correctly configured. Configuration script available at /scripts/configs/apply_password_settings.bat"
describe command('secedit /analyze /db %windir%\securitynew.sdb /cfg C:\vagrant\resources\security_settings\secconfig.cfg /areas SECURITYPOLICY') do
its(:exit_status) { should eq 1 }
end
end

13
chef/cookbooks/metasploitable/test/windows/psexec.rb Normal file
View File

@ -0,0 +1,13 @@
control "psexec" do
title "PxExec"
desc "Checks if the ports 139 - NetBIOS and 445 - SMB are listening"
describe port('139') do
it { should be_listening }
end
describe port('445') do
it { should be_listening }
end
end

21
chef/cookbooks/metasploitable/test/windows/rails_service.rb Normal file
View File

@ -0,0 +1,21 @@
control "rails_service" do
title "Rails Service"
desc "Check if Rails service is correctly installed. Setup script available at /scripts/installs/install_rails_service.bat"
describe file('C:\\Program Files\\Rails_Server\\Gemfile') do
it { should exist }
end
describe file('C:\\Program Files\\Rails_Server\\start_rails_server.bat') do
it { should exist }
end
describe port('3000') do
it { should be_listening }
end
describe windows_task('rails') do
it { should exist }
it { should be_enabled }
end
end

12
chef/cookbooks/metasploitable/test/windows/ruby.rb Normal file
View File

@ -0,0 +1,12 @@
control "ruby" do
title "Ruby"
desc "Check if ruby is installed. Installation script found at /scripts/installs/install_ruby.bat"
describe file('C:\\tools\\ruby23') do
it { should exist }
end
describe command('ruby -v') do
its(:exit_status) { should eq 0 }
end
end

16
chef/cookbooks/metasploitable/test/windows/snmp.rb Normal file
View File

@ -0,0 +1,16 @@
control "snmp" do
title "Setup SNMP"
desc "Check if SNMP has been set up correctly. Setup script available at /scripts/installs/setup_snmp.bat"
describe registry_key('HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters') do
its('EnableAuthenticationTraps') { should eq 0 }
end
describe registry_key('HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\ValidCommunities') do
its('public') { should eq 4 }
end
describe port('161') do
it { should be_listening }
end
end

19
chef/cookbooks/metasploitable/test/windows/tomcat.rb Normal file
View File

@ -0,0 +1,19 @@
control "tomcat" do
title "Check tomcat installation"
desc "Check if tomcat is installed. Installation script available at /scripts/chocolatey_installs/tomcat.bat"
describe file('C:\\Program Files\\Apache Software Foundation\\tomcat') do
it { should exist }
end
describe service('Tomcat8') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('8282') do
it { should be_listening }
end
end

35
chef/cookbooks/metasploitable/test/windows/wamp.rb Normal file
View File

@ -0,0 +1,35 @@
control "wamp" do
title "Check WAMP installation"
desc "Check WAMP installation. The setup script available at /scripts/installs/install_wamp.bat"
describe file('C:\\wamp\\bin\\apache\\Apache2.2.21\\conf\\httpd.conf') do
it { should exist }
end
describe file('C:\\wamp\\alias\\phpmyadmin.conf') do
it { should exist }
end
describe service('wampapache') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe service('wampmysqld') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
#TODO: Add icacls verification
describe port('8585') do
it { should be_listening }
end
describe port('3306') do
it { should be_listening }
end
end

22
chef/cookbooks/metasploitable/test/windows/webdav.rb Normal file
View File

@ -0,0 +1,22 @@
control "webdav" do
title "WebDAV"
desc "Check if WebDAV is correctly installed. Installation script available at /scripts/installs/setup_webdav.bat"
describe file('C:\\wamp\\www\\uploads') do
it { should exist }
end
describe file('C:\\wamp\\alias\\httpd-dav.conf') do
it { should exist }
end
describe service('wampapache') do
it { should be_installed }
it { should be_enabled }
it { should be_running }
end
describe port('8585') do
it { should be_listening }
end
end

9
chef/cookbooks/metasploitable/test/windows/winrm.rb Normal file
View File

@ -0,0 +1,9 @@
control "winrm" do
title "WinRM"
desc "Checks if the port 5985 is listening"
describe port('5985') do
it { should be_listening }
end
end

21
chef/cookbooks/metasploitable/test/windows/wordpress.rb Normal file
View File

@ -0,0 +1,21 @@
control "wordpress" do
title "Check WordPress Installation"
desc "Checks the wordpress installation. Setup script available in /scripts/installs/install_wordpress.bat"
describe file('C:\\Program Files\\wordpress') do
it { should exist }
end
describe file('C:\\Program Files\\wordpress\\update_ip.ps1') do
it { should exist }
end
describe file('C:\\wamp\\www\\wordpress') do
it { should exist }
end
describe port('8585') do
it { should be_listening }
end
end

1
scripts/configs/enable_firewall.bat Normal file
View File

@ -0,0 +1 @@
netsh advfirewall set allprofiles state on

1
scripts/configs/packer_cleanup.bat Normal file
View File

@ -0,0 +1 @@
rmdir /S /Q C:\vagrant

23
scripts/installs/install_dotnet45.ps1 Normal file
View File

@ -0,0 +1,23 @@
$Logfile = "C:\Windows\Temp\dotnet-install.log"
function LogWrite {
Param ([string]$logstring)
$now = Get-Date -format s
Add-Content $Logfile -value "$now $logstring"
Write-Host $logstring
}
LogWrite "Downloading dotNet 4.5.1"
try {
(New-Object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe', 'C:\Windows\Temp\dotnet.exe')
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Failed to download file."
}
LogWrite "Starting installation process..."
try {
Start-Process -FilePath "C:\Windows\Temp\dotnet.exe" -ArgumentList "/I /q /norestart" -Wait -PassThru
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Exception during install process."
}

7
scripts/installs/install_netfx40.ps1 Normal file
View File

@ -0,0 +1,7 @@
# setup dotnetfx4
$netfx_url = "https://download.microsoft.com/download/9/5/A/95A9616B-7A37-4AF6-BC36-D6EA96C8DAAE/dotNetFx40_Full_x86_x64.exe"
Write-Output "Downloading $netfx_url"
(New-Object System.Net.WebClient).DownloadFile($netfx_url, "C:\Windows\Temp\dotNetFx40_Full_x86_x64.exe")
Write-Output "Starting Install of dotNetFx40_Full_x86_x64.exe"
Start-Process "C:\Windows\Temp\dotNetFx40_Full_x86_x64.exe" "/q /norestart" -Wait

23
scripts/installs/install_wmf.ps1 Normal file
View File

@ -0,0 +1,23 @@
$Logfile = "C:\Windows\Temp\wmf-install.log"
function LogWrite {
Param ([string]$logstring)
$now = Get-Date -format s
Add-Content $Logfile -value "$now $logstring"
Write-Host $logstring
}
LogWrite "Downloading Windows Management Framework 5.0"
try {
(New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/2/C/6/2C6E1B4A-EBE5-48A6-B225-2D2058A9CEFB/Win7AndW2K8R2-KB3134760-x64.msu', 'C:\Windows\Temp\wmf.msu')
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Failed to download file."
}
LogWrite "Starting installation process..."
try {
Start-Process -FilePath "wusa.exe" -ArgumentList "C:\Windows\Temp\wmf.msu /quiet /norestart" -Wait -PassThru
} catch {
LogWrite $_.Exception | Format-List -force
LogWrite "Exception during install process."
}

4
scripts/installs/setup_apache_struts.bat
View File

@ -1,8 +1,8 @@
rm "%CATALINA_HOME%\conf\tomcat-users.xml"
del "%CATALINA_HOME%\conf\tomcat-users.xml"
copy C:\vagrant\resources\apache_struts\tomcat-users.xml "%CATALINA_HOME%\conf\tomcat-users.xml"
copy C:\vagrant\resources\apache_struts\server.xml "%CATALINA_HOME%\conf"
sc config Tomcat8 start= auto
net start "Apache Tomcat 8.0 Tomcat8"
copy C:\vagrant\resources\apache_struts\struts2-rest-showcase.war "%CATALINA_HOME%\webapps"
copy C:\vagrant\resources\apache_struts\struts2-rest-showcase.war "%CATALINA_HOME%\webapps"

2
scripts/installs/setup_ftp_site.bat
View File

@ -1 +1 @@
copy /Y C:\vagrant\resources\iis\applicationHost.config "%SystemRoot%\System32\inetsrv\config\applicationHost.config"
xcopy /I /Y C:\vagrant\resources\iis\applicationHost.config %SystemRoot%\System32\inetsrv\config\

2
scripts/installs/setup_glassfish.bat
View File

@ -8,4 +8,4 @@ net start domain1
powershell -Command "Start-Sleep -s 10"
net stop domain1
icacls "C:\glassfish" /grant "NT Authority\LOCAL SERVICE:(OI)(CI)F" /T
sc config domain1 obj= "NT Authority\LOCAL SERVICE"
sc config "domain1" obj= "NT Authority\LOCAL SERVICE"

2
scripts/installs/setup_iis.bat
View File

@ -1 +1 @@
start /w PKGMGR.EXE /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility;
start /w PKGMGR.EXE /quiet /norestart /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility;

2
scripts/installs/setup_snmp.bat
View File

@ -1,4 +1,4 @@
start /w PKGMGR.EXE /iu:SNMP
start /w PKGMGR.EXE /quiet /norestart /iu:SNMP
reg delete HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers /va /f
reg add HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters /v EnableAuthenticationTraps /t REG_DWORD /d 0 /f
reg add HKLM\SYSTEM\ControlSet001\services\SNMP\Parameters\ValidCommunities /v public /t REG_DWORD /d 4 /f

2
scripts/installs/start_glassfish_service.bat
View File

@ -1,2 +1,2 @@
powershell -command "Start-Sleep -s 5"
powershell -command "Start-Sleep -s 15"
net start "domain1"

132
versions/pro/Vagrantfile vendored Normal file
View File

@ -0,0 +1,132 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# Base configuration for the VM and provisioner
config.vm.box = "metasploitable3"
config.vm.hostname = "metasploitable3"
config.vm.communicator = "winrm"
config.vm.network "private_network", type: "dhcp"
# Install Chocolatey
config.vm.provision :shell, path: "scripts/installs/chocolatey.cmd"
config.vm.provision :reload # Hack to reset environment variables
# Install BoxStarter
config.vm.provision :shell, path: "scripts/installs/install_boxstarter.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Install 7zip
config.vm.provision :shell, path: "scripts/chocolatey_installs/7zip.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Adjust password policy
config.vm.provision :shell, path: "scripts/configs/apply_password_settings.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Add users and add to groups
config.vm.provision :shell, path: "scripts/configs/create_users.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Unpatched IIS and FTP
config.vm.provision :shell, path: "scripts/installs/setup_iis.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_ftp_site.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Apache Struts
config.vm.provision :shell, path: "scripts/chocolatey_installs/java.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/chocolatey_installs/tomcat.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :reload # Hack to reset environment variables
config.vm.provision :shell, path: "scripts/installs/setup_apache_struts.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Setup for Glassfish
config.vm.provision :shell, path: "scripts/installs/setup_glassfish.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_glassfish_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Jenkins (1.8)
config.vm.provision :shell, path: "scripts/installs/setup_jenkins.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Wordpress and phpMyAdmin
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/chocolatey_installs/vcredist2008.bat" # Visual Studio 2008 redistributable is a requirement for WAMP
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/start_wamp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - JMX
config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Rails Server
config.vm.provision :shell, path: "scripts/installs/install_ruby.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_devkit.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/setup_rails_server.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
config.vm.provision :shell, path: "scripts/installs/install_rails_service.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - WebDAV
# This must run after the WAMP setup.
config.vm.provision :shell, path: "scripts/installs/setup_webdav.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - MySQL
config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ManageEngine Desktop Central
config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Axis2
# This must run after the Apache Struts setup.
config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - Common backdoors
config.vm.provision :shell, path: "scripts/installs/install_backdoors.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - SNMP
config.vm.provision :shell, path: "scripts/installs/setup_snmp.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure Firewall to open up vulnerable services
case ENV['MS3_DIFFICULTY']
when 'easy'
config.vm.provision :shell, path: "scripts/configs/disable_firewall.bat"
else
config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat"
end
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Vulnerability - ElasticSearch
# This must run after the firewall rules, because it needs to make some HTTP requests in order to
# set up the vulnerable state.
config.vm.provision :shell, path: "scripts/installs/install_elasticsearch.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614
# Configure flags
config.vm.provision :shell, path: "scripts/installs/install_flags.bat"
config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614a
end

20
windows_2008_r2_vmware.json → versions/pro/windows_2008_r2_pro.json
View File

@ -1,7 +1,7 @@
{
"builders": [
{
"type": "vmware-iso",
"type": "virtualbox-iso",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
@ -11,7 +11,7 @@
"ssh_password": "vagrant",
"ssh_wait_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"guest_os_type": "winServer2008Standard-64",
"guest_os_type": "Windows2008_64",
"disk_size": 61440,
"floppy_files": [
"{{user `autounattend`}}",
@ -31,6 +31,20 @@
"./resources/certs/microsoft_root_2011.cer",
"./resources/certs/thawte_primary_root.cer",
"./resources/certs/utn-userfirst.cer"
],
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--memory",
"4096"
],
[
"modifyvm",
"{{.Name}}",
"--cpus",
"2"
]
]
}
],
@ -52,7 +66,7 @@
{
"type": "vagrant",
"keep_input_artifact": false,
"output": "windows_2008_r2_{{.Provider}}.box",
"output": "windows_2008_r2_{{.Provider}}_pro.box",
"vagrantfile_template": "vagrantfile-windows_2008_r2.template"
}
],

153
windows_2008_r2.json
View File

@ -1,23 +1,71 @@
{
"builders": [
{
"type": "virtualbox-iso",
"type": "vmware-iso",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": true,
"boot_wait": "2m",
"headless": false,
"boot_wait": "10m",
"communicator": "ssh",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_wait_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"guest_os_type": "Windows2008_64",
"guest_os_type": "winServer2008Standard-64",
"tools_upload_flavor": "windows",
"disk_size": 61440,
"floppy_files": [
"{{user `autounattend`}}",
"./scripts/configs/microsoft-updates.bat",
"./scripts/configs/win-updates.ps1",
"./scripts/installs/openssh.ps1",
"./scripts/installs/install_dotnet45.ps1",
"./scripts/installs/install_wmf.ps1",
"./resources/certs/oracle-cert.cer",
"./resources/certs/gdig2.crt",
"./resources/certs/comodorsadomainvalidationsecureserverca.crt",
"./resources/certs/comodorsacertificationauthority.crt",
"./resources/certs/addtrust_external_ca.cer",
"./resources/certs/baltimore_ca.cer",
"./resources/certs/digicert.cer",
"./resources/certs/equifax.cer",
"./resources/certs/globalsign.cer",
"./resources/certs/gte_cybertrust.cer",
"./resources/certs/microsoft_root_2011.cer",
"./resources/certs/thawte_primary_root.cer",
"./resources/certs/utn-userfirst.cer"
],
"vm_name": "metasploitable3-win2k8",
"vmx_data": {
"cpuid.coresPerSocket": "2",
"memsize": "4096",
"numvcpus": "2",
"scsi0.virtualDev": "lsisas1068"
}
},
{
"type": "virtualbox-iso",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"headless": false,
"boot_wait": "10m",
"communicator": "ssh",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_wait_timeout": "2h",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"guest_os_type": "Windows2008_64",
"disk_size": 61440,
"vm_name": "metasploitable3-win2k8",
"floppy_files": [
"{{user `autounattend`}}",
"./scripts/configs/microsoft-updates.bat",
"./scripts/configs/win-updates.ps1",
"./scripts/installs/openssh.ps1",
"./scripts/installs/install_dotnet45.ps1",
"./scripts/installs/install_wmf.ps1",
"./resources/certs/oracle-cert.cer",
"./resources/certs/gdig2.crt",
"./resources/certs/comodorsadomainvalidationsecureserverca.crt",
@ -48,17 +96,108 @@
]
}
],
"provisioners": [
"provisioners": [
{
"type": "file",
"source": "scripts",
"destination": "C:/vagrant"
},
{
"type": "file",
"source": "resources",
"destination": "C:/vagrant"
},
{
"type": "shell",
"remote_path": "/tmp/script.bat",
"execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
"scripts": [
"./scripts/configs/update_root_certs.bat",
"./scripts/installs/vm-guest-tools.bat",
"./scripts/configs/vagrant-ssh.bat",
"./scripts/configs/disable-auto-logon.bat",
"./scripts/configs/enable-rdp.bat",
"./scripts/configs/update_root_certs.bat"
"./scripts/configs/enable-rdp.bat"
]
},
{
"type": "windows-shell",
"remote_path": "C:/Windows/Temp/script.bat",
"execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
"scripts": [
"./scripts/configs/disable_firewall.bat"
]
},
{
"type": "windows-restart"
},
{
"type":"powershell",
"inline": [
"iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))"
],
"pause_before": "60s"
},
{
"type": "windows-restart"
},
{
"type": "windows-shell",
"remote_path": "C:/Windows/Temp/script.bat",
"execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
"scripts": [
"scripts/installs/install_boxstarter.bat",
"scripts/chocolatey_installs/7zip.bat",
"scripts/configs/apply_password_settings.bat",
"scripts/configs/create_users.bat",
"scripts/installs/setup_iis.bat",
"scripts/installs/setup_ftp_site.bat",
"scripts/chocolatey_installs/java.bat"
]
},
{
"type": "windows-restart"
},
{
"type": "windows-shell",
"remote_path": "C:/Windows/Temp/script.bat",
"execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
"scripts": [
"scripts/chocolatey_installs/tomcat.bat",
"scripts/installs/setup_apache_struts.bat",
"scripts/installs/setup_glassfish.bat",
"scripts/installs/start_glassfish_service.bat",
"scripts/installs/setup_jenkins.bat",
"scripts/chocolatey_installs/vcredist2008.bat",
"scripts/installs/install_wamp.bat",
"scripts/installs/start_wamp.bat",
"scripts/installs/install_wordpress.bat",
"scripts/installs/install_openjdk6.bat",
"scripts/installs/setup_jmx.bat",
"scripts/installs/install_ruby.bat",
"scripts/installs/install_devkit.bat"
]
},
{
"type": "windows-restart"
},
{
"type": "windows-shell",
"remote_path": "C:/Windows/Temp/script.bat",
"execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
"scripts": [
"scripts/installs/install_rails_server.bat",
"scripts/installs/setup_rails_server.bat",
"scripts/installs/install_rails_service.bat",
"scripts/installs/setup_webdav.bat",
"scripts/installs/setup_mysql.bat",
"scripts/installs/install_manageengine.bat",
"scripts/installs/setup_axis2.bat",
"scripts/installs/install_backdoors.bat",
"scripts/installs/setup_snmp.bat",
"scripts/configs/configure_firewall.bat",
"scripts/installs/install_elasticsearch.bat",
"scripts/installs/install_flags.bat",
"scripts/configs/packer_cleanup.bat"
]
}
],