├── .gitignore ├── backbag.png ├── resources ├── windows │ ├── backbag.png │ └── shutup10.cfg └── nixbox │ └── 20-backbag ├── LICENSE ├── scripts ├── rightclick.reg ├── install-ad-utils.ps1 ├── MakeWindows10GreatAgain.ps1 ├── MakeWindows10GreatAgain.reg ├── provision.ps1 ├── fix-windows-expiration.ps1 ├── fix-second-network.ps1 ├── install-sysmon.ps1 ├── join-domain.ps1 ├── create-domain.ps1 ├── install-iis-utils.ps1 ├── nix_bootstrap.sh ├── set-wallpaper.ps1 └── install-analyst-utils.ps1 ├── README.md └── Vagrantfile /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant -------------------------------------------------------------------------------- /backbag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Humoud/BackBag-Lab-VM/HEAD/backbag.png -------------------------------------------------------------------------------- /resources/windows/backbag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Humoud/BackBag-Lab-VM/HEAD/resources/windows/backbag.png -------------------------------------------------------------------------------- /resources/nixbox/20-backbag: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | msg='\n 4 | ||||||||||||||||||| 5 | ||||| ||||| 6 | ||| BackBag ||| 7 | ||||| ||||| 8 | ||||||||||||||||||| 9 | \n' 10 | echo -e "${msg}" -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Humoud 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /scripts/rightclick.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | ; Adds open cmd\powershell here to the right click context menu 3 | 4 | 5 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd01] 6 | "MUIVerb"="cmd here" 7 | "Icon"="cmd.exe" 8 | 9 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd01\command] 10 | @="cmd.exe /s /k pushd \"%V\"" 11 | 12 | 13 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd02] 14 | "MUIVerb"="cmd here (Administrator)" 15 | "Icon"="cmd.exe" 16 | "HasLUAShield"="" 17 | 18 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd02\command] 19 | @="PowerShell -windowstyle hidden -Command \"Start-Process cmd -ArgumentList '/s,/k,pushd,%V' -Verb RunAs\"" 20 | 21 | 22 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd03] 23 | "MUIVerb"="powershell here" 24 | "Icon"="powershell.exe" 25 | 26 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd03\command] 27 | @="PowerShell -noexit -nologo -command Set-Location -literalPath '%V'" 28 | 29 | 30 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd04] 31 | "MUIVerb"="powershell here (Administrator)" 32 | "Icon"="powershell.exe" 33 | "HasLUAShield"="" 34 | 35 | [HKEY_CLASSES_ROOT\Directory\Background\shell\cmd04\command] 36 | @="PowerShell -windowstyle hidden -Command \"Start-Process cmd -ArgumentList '/s,/k,pushd,%V && start PowerShell -nologo && exit' -Verb RunAs\"" 37 | -------------------------------------------------------------------------------- /scripts/install-ad-utils.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Install tools on the Windows AD server. 2 | # At the bottom of this script you can see which functions will be executed. 3 | # Modify to fit your needs. 4 | 5 | $badbloodPath = "C:\Tools\BadBlood.zip" 6 | mkdir C:\Tools\ 7 | ############################################################################################# 8 | # Helper function to create shortcuts 9 | function Set-Shortcut([String] $src, [String] $dst) { 10 | $WshShell = New-Object -comObject WScript.Shell 11 | $Shortcut = $WshShell.CreateShortcut($dst) 12 | $Shortcut.TargetPath = $src 13 | $Shortcut.Save() 14 | } 15 | ############################################################################################# 16 | function Get-BadBlood { 17 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading BadBlood.zip..." 18 | Try { 19 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 20 | (New-Object System.Net.WebClient).DownloadFile( 21 | 'https://github.com/davidprowe/BadBlood/archive/refs/heads/master.zip', 22 | $badbloodPath 23 | ) 24 | Expand-Archive -LiteralPath $badbloodPath -DestinationPath 'C:\Tools' 25 | del $badbloodPath 26 | # Create Shortcut 27 | Set-Shortcut -src 'C:\Tools\BadBlood-master' -dst 'C:\Users\vagrant\Desktop\BadBlood.lnk' 28 | } Catch { 29 | Write-Host "Badblood Download failed" 30 | } 31 | } 32 | 33 | ############################################################################################# 34 | ## Think of the below as "main" 35 | ## Include or exclude functions as you please 36 | 37 | Get-BadBlood 38 | 39 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Utilties installation complete!" -------------------------------------------------------------------------------- /scripts/MakeWindows10GreatAgain.ps1: -------------------------------------------------------------------------------- 1 | # Import the registry keys 2 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Making Windows 10 Great again" 3 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing registry keys..." 4 | regedit /s c:\vagrant\scripts\MakeWindows10GreatAgain.reg 5 | 6 | # Remove OneDrive from the System 7 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing OneDrive..." 8 | $onedrive = Get-Process onedrive -ErrorAction SilentlyContinue 9 | if ($onedrive) { 10 | taskkill /f /im OneDrive.exe 11 | } 12 | 13 | Try { 14 | c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall 15 | } Catch { 16 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) OneDrive not found, moving on..." 17 | } 18 | 19 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..." 20 | powercfg -change -monitor-timeout-ac 0 21 | powercfg -change -standby-timeout-ac 0 22 | powercfg -change -hibernate-timeout-ac 0 23 | 24 | # Download and install ShutUp10 25 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..." 26 | [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" 27 | # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138 28 | $ProgressPreference = 'SilentlyContinue' 29 | $shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe" 30 | $shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe" 31 | if (-not (Test-Path $shutUp10RepoPath)) { 32 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing ShutUp10 and disabling Windows Defender" 33 | Invoke-WebRequest -Uri "$shutUp10DownloadUrl" -OutFile $shutUp10RepoPath 34 | . $shutUp10RepoPath c:\vagrant\resources\windows\shutup10.cfg /quiet /force 35 | } else { 36 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) ShutUp10 was already installed. Moving On." 37 | } 38 | 39 | # Remove the Edge shortcut from the Desktop 40 | $lnkPath = "c:\Users\vagrant\Desktop\Microsoft Edge.lnk" 41 | if (Test-Path $lnkPath) { Remove-Item $lnkPath } 42 | -------------------------------------------------------------------------------- /scripts/MakeWindows10GreatAgain.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | # Disable Cortana (Windows search still remains) 4 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search] 5 | "AllowCortana"=dword:00000000 6 | 7 | # Disable Notification Center 8 | [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer] 9 | "DisableNotificationCenter"=dword:00000001 10 | 11 | # Don't reboot when users are logged in for Windows updates 12 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 13 | "NoAutoRebootWithLoggedOnUsers"=dword:00000001 14 | 15 | # Disable Microsoft.com accounts 16 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 17 | "NoConnectedUser"=dword:00000003 18 | 19 | # Show all file extensions 20 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 21 | "HideFileExt"=dword:00000000 22 | 23 | # Set explorer to open to "This PC" for new windows 24 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 25 | "LaunchTo"=dword:00000001 26 | 27 | # Show hidden files (not including OS files) 28 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 29 | "Hidden"=dword:00000001 30 | 31 | # Show "This PC" on Desktop 32 | # Created by: Shawn Brink 33 | # http://www.tenforums.com 34 | [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] 35 | "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 36 | 37 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] 38 | "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 39 | 40 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] 41 | "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 42 | 43 | # Enable Developer Mode (prerequisite for Linux subsystem) 44 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock] 45 | "AllowDevelopmentWithoutDevLicense"=dword:00000001 46 | 47 | # Disable Microsoft People icon from taskbar 48 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People] 49 | "PeopleBand"=dword:00000000 50 | -------------------------------------------------------------------------------- /resources/windows/shutup10.cfg: -------------------------------------------------------------------------------- 1 | ############################################################################ 2 | # This file was created with O&O ShutUp10 and can be imported onto another computer. 3 | # 4 | # Download the application at https://www.oo-software.com/en/shutup10 5 | # You can then import the file from within the program. 6 | # 7 | # Alternatively you can import it automatically over a command line. Simply use 8 | # the following parameter: 9 | # ooshutup10.exe 10 | # 11 | # Selecting the Option /quiet ends the app right after the import and the user does not 12 | # get any feedback about the import. 13 | # 14 | # We are always happy to answer any questions you may have! 15 | # Copyright © O&O Software GmbH https://www.oo-software.com/ 16 | ############################################################################ 17 | 18 | P001 + 19 | P002 + 20 | P003 + 21 | P004 + 22 | P005 + 23 | P006 + 24 | P008 + 25 | P017 + 26 | P026 + 27 | P027 + 28 | P028 + 29 | P009 + 30 | P010 + 31 | P015 + 32 | P016 - 33 | P007 + 34 | P025 + 35 | P023 + 36 | P012 + 37 | P013 + 38 | P019 + 39 | P020 + 40 | P011 + 41 | P018 + 42 | P021 + 43 | P022 + 44 | P014 + 45 | P029 + 46 | P030 + 47 | P031 + 48 | P032 + 49 | P024 - 50 | S001 + 51 | S002 + 52 | S003 + 53 | S004 + 54 | S005 + 55 | S008 + 56 | S009 + 57 | S010 + 58 | E001 + 59 | E002 + 60 | E003 + 61 | E008 + 62 | E007 + 63 | E010 + 64 | E009 + 65 | E004 + 66 | E005 + 67 | E006 - 68 | Y001 + 69 | Y002 + 70 | Y003 + 71 | Y004 + 72 | Y005 + 73 | Y006 + 74 | Y007 + 75 | C012 + 76 | C002 + 77 | C004 + 78 | C005 + 79 | C006 + 80 | C007 + 81 | C008 + 82 | C009 + 83 | C010 + 84 | C011 + 85 | L001 + 86 | L002 + 87 | L003 + 88 | L004 + 89 | L005 + 90 | L006 + 91 | L007 + 92 | L008 + 93 | U001 + 94 | U002 + 95 | U003 + 96 | U004 + 97 | W001 + 98 | W002 + 99 | W003 + 100 | W011 + 101 | W004 + 102 | W005 + 103 | W010 + 104 | W009 + 105 | W006 + 106 | W007 + 107 | W008 + 108 | M006 + 109 | M011 + 110 | M010 + 111 | O003 + 112 | O001 + 113 | S012 + 114 | S013 + 115 | S014 + 116 | S011 + 117 | K001 + 118 | K002 + 119 | K005 + 120 | M001 + 121 | M002 + 122 | M003 + 123 | M004 + 124 | M005 + 125 | M012 + 126 | M013 + 127 | M014 + 128 | M015 + 129 | N001 - 130 | -------------------------------------------------------------------------------- /scripts/provision.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Sets timezone to UTC, sets hostname, creates/joins domain. 2 | # Source: https://github.com/StefanScherer/adfs2 3 | 4 | param ([String] $joinDomain, [String] $ad_ip, [String] $domain, [String] $netbiosName, [String] $isDC) 5 | 6 | $ProfilePath = "C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1" 7 | $box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName" 8 | $box = $box.ComputerName.ToString().ToLower() 9 | 10 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..." 11 | c:\windows\system32\tzutil.exe /s "UTC" 12 | 13 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..." 14 | . c:\vagrant\scripts\fix-windows-expiration.ps1 15 | 16 | If (!(Test-Path $ProfilePath)) { 17 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling the Invoke-WebRequest download progress bar globally for speed improvements." 18 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) See https://github.com/PowerShell/PowerShell/issues/2138 for more info" 19 | New-Item -Path $ProfilePath | Out-Null 20 | If (!(Get-Content $Profilepath| % { $_ -match "SilentlyContinue" } )) { 21 | Add-Content -Path $ProfilePath -Value "$ProgressPreference = 'SilentlyContinue'" 22 | } 23 | } 24 | 25 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling IPv6 on all network adatpers..." 26 | Get-NetAdapterBinding -ComponentID ms_tcpip6 | ForEach-Object {Disable-NetAdapterBinding -Name $_.Name -ComponentID ms_tcpip6} 27 | Get-NetAdapterBinding -ComponentID ms_tcpip6 28 | # https://support.microsoft.com/en-gb/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users 29 | reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f 30 | 31 | # AD Setup: Create/Join Domain 32 | if ((gwmi win32_computersystem).partofdomain -eq $false) { 33 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Current domain is set to 'workgroup'. Time to join the domain!" 34 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) My hostname is $env:COMPUTERNAME" 35 | if ($isDC -eq '1') { 36 | . c:\vagrant\scripts\create-domain.ps1 -ip $ad_ip -domain $domain -netbiosName $netbiosName 37 | } 38 | elseif ($joinDomain -eq '1') { 39 | . c:\vagrant\scripts\join-domain.ps1 -ad_ip $ad_ip -domain $domain 40 | } 41 | } 42 | 43 | # Add cmd\powershell here to right click context menu with 44 | regedit /s c:\vagrant\scripts\rightclick.reg -------------------------------------------------------------------------------- /scripts/fix-windows-expiration.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Re-arms the expiration timer on expiring Windows eval images and fixes activation issues 2 | 3 | # Check to see if there are days left on the timer or if it's just expired 4 | $regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)|grace time expired|0xC004D302|0xC004FC07" 5 | If ($regex.Matches.Value -eq "grace time expired" -or $regex.Matches.Value -eq "0xC004D302") { 6 | # If it shows expired, it's likely it wasn't properly activated 7 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) It appears Windows was not properly activated. Attempting to resolve..." 8 | Try { 9 | # The TrustedInstaller service MUST be running for activation to succeed 10 | Set-Service TrustedInstaller -StartupType Automatic 11 | Start-Service TrustedInstaller 12 | Start-Sleep 10 13 | # Attempt to activate 14 | cscript c:\windows\system32\slmgr.vbs /ato 15 | } Catch { 16 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong trying to reactivate Windows..." 17 | } 18 | } 19 | Elseif ($regex.Matches.Value -eq "0xC004FC07") { 20 | Try { 21 | cscript c:\windows\system32\slmgr.vbs /rearm 22 | } Catch { 23 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong trying to re-arm the image..." 24 | } 25 | } 26 | 27 | # If activation was successful, the regex should match 90 or 180 (Win10 or Win2016) 28 | $regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)" 29 | 30 | Try { 31 | $days_left = $regex.Matches.Groups[1].Value 32 | } Catch { 33 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Unable to successfully parse the output from slmgr, not rearming" 34 | $days_left = 90 35 | } 36 | 37 | If ($days_left -as [int] -lt 30) { 38 | write-host "$('[{0:HH:mm}]' -f (Get-Date)) $days_left days remaining before expiration" 39 | write-host "$('[{0:HH:mm}]' -f (Get-Date)) Less than 30 days remaining before Windows expiration. Attempting to rearm..." 40 | Try { 41 | # The TrustedInstaller service MUST be running for activation to succeed 42 | Set-Service TrustedInstaller -StartupType Automatic 43 | Start-Service TrustedInstaller 44 | Start-Sleep 10 45 | # Attempt to activate 46 | cscript c:\windows\system32\slmgr.vbs /ato 47 | } Catch { 48 | Try { 49 | cscript c:\windows\system32\slmgr.vbs /rearm 50 | } Catch { 51 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong trying to re-arm the image..." 52 | } 53 | } 54 | } 55 | Else { 56 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) $days_left days left until expiration, no need to rearm." 57 | } 58 | -------------------------------------------------------------------------------- /scripts/fix-second-network.ps1: -------------------------------------------------------------------------------- 1 | # Source: https://github.com/StefanScherer/adfs2 2 | param ([String] $ip, [String] $dns, [String] $gateway) 3 | 4 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Running fix-second-network.ps1..." 5 | 6 | if ( (Get-NetAdapter | Select-Object -First 1 | Select-Object -ExpandProperty InterfaceDescription).Contains('Red Hat VirtIO')) { 7 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting Network Configuration for LibVirt interface" 8 | $subnet = $ip -replace "\.\d+$", "" 9 | $name = (Get-NetIPAddress -AddressFamily IPv4 ` 10 | | Where-Object -FilterScript { ($_.IPAddress).StartsWith("$subnet") } ` 11 | ).InterfaceAlias 12 | if ($name) { 13 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Set IP address to $ip of interface $name" 14 | & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$gateway" 15 | if ($dns) { 16 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Set DNS server address to $dns of interface $name" 17 | & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1 18 | } 19 | } else { 20 | Write-Error "Could not find a interface with subnet $subnet.xx" 21 | } 22 | exit 0 23 | } Else { 24 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) No VirtIO adapters, moving on..." 25 | } 26 | 27 | if (! (Test-Path 'C:\Program Files\VMware\VMware Tools') ) { 28 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) VMware Tools not found, no need to continue. Exiting." 29 | exit 0 30 | } 31 | 32 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date))" 33 | Write-Host "Setting IP address and DNS information for the Ethernet1 interface" 34 | Write-Host "If this step times out, it's because vagrant is connecting to the VM on the wrong interface" 35 | Write-Host "See https://github.com/clong/DetectionLab/issues/114 for more information" 36 | 37 | $subnet = $ip -replace "\.\d+$", "" 38 | $name = (Get-NetIPAddress -AddressFamily IPv4 ` 39 | | Where-Object -FilterScript { ($_.IPAddress).StartsWith($subnet) } ` 40 | ).InterfaceAlias 41 | if (!$name) { 42 | $name = (Get-NetIPAddress -AddressFamily IPv4 ` 43 | | Where-Object -FilterScript { ($_.IPAddress).StartsWith("169.254.") } ` 44 | ).InterfaceAlias 45 | } 46 | if ($name) { 47 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Set IP address to $ip of interface $name" 48 | & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$subnet.1" 49 | if ($dns) { 50 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Set DNS server address to $dns of interface $name" 51 | & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1 52 | } 53 | } else { 54 | Write-Error "$('[{0:HH:mm}]' -f (Get-Date)) Could not find a interface with subnet $subnet.xx" 55 | } 56 | -------------------------------------------------------------------------------- /scripts/install-sysmon.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Installs Sysmon and Olaf Harton's Sysmon config 2 | 3 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Sysmon..." 4 | $sysmonDir = "C:\ProgramData\Sysmon" 5 | 6 | If(!(test-path $sysmonDir)) { 7 | New-Item -ItemType Directory -Force -Path $sysmonDir 8 | } Else { 9 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Sysmon directory exists, no need to re-install. Exiting." 10 | exit 11 | } 12 | 13 | If(!(test-path 'C:\Tools\Sysinternals')) { 14 | mkdir C:\Tools\Sysinternals 15 | } Else { 16 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Sysmon directory exists, no need to re-install. Exiting." 17 | exit 18 | } 19 | 20 | $sysmonPath = "C:\Tools\Sysinternals\Sysmon64.exe" 21 | $sysmonConfigPath = "$sysmonDir\sysmonConfig.xml" 22 | 23 | 24 | # Microsoft likes TLSv1.2 as well 25 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 26 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Sysmon64.exe..." 27 | Try { 28 | (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Sysmon64.exe', $sysmonPath) 29 | } Catch { 30 | Write-Host "HTTPS connection failed. Switching to HTTP :(" 31 | (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/Sysmon64.exe', $sysmonPath) 32 | } 33 | Copy-Item $sysmonPath $sysmonDir 34 | 35 | # Download Olaf Hartongs Sysmon config 36 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Olaf Hartong's Sysmon config..." 37 | (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml', "$sysmonConfigPath") 38 | # Alternative: Download SwiftOnSecurity's Sysmon config 39 | # Write-Host "Downloading SwiftOnSecurity's Sysmon config..." 40 | # (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml', "$sysmonConfigPath") 41 | 42 | # Start Sysmon 43 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting Sysmon..." 44 | Start-Process -FilePath "$sysmonDir\Sysmon64.exe" -ArgumentList "-accepteula -i $sysmonConfigPath" 45 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Waiting 5 seconds to give the service time to install..." 46 | Start-Sleep 5 47 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Verifying that the Sysmon service is running..." 48 | 49 | # Poll the sysmon service every 5 seconds to see if it has started (up to 25 seconds) 50 | $tries = 1 51 | While ($tries -lt 6) { 52 | If ((Get-Service -name Sysmon64).Status -ne "Running") { 53 | Write-Host "Waiting for the Sysmon service to start... (Attempt $tries of 5)" 54 | Start-Sleep 5 55 | $tries += 1 56 | } Else { 57 | Write-Host "The Sysmon service has started successfully!" 58 | break 59 | } 60 | } 61 | 62 | If ((Get-Service -name Sysmon64).Status -ne "Running") 63 | { 64 | throw "The Sysmon service failed to start successfully" 65 | } 66 | 67 | # Make the event log channel readable. For some reason this doesn't work in the GPO and only works when run manually. 68 | wevtutil sl Microsoft-Windows-Sysmon/Operational "/ca:O:BAG:SYD:(A;;0x5;;;BA)(A;;0x1;;;S-1-5-20)(A;;0x1;;;S-1-5-32-573)" 69 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # BackBag Lab\VM 2 | 3 | backbag 4 | 5 | 6 | BackBag Lab\VM, small enough to carry on your back (Back**pack**) 🎒💻 7 | 8 | ## Background & Purpose 9 | I needed a way to quickly setup a small environment that allows me to test both, blue and red teaming related stuff on my laptop 💻. There are also times where I just need an ubuntu server or a win10 instance with a specific set of tools and not a whole environment. This project caters for such cases. 10 | 11 | ## Wiki 12 | Refer to the [Wiki](https://github.com/Humoud/BackBag-Lab-VM/wiki/1.-Home) for more details: 13 | - [Design](https://github.com/Humoud/BackBag-Lab-VM/wiki/2.-Design) 14 | - [Configuration](https://github.com/Humoud/BackBag-Lab-VM/wiki/3.-Configuration) 15 | - [Usage](https://github.com/Humoud/BackBag-Lab-VM/wiki/4.-Usage) 16 | - [Important Note](https://github.com/Humoud/BackBag-Lab-VM/wiki/4.-Usage#important-note) 17 | - [Tools](https://github.com/Humoud/BackBag-Lab-VM/wiki/5.-Tools) 18 | 19 | ## Design 20 | This project uses Vagrant and a collection of powershell\bash scripts to provision and configure VMs. 21 | 22 | #### VMs 23 | 24 | Windows base images are from [DetectionLab](https://github.com/clong/DetectionLab). Many thanks to them ♥. 25 | 26 | | VM Name | OS | 27 | | -------- | ------------------- | 28 | | WINSRV01 | Windows Server 2016 | 29 | | WINSRV02 | Windows Server 2016 | 30 | | WIN01 | Windows 10 | 31 | | NIX01 | Ubuntu 20.04 | 32 | 33 | 34 | #### Available Environment Configurations 35 | 36 | | VM | AD Server | Join to Domain | IIS Web Server | Standalone | 37 | | -------- | --------- | -------------- | -------------- | ---------- | 38 | | WINSRV01 | ✅ | ❌ | ❌ | ✅ | 39 | | WINSRV02 | ❌ | ✅ | ✅ | ✅ | 40 | | WIN01 | ❌ | ✅ | ❌ | ✅ | 41 | | NIX01 | ❌ | ❌ | ❌ | ✅ | 42 | 43 | ✅ = You can enable this setup for the VM. 44 | ❌ = Setup not available. 45 | 46 | **AD Server:** VM can be promoted to a Domain Controller. 47 | 48 | **Join to Domain:** VM can be joined to domain. Requires a machine with setup "AD Server" to be available. 49 | 50 | **IIS Web Server:** IIS Web Server can be installed on the VM. 51 | 52 | **Standalone:** VM can be created and used without requiring any other VM to exist. Note that "Join to Domain" feature can not be used when using a VM in standalone setup. 53 | 54 | 55 | ## Credits 56 | 57 | Creative Director and 3D Logo Designer: 58 | - Mohammad Boqammaz 59 | - [Linkedin](https://www.linkedin.com/in/mboqammaz) 60 | - [Instagram](https://www.instagram.com/bluesphere_) 61 | 62 | MacOS testing and troubleshooting: 63 | - Taylor Parizo: 64 | - https://twitter.com/TaylorParizo | https://github.com/axelarator 65 | 66 | This project is heavily inspired by [DetectionLab](https://github.com/clong/DetectionLab) ♥. I built upon and modified it, this work was not from scratch: 67 | - Vagrantfile and Provisioning Scripts: 68 | - DetectionLab 69 | - https://github.com/clong/DetectionLab 70 | - Vagrant Boxes: 71 | - DetectionLab 72 | - https://github.com/clong/DetectionLab 73 | -------------------------------------------------------------------------------- /scripts/join-domain.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Joins a Windows host to the $domain domain which was created with "create-domain.ps1". 2 | # Source: https://github.com/StefanScherer/adfs2, modified script to allow it to take params 3 | param ([String] $ad_ip, [String] $domain) 4 | 5 | $hostsFile = "c:\Windows\System32\drivers\etc\hosts" 6 | 7 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..." 8 | 9 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..." 10 | $newDNSServers = $ad_ip 11 | $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.56."} 12 | # Don't do this in Azure. If the network adatper description contains "Hyper-V", this won't apply changes. 13 | # Specify the DC as a WINS server to help with connectivity as well 14 | $adapters | ForEach-Object {if (!($_.Description).Contains("Hyper-V")) {$_.SetDNSServerSearchOrder($newDNSServers); $_.SetWINSServer($newDNSServers, "")}} 15 | 16 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining to domain..." 17 | $hostname = $(hostname) 18 | $user = $domain+"\vagrant" 19 | $pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force 20 | $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass 21 | 22 | # Place the computer in the correct OU based on hostname 23 | # Retry up to 3 times. Sleep 15 seconds between tries. 24 | If (($hostname -eq "wef") -or ($hostname -eq "exchange")) { 25 | $tries = 0 26 | While ($tries -lt 3) { 27 | Try { 28 | $tries += 1 29 | Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Servers,dc="+$domain.split('.')[0]+",dc="+$domain.split('.')[1] -PassThru -ErrorAction Stop 30 | Break 31 | } Catch { 32 | $tries += 1 33 | Write-Host $_.Exception.Message 34 | Start-Sleep 15 35 | } 36 | } 37 | # Attempt to fix Issue #517 38 | Set-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control' -Name 'WaitToKillServiceTimeout' -Value '500' -Type String -Force -ea SilentlyContinue 39 | New-ItemProperty -LiteralPath 'HKCU:\Control Panel\Desktop' -Name 'AutoEndTasks' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue 40 | Set-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control\SessionManager\Power' -Name 'HiberbootEnabled' -Value 0 -Type DWord -Force -ea SilentlyContinue 41 | } ElseIf ($hostname -eq "win10") { 42 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Adding Win10 to the domain. Sometimes this step times out. If that happens, just run 'vagrant reload win10 --provision'" #debug 43 | Add-Computer -DomainName $domain -credential $DomainCred -OUPath "ou=Workstations,dc="+$domain.split('.')[0]+",dc="+$domain.split('.')[1] 44 | } Else { 45 | Add-Computer -DomainName $domain -credential $DomainCred -PassThru 46 | } 47 | 48 | # Stop Windows Update 49 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling Windows Updates and Windows Module Services" 50 | Set-Service wuauserv -StartupType Disabled 51 | Stop-Service wuauserv 52 | Set-Service TrustedInstaller -StartupType Disabled 53 | Stop-Service TrustedInstaller 54 | 55 | # Uninstall Windows Defender from WEF 56 | # This command isn't supported on WIN10 57 | If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction SilentlyContinue).status -eq 'Running') { 58 | # Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201) 59 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Uninstalling Windows Defender..." 60 | Try { 61 | Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop 62 | Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop 63 | } Catch { 64 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..." 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /scripts/create-domain.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Creates the "backbag.local" domain 2 | # Source: https://github.com/StefanScherer/adfs2, modified script to allow it to take params 3 | 4 | param ([String] $ip, [String] $domain, [String] $netbiosName) 5 | 6 | $subnet = $ip -replace "\.\d+$", "" 7 | 8 | 9 | if ((gwmi win32_computersystem).partofdomain -eq $false) { 10 | 11 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools" 12 | Import-Module ServerManager 13 | Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter 14 | 15 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..." 16 | # Disable password complexity policy 17 | secedit /export /cfg C:\secpol.cfg 18 | (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg 19 | secedit /configure /db C:\Windows\security\local.sdb /cfg C:\secpol.cfg /areas SECURITYPOLICY 20 | rm -force C:\secpol.cfg -confirm:$false 21 | 22 | # Set administrator password 23 | $computerName = $env:COMPUTERNAME 24 | $adminPassword = "vagrant" 25 | $adminUser = [ADSI] "WinNT://$computerName/Administrator,User" 26 | $adminUser.SetPassword($adminPassword) 27 | 28 | $PlainPassword = "vagrant" # "P@ssw0rd" 29 | $SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force 30 | 31 | # Windows Server 2016 R2 32 | Install-WindowsFeature AD-domain-services 33 | Import-Module ADDSDeployment 34 | Install-ADDSForest ` 35 | -SafeModeAdministratorPassword $SecurePassword ` 36 | -CreateDnsDelegation:$false ` 37 | -DatabasePath "C:\Windows\NTDS" ` 38 | -DomainMode "7" ` 39 | -DomainName $domain ` 40 | -DomainNetbiosName $netbiosName ` 41 | -ForestMode "7" ` 42 | -InstallDns:$true ` 43 | -LogPath "C:\Windows\NTDS" ` 44 | -NoRebootOnCompletion:$true ` 45 | -SysvolPath "C:\Windows\SYSVOL" ` 46 | -Force:$true 47 | 48 | $newDNSServers = "127.0.0.1", "8.8.8.8", "4.4.4.4" 49 | 50 | $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) } 51 | if ($adapters) { 52 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS" 53 | # Don't do this in Azure. If the network adatper description contains "Hyper-V", this won't apply changes. 54 | $adapters | ForEach-Object {if (!($_.Description).Contains("Hyper-V")) {$_.SetDNSServerSearchOrder($newDNSServers)}} 55 | } 56 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC" 57 | c:\windows\system32\tzutil.exe /s "UTC" 58 | 59 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Excluding NAT interface from DNS" 60 | $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "172.25.*" } 61 | $dnslistenip=$nics.IPAddress 62 | $dnslistenip 63 | dnscmd /ResetListenAddresses $dnslistenip 64 | 65 | $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "10.*" } 66 | foreach($nic in $nics) { 67 | $nic.DomainDNSRegistrationEnabled = $false 68 | $nic.SetDynamicDNSRegistration($false) |Out-Null 69 | } 70 | 71 | $RRs= Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@" 72 | foreach($RR in $RRs) { 73 | if ( (Select-Object -InputObject $RR HostName,RecordType -ExpandProperty RecordData).IPv4Address -ilike "10.*") { 74 | Remove-DnsServerResourceRecord -ZoneName $domain -RRType A -Name "@" -RecordData $RR.RecordData.IPv4Address -Confirm 75 | } 76 | } 77 | Restart-Service DNS 78 | } 79 | 80 | # Uninstall Windows Defender 81 | If ((Get-Service -Name WinDefend -ErrorAction SilentlyContinue).status -eq 'Running') { 82 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Uninstalling Windows Defender..." 83 | Try { 84 | Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop 85 | Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop 86 | } 87 | Catch { 88 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..." 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /scripts/install-iis-utils.ps1: -------------------------------------------------------------------------------- 1 | # IIS Server setups. Installs tools as well. 2 | 3 | mkdir C:\Tools\ 4 | 5 | function Set-Shortcut([String] $src, [String] $dst) { 6 | $WshShell = New-Object -comObject WScript.Shell 7 | $Shortcut = $WshShell.CreateShortcut($dst) 8 | $Shortcut.TargetPath = $src 9 | $Shortcut.Save() 10 | } 11 | ############################################################################################# 12 | function Install-Choco { 13 | If (-not (Test-Path "C:\ProgramData\chocolatey")) { 14 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 15 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Chocolatey" 16 | Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) 17 | } else { 18 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Chocolatey is already installed." 19 | } 20 | } 21 | ############################################################################################# 22 | function Install-ChocoEssentials { 23 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing essential choco packages..." 24 | ########################################################## 25 | $pkgs = 'NotepadPlusPlus', 26 | '7zip', 27 | 'git', 28 | 'GoogleChrome', 29 | 'vscode.portable' 30 | ForEach ($pkgName in $pkgs) 31 | { 32 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 33 | } 34 | RefreshEnv 35 | $desk = 'C:\users\vagrant\desktop\' 36 | Set-Shortcut -src 'C:\ProgramData\chocolatey\bin' -dst $desk'ChocoBins.lnk' 37 | } 38 | ############################################################################################# 39 | function Install-IIS { 40 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing IIS..." 41 | # Get-WindowsFeature -Name Web-* 42 | # Get-WindowsOptionalFeature -Online -FeatureName "IIS-*" | findstr "FeatureName" 43 | dism /online /enable-feature /featurename:IIS-WebServer /all 44 | dism /online /enable-feature /featurename:IIS-HttpRedirect /all 45 | dism /online /enable-feature /featurename:IIS-WebDAV /all 46 | dism /online /enable-feature /featurename:IIS-WebSockets /all 47 | dism /online /enable-feature /featurename:IIS-ApplicationInit /all 48 | dism /online /enable-feature /featurename:IIS-NetFxExtensibility /all 49 | dism /online /enable-feature /featurename:IIS-NetFxExtensibility45 /all 50 | dism /online /enable-feature /featurename:IIS-ISAPIExtensions /all 51 | dism /online /enable-feature /featurename:IIS-ISAPIFilter /all 52 | dism /online /enable-feature /featurename:IIS-ASPNET /all 53 | dism /online /enable-feature /featurename:IIS-ASPNET45 /all 54 | dism /online /enable-feature /featurename:IIS-ASP /all 55 | dism /online /enable-feature /featurename:IIS-CGI /all 56 | dism /online /enable-feature /featurename:IIS-CertProvider /all 57 | dism /online /enable-feature /featurename:IIS-BasicAuthentication /all 58 | dism /online /enable-feature /featurename:IIS-WindowsAuthentication /all 59 | dism /online /enable-feature /featurename:IIS-DigestAuthentication /all 60 | dism /online /enable-feature /featurename:IIS-ClientCertificateMappingAuthentication /all 61 | dism /online /enable-feature /featurename:IIS-IISCertificateMappingAuthentication /all 62 | dism /online /enable-feature /featurename:IIS-URLAuthorization /all 63 | dism /online /enable-feature /featurename:IIS-ManagementConsole /all 64 | dism /online /enable-feature /featurename:IIS-IPSecurity /all 65 | dism /online /enable-feature /featurename:IIS-ServerSideIncludes /all 66 | dism /online /enable-feature /featurename:IIS-FTPServer /all 67 | dism /online /enable-feature /featurename:IIS-FTPSvc /all 68 | } 69 | ############################################################################################# 70 | function Get-WebShells { 71 | mkdir C:\Tools\webshells 72 | 73 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading webshells..." 74 | Try { 75 | (New-Object System.Net.WebClient).DownloadFile( 76 | 'https://github.com/samratashok/nishang/raw/master/Antak-WebShell/antak.aspx', 77 | 'C:\Tools\webshells\antak.aspx') 78 | 79 | } Catch { 80 | Write-Host "Webshells download failed..." 81 | } 82 | $desk = 'C:\users\vagrant\desktop\' 83 | Set-Shortcut -src 'C:\Tools\' -dst $desk'Tools.lnk' 84 | } 85 | 86 | ################################################################################################ 87 | 88 | Install-Choco 89 | Install-ChocoEssentials 90 | Install-IIS 91 | Get-WebShells -------------------------------------------------------------------------------- /scripts/nix_bootstrap.sh: -------------------------------------------------------------------------------- 1 | SPIDERFOOT_VERSION=4.0 2 | YARA_VERSION=4.2.1 3 | COMPOSE_VERSION=2.5.0 4 | FENNEC_VERSION=0.3.3 5 | ######################################################################################################### 6 | modify_motd() { 7 | echo "[$(date +%H:%M:%S)]: Updating the MOTD..." 8 | # Force color terminal 9 | sed -i 's/#force_color_prompt=yes/force_color_prompt=yes/g' /root/.bashrc 10 | sed -i 's/#force_color_prompt=yes/force_color_prompt=yes/g' /home/vagrant/.bashrc 11 | # Remove some stock Ubuntu MOTD content 12 | chmod -x /etc/update-motd.d/10-help-text 13 | # Copy the DetectionLab MOTD 14 | cp /vagrant/resources/nixbox/20-backbag /etc/update-motd.d/ 15 | chmod +x /etc/update-motd.d/20-backbag 16 | rm /etc/update-motd.d/50-landscape-sysinfo 17 | } 18 | ######################################################################################################### 19 | apt_install_prerequisites() { 20 | echo "[$(date +%H:%M:%S)]: Adding apt repositories..." 21 | # Add repository for docker 22 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 23 | add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" 24 | apt-cache policy docker-ce 25 | # Add repository for apt-fast 26 | add-apt-repository -y -n ppa:apt-fast/stable 27 | echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list 28 | curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null 29 | echo "[$(date +%H:%M:%S)]: Running apt-get clean..." 30 | apt clean 31 | echo "[$(date +%H:%M:%S)]: Running apt-get update..." 32 | apt -qq update 33 | echo "[$(date +%H:%M:%S)]: Installing apt-fast..." 34 | # https://github.com/ilikenwf/apt-fast#interaction-free-installation 35 | echo debconf apt-fast/maxdownloads string 16 | debconf-set-selections 36 | echo debconf apt-fast/dlflag boolean true | debconf-set-selections 37 | echo debconf apt-fast/aptmanager string apt-get | debconf-set-selections 38 | apt -qq install -y apt-fast 39 | echo "[$(date +%H:%M:%S)]: Using apt-fast to install packages..." 40 | apt-fast install -y wget net-tools apt-transport-https ca-certificates curl software-properties-common build-essential libssl-dev libffi-dev python3-dev python3-pip python3-venv automake libtool make gcc pkg-config 41 | } 42 | ######################################################################################################### 43 | apt_install_docker(){ 44 | # Install docker 45 | apt -y install docker-ce 46 | # Install docker compose 47 | # check https://github.com/docker/compose/releases for version 48 | curl -L "https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose &&\ 49 | chmod +x /usr/local/bin/docker-compose 50 | } 51 | ######################################################################################################### 52 | apt_install_scanners(){ 53 | apt-fast install -y nmap masscan 54 | } 55 | ######################################################################################################### 56 | apt_install_zeek(){ 57 | # https://software.opensuse.org//download.html?project=security%3Azeek&package=zeek-lts 58 | echo "postfix postfix/mailname string example.com" | debconf-set-selections 59 | echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections 60 | apt -y install zeek-lts 61 | } 62 | ######################################################################################################### 63 | install_metasploit(){ 64 | # https://docs.rapid7.com/metasploit/installing-the-metasploit-framework/ 65 | curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall 66 | } 67 | ######################################################################################################### 68 | install_sliverc2(){ 69 | # https://github.com/BishopFox/sliver 70 | curl https://sliver.sh/install|sudo bash 71 | } 72 | ######################################################################################################### 73 | install_radare2(){ 74 | # https://github.com/radareorg/radare2#installation 75 | git clone https://github.com/radareorg/radare2 76 | cd radare2 77 | radare2/sys/install.sh 78 | cd /home/vagrant 79 | # clean up 80 | rm -rf /home/vagrant/radare2 81 | } 82 | ######################################################################################################### 83 | install_yara(){ 84 | # https://github.com/radareorg/radare2#installation 85 | cd /home/vagrant 86 | wget https://github.com/VirusTotal/yara/archive/refs/tags/v${YARA_VERSION}.tar.gz 87 | tar -zxf yara-${YARA_VERSION}.tar.gz 88 | cd yara-${YARA_VERSION} 89 | ./bootstrap.sh 90 | ./configure --enable-magic --enable-dotnet 91 | make 92 | make install 93 | # clean up 94 | rm -rf /home/vagrant/yara-${YARA_VERSION}.tar.gz 95 | } 96 | ######################################################################################################### 97 | install_binlex(){ 98 | # https://github.com/c3rb3ru5d3d53c/binlex 99 | # deps 100 | apt-fast install -y git build-essential cmake make parallel doxygen git-lfs rpm python3 python3-dev 101 | cd /home/vagrant 102 | git clone --recursive https://github.com/c3rb3ru5d3d53c/binlex.git 103 | # Install 104 | cd binlex/ 105 | make threads=4 106 | make install 107 | cd /home/vagrant 108 | chown -R vagrant:vagrant binlex/ 109 | } 110 | ####################################################################################################### 111 | install_pywhat(){ 112 | # https://github.com/bee-san/pyWhat 113 | pip3 install pywhat[optimize] 114 | } 115 | ######################################################################################################### 116 | install_spiderfoot(){ 117 | cd /opt 118 | wget https://github.com/smicallef/spiderfoot/archive/v${SPIDERFOOT_VERSION}.tar.gz 119 | chmod +x run_spiderfoot.sh 120 | # clean up 121 | cd .. 122 | rm -rf v${SPIDERFOOT_VERSION}.tar.gz 123 | cd /home/vagrant 124 | } 125 | ######################################################################################################### 126 | install_wwwtree(){ 127 | # https://github.com/t3l3machus/wwwtree 128 | cd /opt 129 | git clone https://github.com/t3l3machus/wwwtree.git 130 | cd wwwtree 131 | pip3 install -r requirements.txt 132 | cd /home/vagrant 133 | } 134 | ######################################################################################################### 135 | install_villain(){ 136 | # https://github.com/t3l3machus/Villain 137 | cd /opt 138 | git clone https://github.com/t3l3machus/Villain.git 139 | cd Villain 140 | pip3 install -r requirements.txt 141 | cd /home/vagrant 142 | } 143 | ######################################################################################################### 144 | install_barq(){ 145 | # https://github.com/Voulnet/barq 146 | cd /opt 147 | git clone https://github.com/Voulnet/barq.git 148 | cd barq 149 | pip3 install -r requirements.txt 150 | cd /home/vagrant 151 | } 152 | ######################################################################################################### 153 | install_fennec(){ 154 | # https://github.com/AbdulRhmanAlfaifi/Fennec 155 | cd /opt 156 | wget https://github.com/AbdulRhmanAlfaifi/Fennec/releases/download/v${FENNEC_VERSION}/fennec_linux_x86_64 157 | chmod +x fennec_linux_x86_64 158 | cd /home/vagrant 159 | } 160 | ######################################################################################################### 161 | install_arkime(){ 162 | ## PRE-REQUISITE: docker, to run ES 163 | # https://arkime.com/downloads 164 | ARKIME_DEB=arkime_3.4.2-1_amd64.deb 165 | ES_IMAGE=elasticsearch:7.17.5 166 | ARKIME_INSTALL_DIR=/opt/arkime 167 | ARKIME_NAME=arkime 168 | ARKIME_PORT=8080 169 | 170 | echo "Arkime - Pulling $ES_IMAGE" 171 | #docker pull $ES_IMAGE; 172 | 173 | echo "Arkime - Downloading DEB package" 174 | #cd /opt && wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-20.04/$ARKIME_DEB; 175 | 176 | echo "Arkime - Installing DEB package" 177 | cd /opt && apt install -f ./$ARKIME_DEB; 178 | 179 | echo "Arkime - Running $ES_IMAGE container (name: es01)" 180 | docker run --name es01 -p 9200:9200 -p 9300:9300 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1" -e "xpack.security.enabled=false" -d -it $ES_IMAGE; 181 | echo "Arkime - Giving Elasticsearch time to start up (30 secs)" 182 | sleep 30; 183 | 184 | echo "Arkime - Generating config file" 185 | sed -e "s/ARKIME_INTERFACE/eth0;eth1/g" -e "s/viewPort = 8005/viewPort = $ARKIME_PORT/g" -e "s,ARKIME_ELASTICSEARCH,http://localhost:9200,g" -e "s/ARKIME_PASSWORD/changeme/g" -e "s,ARKIME_INSTALL_DIR,/opt/arkime,g" < $ARKIME_INSTALL_DIR/etc/config.ini.sample > $ARKIME_INSTALL_DIR/etc/config.ini; 186 | 187 | echo "Arkime - Creating log dirs" 188 | CREATEDIRS="logs raw" 189 | for CREATEDIR in $CREATEDIRS; do 190 | mkdir -m 0700 -p $ARKIME_INSTALL_DIR/$CREATEDIR && \ 191 | chown nobody $ARKIME_INSTALL_DIR/$CREATEDIR 192 | done 193 | 194 | if [ -d "/etc/logrotate.d" ] && [ ! -f "/etc/logrotate.d/$ARKIME_NAME" ]; then 195 | echo "Arkime - Installing /etc/logrotate.d/$ARKIME_NAME to rotate files after 7 days" 196 | cat << EOF > /etc/logrotate.d/$ARKIME_NAME 197 | $ARKIME_INSTALL_DIR/logs/capture.log 198 | $ARKIME_INSTALL_DIR/logs/viewer.log { 199 | daily 200 | rotate 7 201 | notifempty 202 | copytruncate 203 | } 204 | EOF 205 | fi 206 | 207 | if [ -d "/etc/security/limits.d" ] && [ ! -f "/etc/security/limits.d/99-arkime.conf" ]; then 208 | echo "Arkime - Installing /etc/security/limits.d/99-arkime.conf to make core and memlock unlimited" 209 | cat << EOF > /etc/security/limits.d/99-arkime.conf 210 | nobody - core unlimited 211 | root - core unlimited 212 | nobody - memlock unlimited 213 | root - memlock unlimited 214 | EOF 215 | fi 216 | 217 | echo "Arkime - Downloading GEO files (see https://arkime.com/faq#maxmind)" 218 | $ARKIME_INSTALL_DIR/bin/arkime_update_geo.sh > /dev/null 219 | 220 | echo "Arkime - Clearing Elasticsearch" 221 | $ARKIME_INSTALL_DIR/db/db.pl http://localhost:9200 init \ 222 | echo "Arkime - Creating admin user" 223 | $ARKIME_INSTALL_DIR/bin/arkime_add_user.sh admin "Admin User" changeme --admin 224 | echo "Arkime - Starting capture and viewer services" 225 | systemctl start arkimecapture.service && systemctl start arkimeviewer.service 226 | echo "Arkime - Service running on port 8080" 227 | } 228 | ######################################################################################################### 229 | get_airstrike(){ 230 | # https://github.com/smokeme/airstrike 231 | cd /opt 232 | git clone https://github.com/smokeme/airstrike.git 233 | cd /home/vagrant 234 | } 235 | ######################################################################################################### 236 | docker_evilwinrm(){ 237 | # https://github.com/Hackplayers/evil-winrm 238 | docker pull oscarakaelvis/evil-winrm:latest 239 | echo "docker run --rm -ti --name evil-winrm -v /home/foo/ps1_scripts:/ps1_scripts -v /home/foo/exe_files:/exe_files -v /home/foo/data:/data oscarakaelvis/evil-winrm" > /opt/evilwinrm.sh 240 | } 241 | ######################################################################################################### 242 | docker_powershell_empire(){ 243 | # https://bc-security.gitbook.io/empire-wiki/quickstart/installation 244 | docker pull bcsecurity/empire:latest 245 | } 246 | ######################################################################################################### 247 | docker_crackmapexec(){ 248 | # https://mpgn.gitbook.io/crackmapexec/getting-started/installation/installation-for-docker 249 | docker pull byt3bl33d3r/crackmapexec 250 | echo "docker run -it --entrypoint=/bin/sh --name crackmapexec -v ~/.cme:/root/.cme byt3bl33d3r/crackmapexec" > /opt/crackmapexec.sh 251 | } 252 | ######################################################################################################### 253 | docker_clamav(){ 254 | # https://docs.clamav.net/manual/Installing/Docker.html 255 | # note: latest_base does not contain av sigs 256 | docker pull clamav/clamav:latest_base 257 | echo -e 'docker run -it --rm \n--mount type=bind,source=/path/to/scan,target=/scandir \n--mount type=bind,source=/opt/clamav/databases,target=/var/lib/clamav \nclamav/clamav:latest_base \nclamscan /scandir' > /opt/clamav.sh 258 | } 259 | ################################################################################# 260 | ################################################################################# 261 | ################################################################################# 262 | 263 | 264 | main() { 265 | modify_motd 266 | apt_install_prerequisites 267 | apt_install_docker 268 | apt_install_scanners 269 | apt_install_zeek 270 | #install_arkime # Requires Docker. Tested w/2 CPU cores, 4GB 271 | install_binlex 272 | install_metasploit 273 | install_sliverc2 274 | install_radare2 275 | install_yara 276 | install_pywhat 277 | install_wwwtree 278 | install_villain 279 | install_barq 280 | install_fennec 281 | install_spiderfoot 282 | get_airstrike 283 | docker_evilwinrm 284 | docker_powershell_empire 285 | docker_crackmapexec 286 | docker_clamav 287 | ### clean up 288 | apt -y autoremove 289 | } 290 | 291 | main 292 | exit 0 -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | ################################################################################### 2 | # ______ _ ______ 3 | # | ___ \ | | | ___ \ 4 | # | |_/ / __ _ ___| | _| |_/ / __ _ __ _ 5 | # | ___ \/ _` |/ __| |/ / ___ \/ _` |/ _` | 6 | # | |_/ / (_| | (__| <| |_/ / (_| | (_| | 7 | # \____/ \__,_|\___|_|\_\____/ \__,_|\__, | 8 | # __/ | 9 | # |___/ 10 | # 11 | # Special thanks to https://github.com/clong/DetectionLab for creating & maintaining the Windows Vagrant Boxes <3 12 | 13 | ###### CONFIG VARIABLES ########################################################### 14 | 15 | # Lab VM Selection 16 | NIX01 = false 17 | WINSRV01 = false 18 | WINSRV02 = false 19 | WIN01 = true 20 | 21 | ###################################################### 22 | # IPs 23 | # Ensure ips are in the 192.168.56.x/24 range for the project to work 24 | # Might work on removing this restriction if there are requests for it 25 | WINSRV01_IP = "192.168.56.5" 26 | WINSRV02_IP = "192.168.56.10" 27 | WIN01_IP = "192.168.56.20" 28 | NIX01_IP = "192.168.56.30" 29 | #---------- 30 | # VM Specs 31 | NIX01_CPU = 1 32 | NIX01_RAM = 1024 33 | # 34 | WINSRV01_CPU = 1 35 | WINSRV01_RAM = 2048 36 | # 37 | WINSRV02_CPU = 1 38 | WINSRV02_RAM = 2048 39 | # 40 | WIN01_CPU = 2 41 | WIN01_RAM = 4096 42 | #--------------------------------------------------------------------------------- 43 | ###################################################### 44 | # WINSRV01 Config 45 | ### 46 | # Promote to Domain Controller 47 | IS_DC = 1 48 | # Will only be relevant if you are promoting WINSRV01 to a Domain Controller 49 | # if u want to modify the domain name, ensure it is in SOMETHING.SOMETHING format 50 | DOMAIN = "backbag.local" 51 | NETBIOS_NAME = "BACKBAG" 52 | # No need to modify the below, its taking the values above to build provisioning params 53 | SRV01_ARGS = "-ad_ip #{WINSRV01_IP} -domain #{DOMAIN} -netbiosName #{NETBIOS_NAME} -isDC #{IS_DC}" 54 | ###################################################### 55 | # WINSRV02 Config 56 | ### 57 | # Join WINSRV02 to domain 58 | AD_DOMAIN = 1 59 | # Install IIS on WINSRV02 60 | SETUP_IIS = 1 61 | SRV02_ARGS = "-joinDomain #{AD_DOMAIN} -ad_ip #{WINSRV01_IP} -domain #{DOMAIN}" 62 | ###################################################### 63 | # WIN01 Config 64 | ### 65 | # Join WIN01 to domain 66 | AD_DOMAIN = 0 # 0 = will not join to domain, change to 1 to join 67 | WIN10_ARGS = "-joinDomain #{AD_DOMAIN} -ad_ip #{WINSRV01_IP} -domain #{DOMAIN}" 68 | ###################################################### 69 | # Mounts 2 folders on the Windows VMs 70 | # This is needed when provisioning on macOS using VBox 71 | # Make sure you set it to `false` before analyzing malware after you 72 | # finish provisioning the VMs 73 | MOUNT = true 74 | ###### /CONFIG VARIABLES ########################################################## 75 | 76 | Vagrant.configure("2") do |config| 77 | if NIX01 78 | config.vm.define "nix01" do |cfg| 79 | cfg.vm.box = "bento/ubuntu-20.04" 80 | cfg.vm.hostname = "bb-nix01" 81 | cfg.vm.provision :shell, path: "scripts/nix_bootstrap.sh" 82 | cfg.vm.network :private_network, ip: NIX01_IP, gateway: "192.168.56.1", dns: "8.8.8.8" 83 | 84 | # web access 85 | # cfg.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true 86 | # cfg.vm.network "forwarded_port", guest: 443, host: 8443, auto_correct: true 87 | # For Arkime: 88 | # cfg.vm.network "forwarded_port", guest: 8080, host: 8081, auto_correct: true 89 | # 90 | 91 | cfg.vm.provider "vmware_desktop" do |v, override| 92 | v.vmx["displayname"] = "backbag-nix01" 93 | v.vmx["virtualhw.version"] = 16 94 | v.memory = NIX01_RAM 95 | v.cpus = NIX01_CPU 96 | v.gui = true 97 | end 98 | cfg.vm.provider "virtualbox" do |v, override| 99 | v.gui = true 100 | v.name = "backbag-nix01" 101 | v.customize ["modifyvm", :id, "--memory", NIX01_RAM] 102 | v.customize ["modifyvm", :id, "--cpus", NIX01_CPU] 103 | v.customize ["modifyvm", :id, "--vram", "32"] 104 | v.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] 105 | v.customize ["modifyvm", :id, "--clipboard", "bidirectional"] 106 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 107 | v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] 108 | end 109 | end 110 | end 111 | #------------------------------------------------------------------------------------------- 112 | if WINSRV01 113 | config.vm.define "winsrv01" do |cfg| 114 | cfg.vm.box = "detectionlab/win2016" 115 | cfg.vm.box_version = "1.9" 116 | cfg.vm.hostname = "bb-winsrv01" 117 | 118 | cfg.vm.boot_timeout = 600 119 | cfg.winrm.transport = :plaintext 120 | cfg.vm.communicator = "winrm" 121 | cfg.winrm.basic_auth_only = true 122 | cfg.winrm.timeout = 300 123 | cfg.winrm.retry_limit = 20 124 | 125 | cfg.vm.network :private_network, ip: WINSRV01_IP, gateway: "192.168.56.1", dns: "8.8.8.8" 126 | # rdp access 127 | cfg.vm.network "forwarded_port", guest: 3389, host: 63389, auto_correct: true 128 | # 129 | 130 | # https://www.vagrantup.com/docs/synced-folders 131 | # solves: Enabling and configuring shared folders timeout 132 | cfg.vm.synced_folder '.', '/vagrant', disabled: true 133 | if MOUNT 134 | # solve vbox issue on macos when provisioning 135 | cfg.vm.provision "file", source: "scripts", destination: "c:/vagrant/" 136 | cfg.vm.provision "file", source: "resources", destination: "c:/vagrant/" 137 | # 138 | end 139 | 140 | cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip #{WINSRV01_IP} -dns 8.8.8.8 -gateway 192.168.56.1" 141 | cfg.vm.provision "shell", path: "scripts/set-wallpaper.ps1", privileged: false 142 | cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false 143 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: SRV01_ARGS 144 | cfg.vm.provision "reload" 145 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: SRV01_ARGS 146 | if IS_DC == 1 147 | cfg.vm.provision "shell", path: "scripts/install-ad-utils.ps1", privileged: false 148 | end 149 | cfg.vm.provision "shell", path: "scripts/install-sysmon.ps1", privileged: false 150 | 151 | 152 | cfg.vm.provider "vmware_desktop" do |v, override| 153 | v.vmx["ethernet1.pcislotnumber"] = "33" 154 | v.vmx["displayname"] = "backbag-winsrv01" 155 | v.memory = WINSRV01_RAM 156 | v.cpus = WINSRV01_CPU 157 | v.gui = true 158 | end 159 | cfg.vm.provider "virtualbox" do |v, override| 160 | v.gui = true 161 | v.name = "backbag-winsrv01" 162 | v.default_nic_type = "82545EM" 163 | v.customize ["modifyvm", :id, "--memory", WINSRV01_RAM] 164 | v.customize ["modifyvm", :id, "--cpus", WINSRV01_CPU] 165 | v.customize ["modifyvm", :id, "--vram", "32"] 166 | v.customize ["modifyvm", :id, "--clipboard", "bidirectional"] 167 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 168 | v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] 169 | end 170 | end 171 | end 172 | #------------------------------------------------------------------------------------------- 173 | if WINSRV02 174 | config.vm.define "winsrv02" do |cfg| 175 | cfg.vm.box = "detectionlab/win2016" 176 | cfg.vm.box_version = "1.9" 177 | cfg.vm.hostname = "bb-winsrv02" 178 | 179 | cfg.vm.boot_timeout = 600 180 | cfg.winrm.transport = :plaintext 181 | cfg.vm.communicator = "winrm" 182 | cfg.winrm.basic_auth_only = true 183 | cfg.winrm.timeout = 300 184 | cfg.winrm.retry_limit = 20 185 | 186 | cfg.vm.network :private_network, ip: WINSRV02_IP, gateway: "192.168.56.1", dns: "8.8.8.8" 187 | 188 | # rdp access 189 | cfg.vm.network "forwarded_port", guest: 3389, host: 53389, auto_correct: true 190 | # 191 | 192 | # https://www.vagrantup.com/docs/synced-folders 193 | # solves: Enabling and configuring shared folders timeout 194 | cfg.vm.synced_folder '.', '/vagrant', disabled: true 195 | if MOUNT 196 | # solve vbox issue on macos when provisioning 197 | cfg.vm.provision "file", source: "scripts", destination: "c:/vagrant/" 198 | cfg.vm.provision "file", source: "resources", destination: "c:/vagrant/" 199 | # 200 | end 201 | 202 | cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip #{WINSRV02_IP} -dns 8.8.8.8 -gateway 192.168.56.1" 203 | cfg.vm.provision "shell", path: "scripts/set-wallpaper.ps1", privileged: false 204 | cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false 205 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: SRV02_ARGS 206 | cfg.vm.provision "reload" 207 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: SRV02_ARGS 208 | if SETUP_IIS == 1 209 | cfg.vm.provision "shell", path: "scripts/install-iis-utils.ps1", privileged: false 210 | end 211 | cfg.vm.provision "shell", path: "scripts/install-sysmon.ps1", privileged: false 212 | 213 | 214 | cfg.vm.provider "vmware_desktop" do |v, override| 215 | v.vmx["ethernet1.pcislotnumber"] = "33" 216 | v.vmx["displayname"] = "backbag-winsrv02" 217 | v.memory = WINSRV01_RAM 218 | v.cpus = WINSRV01_CPU 219 | v.gui = true 220 | end 221 | cfg.vm.provider "virtualbox" do |v, override| 222 | v.gui = true 223 | v.name = "backbag-winsrv02" 224 | v.default_nic_type = "82545EM" 225 | v.customize ["modifyvm", :id, "--memory", WINSRV02_RAM] 226 | v.customize ["modifyvm", :id, "--cpus", WINSRV02_CPU] 227 | v.customize ["modifyvm", :id, "--vram", "32"] 228 | v.customize ["modifyvm", :id, "--clipboard", "bidirectional"] 229 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 230 | v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] 231 | end 232 | cfg.vm.synced_folder '.', '/vagrant', disabled: true 233 | end 234 | end 235 | #------------------------------------------------------------------------------------------- 236 | if WIN01 237 | config.vm.define "win01" do |cfg| 238 | cfg.vm.box = "detectionlab/win10" 239 | cfg.vm.box_version = "1.8" 240 | cfg.vm.hostname = "bb-win01" 241 | 242 | cfg.vm.boot_timeout = 600 243 | cfg.winrm.transport = :plaintext 244 | cfg.vm.communicator = "winrm" 245 | cfg.winrm.basic_auth_only = true 246 | cfg.winrm.timeout = 300 247 | cfg.winrm.retry_limit = 20 248 | 249 | cfg.vm.network :private_network, ip: WIN01_IP, gateway: "192.168.56.1", dns: "8.8.8.8" 250 | # rdp access 251 | cfg.vm.network "forwarded_port", guest: 3389, host: 43389, auto_correct: true 252 | # 253 | 254 | # https://www.vagrantup.com/docs/synced-folders 255 | # solves: Enabling and configuring shared folders timeout 256 | cfg.vm.synced_folder '.', '/vagrant', disabled: true 257 | if MOUNT 258 | # solves: vbox issue on macos when provisioning 259 | cfg.vm.provision "file", source: "scripts", destination: "c:/vagrant/" 260 | cfg.vm.provision "file", source: "resources", destination: "c:/vagrant/" 261 | # 262 | end 263 | 264 | cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip #{WIN01_IP} -dns 8.8.8.8 -gateway 192.168.56.1" 265 | cfg.vm.provision "shell", path: "scripts/set-wallpaper.ps1", privileged: false 266 | cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false 267 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: WIN10_ARGS 268 | cfg.vm.provision "reload" 269 | cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false, args: WIN10_ARGS 270 | # ############################################################################################# 271 | # Script below contains Win tools and dev env setup 272 | cfg.vm.provision "shell", path: "scripts/install-analyst-utils.ps1", privileged: false 273 | # ############################################################################################## 274 | cfg.vm.provision "shell", path: "scripts/install-sysmon.ps1", privileged: false 275 | # ############################################################################################## 276 | 277 | cfg.vm.provider "vmware_desktop" do |v, override| 278 | v.vmx["ethernet1.pcislotnumber"] = "33" 279 | v.vmx["displayname"] = "backbag-win01" 280 | v.memory = WIN01_RAM 281 | v.cpus = WIN01_CPU 282 | v.gui = true 283 | end 284 | cfg.vm.provider "virtualbox" do |v, override| 285 | v.gui = true 286 | v.name = "backbag-win01" 287 | v.default_nic_type = "82545EM" 288 | v.customize ["modifyvm", :id, "--memory", WIN01_RAM] 289 | v.customize ["modifyvm", :id, "--cpus", WIN01_CPU] 290 | v.customize ["modifyvm", :id, "--vram", "32"] 291 | v.customize ["modifyvm", :id, "--clipboard", "bidirectional"] 292 | v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] 293 | v.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] 294 | end 295 | end 296 | end 297 | end 298 | -------------------------------------------------------------------------------- /scripts/set-wallpaper.ps1: -------------------------------------------------------------------------------- 1 | # taken from: https://gist.github.com/theagreeablecow/580797ac061698a6e0af 2 | # Modified it a bit to fit needs, removed overlay option from code 3 | #----------------------------------------------------------------------------------------------------------- 4 | # Set Wallpaper Variables # 5 | #--------------------------- 6 | 7 | #MyPics Options 8 | [STRING]$PicturesPath = [environment]::getfolderpath("MyPictures")+"\wallpaper" 9 | [BOOLEAN]$ResizeMyPics = $False 10 | 11 | #Web Options 12 | [INT]$MaxResults = 10 13 | [INT]$DaysBetweenSearches = 7 14 | [BOOLEAN]$ResizeWebPics = $True 15 | [STRING]$WebProxyServer = "your.proxy.here.lab" 16 | 17 | #Text Overlay Options 18 | [BOOLEAN]$TextOverlay = $True 19 | [STRING]$TextColour = "White" 20 | [STRING]$FontName = "Arial" 21 | [INT]$FontSize = 14 22 | [BOOLEAN]$ApplyHeader = $True 23 | [STRING]$TextAlign = "Right" 24 | [STRING]$Position = "High" 25 | 26 | #Wallpaper Style Options 27 | [STRING]$Style = "Fill" 28 | 29 | #Available Colours (NB. Also ensure to update the 'New-wallpaper' function with any new colours) 30 | $Grey = @(192,192,192) 31 | $Black = @(0,0,0) 32 | $White = @(255,255,255) 33 | $Red = @(220,20,60) 34 | $Green = @(0,128,0) 35 | $Yellow = @(255,255,0) 36 | $Blue = @(0,0,255) 37 | $CornflourBlue = @(100,149,237) 38 | 39 | #---------------------------------------------------------------------------------------------------------------- 40 | # Supporting Functions # 41 | #--------------------------- 42 | 43 | Function Get-MyImages { 44 | Param( [Parameter()] 45 | [string]$Path, 46 | 47 | [Parameter()] 48 | [string]$Selection="*", 49 | 50 | [Parameter()] 51 | [string]$Resize=$False 52 | ) 53 | 54 | # Check that folder exists, then select a random image 55 | if (Test-Path -Path $Path -pathType container) { 56 | 57 | # Resize images to match screen resolution 58 | if ($Resize -eq $True){ 59 | Write-Verbose -Message "Checking picture sizes. Large images will be resized to match screen resolution" -Verbose 60 | Set-ImageSize $Path 61 | } 62 | 63 | if ($Selection -eq "*"){ 64 | $WPRandom = Get-ChildItem -Recurse $Path | where {$_.Extension -eq ".jpg"} | Get-Random -Count 1 65 | Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $WPRandom.FullName 66 | } 67 | else{ 68 | $WPFile = $Path+"\"+$Selection 69 | if (Test-Path -Path $WPFile) { 70 | Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $WPFile 71 | } else { 72 | Write-Warning -Message "Failed cannot find wallpaper file $($WPFile)" 73 | break 74 | } 75 | } 76 | } 77 | else { 78 | Write-Warning -Message "Failed cannot find wallpaper folder $($Path)" 79 | } 80 | } 81 | 82 | 83 | Function Set-WebProxy(){ 84 | #Use this function if proxy is required for Get-GoogleImages 85 | $ProxyURL = "http://" + $WebProxyServer + ":8080" 86 | if(Test-Connection $WebProxyServer -Count 1 -Quiet){ 87 | $global:PSDefaultParameterValues = @{ 88 | 'Invoke-RestMethod:Proxy'=$ProxyURL 89 | 'Invoke-WebRequest:Proxy'=$ProxyURL 90 | '*:ProxyUseDefaultCredentials'=$true 91 | } 92 | } 93 | } 94 | 95 | 96 | Function Get-GoogleImages(){ 97 | Param( [Parameter()] 98 | [string]$SearchTerm="Wallpapers", 99 | 100 | [Parameter()] 101 | [string]$MaxResults, 102 | 103 | [Parameter()] 104 | [string]$DaysBetweenSearches, 105 | 106 | [Parameter()] 107 | [string]$Resize=$False 108 | ) 109 | 110 | Try{ 111 | # Identify Target folder and gather some stats on it 112 | $TargetFolder = "$($env:temp)\$SearchTerm" 113 | if ((Test-Path -Path $TargetFolder) -eq $false) {md $TargetFolder} 114 | $Folder = Get-Item $TargetFolder 115 | $Files = Get-ChildItem $TargetFolder | measure-Object 116 | 117 | # Run search if there are no previous results or if it hasn't been run for X Days 118 | if ($Files.count -eq 0 -OR (Get-Date).AddDays(-$DaysBetweenSearches) -gt $Folder.LastWriteTime){ 119 | Write-Verbose -Message "The search term is new or has not been run for $DaysBetweenSearches days. Performing search for $MaxResults pictures..." -Verbose 120 | 121 | $url = "https://www.google.com/search?q=$SearchTerm&espv=210&es_sm=93&source=lnms&tbm=isch&sa=X&tbm=isch&tbs=isz:lt%2Cislt:2mp" 122 | $browserAgent = 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36' 123 | $page = Invoke-WebRequest -Uri $url -UserAgent $browserAgent 124 | $page.Links | Where-Object { $_.href -like '*imgres*' } | Select-Object -first $MaxResults | 125 | ForEach-Object {($_.href -split 'imgurl=')[-1].Split('&')[0]} | 126 | ForEach-Object { 127 | $file = Split-Path -Path $_ -Leaf 128 | $path = Join-Path -Path $TargetFolder -ChildPath $file 129 | Invoke-WebRequest -Uri $_ -OutFile $path 130 | } 131 | 132 | # Clean up any small files (usually poor resolution or a failed download) 133 | Get-ChildItem $TargetFolder | where-object {$_.length -lt 250kb} | Remove-item 134 | 135 | # Resize images to match screen resolution 136 | if ($Resize -eq $True){ 137 | Write-Verbose -Message "Resizing pictures to match screen resolution" -Verbose 138 | Set-ImageSize $TargetFolder 139 | } 140 | } 141 | 142 | #Randomly select an image 143 | $WPRandom = Get-ChildItem -Recurse $TargetFolder | where {$_.Extension -eq ".jpg"} | Get-Random -Count 1 144 | Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $WPRandom.FullName 145 | } 146 | Catch { 147 | Write-Warning -Message "$($_.Exception.Message)" 148 | } 149 | } 150 | 151 | 152 | Function Set-ImageSize{ 153 | Param( [Parameter()] 154 | [string]$Directory 155 | ) 156 | 157 | Try{ 158 | [system.reflection.assembly]::loadWithPartialName('system.drawing.imaging') | out-null 159 | [system.reflection.assembly]::loadWithPartialName('system.windows.forms') | out-null 160 | $SR = [System.Windows.Forms.Screen]::AllScreens | Where Primary | Select -ExpandProperty Bounds | Select Width,Height 161 | $WidthPx = $SR.width 162 | $HeightPx = $SR.height 163 | 164 | $Files = Get-ChildItem $Directory -File | Select -exp Name 165 | 166 | foreach ($File in $Files){ 167 | #Get Image size 168 | $OldImage = new-object System.Drawing.Bitmap "$Directory\$File" 169 | $OldWidth = $OldImage.Width 170 | $OldHeight = $OldImage.Height 171 | 172 | #Choose only images that are bigger than the screen resolution 173 | If ($OldWidth -ge $WidthPx -OR $OldHeight -ge $HeightPx){ 174 | 175 | #Determine new dimensions (ensuring to keep proportions) 176 | if($OldWidth -lt $OldHeight){ 177 | $NewWidth = $WidthPx 178 | [int]$NewHeight = [Math]::Round(($NewWidth*$OldHeight)/$OldWidth) 179 | 180 | if($NewHeight -gt $HeightPx){ 181 | $NewHeight = $HeightPx 182 | [int]$NewWidth = [Math]::Round(($NewHeight*$OldWidth)/$OldHeight) 183 | } 184 | } 185 | else{ 186 | $NewHeight = $HeightPx 187 | [int]$NewWidth = [Math]::Round(($NewHeight*$OldWidth)/$OldHeight) 188 | 189 | if($NewWidth -gt $WidthPx){ 190 | $NewWidth = $WidthPx 191 | [int]$NewHeight = [Math]::Round(($NewWidth*$OldHeight)/$OldWidth) 192 | } 193 | } 194 | 195 | #Resize Working Image 196 | $NewImage = new-object System.Drawing.Bitmap $NewWidth,$NewHeight 197 | $Graphics = [System.Drawing.Graphics]::FromImage($NewImage) 198 | $Graphics.InterpolationMode = [System.Drawing.Drawing2D.InterpolationMode]::HighQualityBicubic 199 | $Graphics.DrawImage($OldImage, 0, 0, $NewWidth, $NewHeight) 200 | 201 | #Save Working Image 202 | $ImageFormat = $OldImage.RawFormat 203 | $OldImage.Dispose() 204 | $NewImage.Save("$Directory\$File",$ImageFormat) 205 | $NewImage.Dispose() 206 | } 207 | } 208 | } 209 | Catch { 210 | Write-Warning -Message "$($_.Exception.Message)" 211 | } 212 | } 213 | 214 | Function New-Wallpaper { 215 | Param( [Parameter()] 216 | [string] $OverlayText, 217 | 218 | [Parameter()] 219 | [string] $OutFile= "$($env:temp)\BGInfo.bmp", 220 | 221 | [Parameter()] 222 | [ValidateSet("Center","Left","Right")] 223 | [string]$TextAlign="Center", 224 | 225 | [Parameter()] 226 | [ValidateSet("High","Low")] 227 | [string]$Position="High", 228 | 229 | [Parameter()] 230 | [string]$TextColour="White", 231 | 232 | [Parameter()] 233 | [string]$BGColour="Grey", 234 | 235 | [Parameter()] 236 | [string]$FontName="Arial", 237 | 238 | [Parameter()] 239 | [ValidateRange(9,45)] 240 | [int32]$FontSize = 12, 241 | 242 | [Parameter()] 243 | [ValidateSet($TRUE,$FALSE)] 244 | [Boolean]$ApplyHeader=$TRUE, 245 | 246 | [Parameter()] 247 | [string]$BGType 248 | ) 249 | Begin { 250 | 251 | # Colour Palette 252 | Switch ($TextColour) { 253 | Grey {$TColour = $Grey} 254 | Black {$TColour = $Black} 255 | White {$TColour = $White} 256 | Red {$TColour = $Red} 257 | Green {$TColour = $Green} 258 | Yellow {$TColour = $Yellow} 259 | Blue {$TColour = $Blue} 260 | CornflourBlue {$TColour = $CornflourBlue} 261 | DEFAULT { 262 | Write-Warning "Text colour not found. Please try again" 263 | exit 264 | } 265 | } 266 | 267 | Switch ($BGColour) { 268 | Existing {$BG = "Existing"} 269 | Grey {$BG = $Grey} 270 | Black {$BG = $Black} 271 | White {$BG = $White} 272 | Red {$BG = $Red} 273 | Green {$BG = $Green} 274 | Yellow {$BG = $Yellow} 275 | Blue {$BG = $Blue} 276 | CornflourBlue {$BG = $CornflourBlue} 277 | DEFAULT { 278 | Write-Warning "Background colour not found. Please try again" 279 | exit 280 | } 281 | } 282 | 283 | # Make first line a header (bigger) 284 | if ($ApplyHeader -eq $TRUE){ 285 | $HeaderSize = $FontSize+1 286 | $TextSize = $FontSize-2 287 | } 288 | else { 289 | $HeaderSize = $FontSize 290 | $TextSize = $FontSize 291 | } 292 | 293 | Try { 294 | [system.reflection.assembly]::loadWithPartialName('system.drawing.imaging') | out-null 295 | [system.reflection.assembly]::loadWithPartialName('system.windows.forms') | out-null 296 | 297 | # Text alignment and position 298 | $sFormat = new-object system.drawing.stringformat 299 | 300 | Switch ($TextAlign) { 301 | Center {$sFormat.Alignment = [system.drawing.StringAlignment]::Center} 302 | Left {$sFormat.Alignment = [system.drawing.StringAlignment]::Near} 303 | Right {$sFormat.Alignment = [system.drawing.StringAlignment]::Far} 304 | } 305 | 306 | Switch ($Position) { 307 | High {$sFormat.LineAlignment = [system.drawing.StringAlignment]::Near} 308 | Low {$sFormat.LineAlignment = [system.drawing.StringAlignment]::Center} 309 | } 310 | 311 | Switch ($BGType) { 312 | 313 | MyPics { 314 | # Create new Bitmap background 315 | $wpath = (Get-ItemProperty 'HKCU:\Control Panel\Desktop' -Name WallPaper -ErrorAction Stop).WallPaper 316 | if (Test-Path -Path $wpath -PathType Leaf) { 317 | $bmp = new-object system.drawing.bitmap -ArgumentList $wpath 318 | $image = [System.Drawing.Graphics]::FromImage($bmp) 319 | $SR = $bmp | Select Width,Height 320 | } 321 | else { 322 | Write-Warning -Message "Failed cannot find the current wallpaper $($wpath)" 323 | break 324 | } 325 | 326 | #Set Background colour behind bitmap 327 | if ($BG -ne "Existing"){ 328 | Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value $BG 329 | } 330 | } 331 | 332 | Web { 333 | # Create new Bitmap background 334 | $wpath = (Get-ItemProperty 'HKCU:\Control Panel\Desktop' -Name WallPaper -ErrorAction Stop).WallPaper 335 | if (Test-Path -Path $wpath -PathType Leaf) { 336 | $bmp = new-object system.drawing.bitmap -ArgumentList $wpath 337 | $image = [System.Drawing.Graphics]::FromImage($bmp) 338 | $SR = $bmp | Select Width,Height 339 | } 340 | else { 341 | Write-Warning -Message "Failed cannot find the current wallpaper $($wpath)" 342 | break 343 | } 344 | 345 | #Set Background colour behind bitmap 346 | if ($BG -ne "Existing"){ 347 | Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value $BG 348 | } 349 | } 350 | 351 | Colour { 352 | #Create 353 | $SR = [System.Windows.Forms.Screen]::AllScreens | Where Primary | Select -ExpandProperty Bounds | Select Width,Height 354 | 355 | # Create Bitmap 356 | $bmp = new-object system.drawing.bitmap($SR.Width,$SR.Height) 357 | $image = [System.Drawing.Graphics]::FromImage($bmp) 358 | 359 | $image.FillRectangle( 360 | (New-Object Drawing.SolidBrush ( 361 | [System.Drawing.Color]::FromArgb($BG[0],$BG[1],$BG[2]) 362 | )), 363 | (new-object system.drawing.rectanglef(0,0,($SR.Width),($SR.Height))) 364 | ) 365 | 366 | #Set Background colour behind bitmap 367 | if ($BG -ne "Existing"){ 368 | Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value $BG 369 | } 370 | } 371 | } 372 | } 373 | 374 | Catch { 375 | Write-Warning -Message "$($_.Exception.Message)" 376 | break 377 | } 378 | } 379 | Process { 380 | 381 | # Split Text array 382 | $artext = ($OverlayText -split "\r\n") 383 | 384 | $i = 1 385 | Try { 386 | for ($i ; $i -le $artext.Count ; $i++) { 387 | if ($i -eq 1) { 388 | $font1 = New-Object System.Drawing.Font($FontName,$HeaderSize,[System.Drawing.FontStyle]::Bold) 389 | $Brush1 = New-Object Drawing.SolidBrush ( 390 | [System.Drawing.Color]::FromArgb($TColour[0],$TColour[1],$TColour[2]) 391 | ) 392 | $sz1 = [system.windows.forms.textrenderer]::MeasureText($artext[$i-1], $font1) 393 | $rect1 = New-Object System.Drawing.RectangleF (0,($sz1.Height),$SR.Width,$SR.Height) 394 | $image.DrawString($artext[$i-1], $font1, $brush1, $rect1, $sFormat) 395 | } else { 396 | $font2 = New-Object System.Drawing.Font($FontName,$TextSize,[System.Drawing.FontStyle]::Bold) 397 | $Brush2 = New-Object Drawing.SolidBrush ( 398 | [System.Drawing.Color]::FromArgb($TColour[0],$TColour[1],$TColour[2]) 399 | ) 400 | $sz2 = [system.windows.forms.textrenderer]::MeasureText($artext[$i-1], $font2) 401 | $rect2 = New-Object System.Drawing.RectangleF (0,($i*$FontSize*2 + $sz2.Height),$SR.Width,$SR.Height) 402 | $image.DrawString($artext[$i-1], $font2, $brush2, $rect2, $sFormat) 403 | } 404 | } 405 | } 406 | 407 | Catch { 408 | Write-Warning -Message "Overlay Text error: $($_.Exception.Message)" 409 | break 410 | } 411 | } 412 | End { 413 | Try { 414 | # Close Graphics 415 | $image.Dispose(); 416 | 417 | # Save and close Bitmap 418 | $bmp.Save($OutFile, [system.drawing.imaging.imageformat]::Bmp); 419 | $bmp.Dispose(); 420 | 421 | # Output our file 422 | Get-Item -Path $OutFile 423 | } 424 | 425 | Catch { 426 | Write-Warning -Message "Outfile error: $($_.Exception.Message)" 427 | break 428 | } 429 | } 430 | } 431 | 432 | 433 | Function Update-Wallpaper { 434 | Param( 435 | [Parameter(Mandatory=$true)] 436 | $Path, 437 | 438 | [ValidateSet('Center','Stretch','Fill','Tile','Fit')] 439 | $Style 440 | ) 441 | Try { 442 | if (-not ([System.Management.Automation.PSTypeName]'Wallpaper.Setter').Type) { 443 | Add-Type -TypeDefinition @" 444 | using System; 445 | using System.Runtime.InteropServices; 446 | using Microsoft.Win32; 447 | namespace Wallpaper { 448 | public enum Style : int { 449 | Center, Stretch, Fill, Fit, Tile 450 | } 451 | public class Setter { 452 | public const int SetDesktopWallpaper = 20; 453 | public const int UpdateIniFile = 0x01; 454 | public const int SendWinIniChange = 0x02; 455 | [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] 456 | private static extern int SystemParametersInfo (int uAction, int uParam, string lpvParam, int fuWinIni); 457 | public static void SetWallpaper ( string path, Wallpaper.Style style ) { 458 | SystemParametersInfo( SetDesktopWallpaper, 0, path, UpdateIniFile | SendWinIniChange ); 459 | RegistryKey key = Registry.CurrentUser.OpenSubKey("Control Panel\\Desktop", true); 460 | switch( style ) { 461 | case Style.Tile : 462 | key.SetValue(@"WallpaperStyle", "0") ; 463 | key.SetValue(@"TileWallpaper", "1") ; 464 | break; 465 | case Style.Center : 466 | key.SetValue(@"WallpaperStyle", "0") ; 467 | key.SetValue(@"TileWallpaper", "0") ; 468 | break; 469 | case Style.Stretch : 470 | key.SetValue(@"WallpaperStyle", "2") ; 471 | key.SetValue(@"TileWallpaper", "0") ; 472 | break; 473 | case Style.Fill : 474 | key.SetValue(@"WallpaperStyle", "10") ; 475 | key.SetValue(@"TileWallpaper", "0") ; 476 | break; 477 | case Style.Fit : 478 | key.SetValue(@"WallpaperStyle", "6") ; 479 | key.SetValue(@"TileWallpaper", "0") ; 480 | break; 481 | } 482 | key.Close(); 483 | } 484 | } 485 | } 486 | "@ -ErrorAction Stop 487 | } 488 | } 489 | Catch { 490 | Write-Warning -Message "Wallpaper not changed because $($_.Exception.Message)" 491 | } 492 | [Wallpaper.Setter]::SetWallpaper( $Path, $Style ) 493 | } 494 | 495 | 496 | Function Set-Wallpaper { 497 | [CmdletBinding()] 498 | Param( [Parameter(Mandatory=$True,ValueFromPipeline=$true,ValueFromPipelineByPropertyName = $true,Position=0)] 499 | [string]$Source, 500 | 501 | [Parameter(Mandatory=$false,ValueFromPipeline=$true,ValueFromPipelineByPropertyName = $true,Position=1)] 502 | [string]$Selection 503 | ) 504 | Begin { 505 | # Select Background colour 506 | if ($Source -eq "Colour") { 507 | $BGColour = $Selection 508 | } 509 | # If selected, get local pictures 510 | elseif ($Source -eq "MyPics"){ 511 | Get-MyImages -Path $PicturesPath -Selection $Selection -Resize $ResizeMyPics 512 | $BGColour = "Existing" 513 | } 514 | 515 | #If selected, get web pictures 516 | elseif ($Source -eq "Web"){ 517 | Set-WebProxy 518 | Get-GoogleImages -SearchTerm $Selection -MaxResults $MaxResults -DaysBetweenSearches $DaysBetweenSearches -Resize $ResizeWebPics 519 | $BGColour = "Existing" 520 | } 521 | } 522 | Process{ 523 | $Background = @{ 524 | BGType = $source ; 525 | BGColour = $BGColour 526 | } 527 | } 528 | End{ 529 | $WallPaper = New-Wallpaper @Overlay @Background 530 | Update-Wallpaper -Path $WallPaper.FullName -Style $Style 531 | } 532 | } 533 | 534 | 535 | #---------------------------------------------------------------------------------------------------------------- 536 | # Pipeline Validation and Launch # 537 | 538 | mkdir C:\Users\vagrant\Pictures\wallpaper 539 | Copy-Item C:\vagrant\resources\windows\backbag.png C:\Users\vagrant\Pictures\wallpaper\background.png 540 | Set-Wallpaper -Source MyPics -Selection background.png -------------------------------------------------------------------------------- /scripts/install-analyst-utils.ps1: -------------------------------------------------------------------------------- 1 | # Purpose: Install tools on the Windows Analyst machine. 2 | # At the bottom of this script you can see which functions will be executed. 3 | # Modify to fit your needs. 4 | 5 | # Paths below are used for packages that are installed manually by the script 6 | $pestudioPath = "C:\Tools\pestudio.zip" 7 | $zimmermanPath = "C:\Tools\Get-ZimmermanTools.zip" 8 | $cyberChefPath = "C:\Tools\CyberChef.zip" 9 | $vsCommunityPath = "C:\Tools\vs_community.exe" 10 | $corkamiPath = "C:\users\vagrant\desktop\corkami.zip" 11 | $ghostpackPath = "C:\Tools\ghostpack.zip" 12 | $sysInternalsPath = "C:\Tools\SysInternals.zip" 13 | $bloodhoundPath = "C:\Tools\Bloodhound.zip" 14 | $neo4jPath = "C:\Tools\neo4j.zip" 15 | $airstrikePath = "C:\Tools\airstrike.zip" 16 | $dnspyex = "C:\Tools\dnspyex.zip" 17 | $pythonPath = "C:\Python310" 18 | mkdir C:\Tools\ 19 | ############################################################################################# 20 | ############################################################################################# 21 | # Helper functions 22 | 23 | # Helper function to create shortcuts 24 | function Set-Shortcut([String] $src, [String] $dst) { 25 | $WshShell = New-Object -comObject WScript.Shell 26 | $Shortcut = $WshShell.CreateShortcut($dst) 27 | $Shortcut.TargetPath = $src 28 | $Shortcut.Save() 29 | } 30 | 31 | # Helper function to update PATH env var 32 | function Update-PathEnvVar([String] $path){ 33 | $mOldPath = (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path 34 | $mNewPath = "$mOldPath;$path" 35 | Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $mNewPath 36 | $uOldPath = (Get-ItemProperty -Path 'Registry::HKEY_CURRENT_USER\Environment' -Name PATH).path 37 | $uNewPath = "$uOldPath;$path" 38 | Set-ItemProperty -Path 'Registry::HKEY_CURRENT_USER\Environment' -Name PATH -Value $uNewPath 39 | } 40 | 41 | ############################################################################################# 42 | # Install Choco 43 | function Install-Choco { 44 | If (-not (Test-Path "C:\ProgramData\chocolatey")) { 45 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 46 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Chocolatey" 47 | Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) 48 | } else { 49 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Chocolatey is already installed." 50 | } 51 | } 52 | ############################################################################################# 53 | # Choco packages to install 54 | # Add or Remove packages as you like 55 | function Install-ChocoEssentials { 56 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing essential choco packages..." 57 | ########################################################## 58 | $pkgs = 'NotepadPlusPlus', 59 | '7zip', 60 | 'git', 61 | 'GoogleChrome', 62 | 'vscode.portable' 63 | ForEach ($pkgName in $pkgs) 64 | { 65 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 66 | } 67 | RefreshEnv 68 | $desk = 'C:\users\vagrant\desktop\' 69 | Set-Shortcut -src 'C:\ProgramData\chocolatey\bin' -dst $desk'ChocoBins.lnk' 70 | } 71 | ############################################################################################# 72 | function Install-Python { 73 | # https://docs.python.org/3/using/windows.html#installing-without-ui 74 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Python..." 75 | Try { 76 | (New-Object System.Net.WebClient).DownloadFile('https://www.python.org/ftp/python/3.10.4/python-3.10.4-amd64.exe', 77 | 'C:\Users\vagrant\Downloads\python.exe') 78 | 79 | Start-Process -FilePath "C:\Users\vagrant\Downloads\python.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 TargetDir=$pythonPath Include_doc=0 Include_test=0" -Wait -NoNewWindow 80 | del C:\Users\vagrant\Downloads\python.exe 81 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python installation successful!" 82 | } Catch { 83 | Write-Host "Python download failed :(" 84 | } 85 | } 86 | ############################################################################################# 87 | function Install-AnalysisMiscTools { 88 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing analysis misc tools..." 89 | ########################################################## 90 | $pkgs = 'processhacker', 91 | 'resourcehacker.portable', 92 | 'yara', 93 | 'die' 94 | # 'dotpeek' Exception of type 'System.OutOfMemoryException' was thrown. 95 | ######################################################### 96 | ForEach ($pkgName in $pkgs) 97 | { 98 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 99 | } 100 | } 101 | ############################################################################################# 102 | function Install-Burp { 103 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Burp..." 104 | ########################################################## 105 | $pkgs = 'burp-suite-free-edition' 106 | ######################################################### 107 | ForEach ($pkgName in $pkgs) 108 | { 109 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 110 | } 111 | } 112 | ############################################################################################# 113 | function Install-NetworkAnalysisTools { 114 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Network Analysis Tools..." 115 | ########################################################## 116 | $pkgs = 'wireshark', 117 | 'network-miner' 118 | ######################################################### 119 | ForEach ($pkgName in $pkgs) 120 | { 121 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 122 | } 123 | } 124 | ############################################################################################# 125 | function Install-DebuggerDisassembler { 126 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Debuggers and Disassemblers..." 127 | ########################################################## 128 | $pkgs = 'ghidra', 129 | 'x64dbg.portable' 130 | # 'dotpeek' Exception of type 'System.OutOfMemoryException' was thrown. 131 | ######################################################### 132 | ForEach ($pkgName in $pkgs) 133 | { 134 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 135 | } 136 | } 137 | ############################################################################################# 138 | function Install-HasherezadeTools { 139 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Hasherezade Tools..." 140 | ########################################################## 141 | $pkgs = 'pebear', 142 | 'pesieve', 143 | 'hollowshunter' 144 | ######################################################### 145 | ForEach ($pkgName in $pkgs) 146 | { 147 | choco install -y --limit-output --ignore-checksums --no-progress $pkgName 148 | } 149 | } 150 | ############################################################################################# 151 | function Get-DnSpyEx { 152 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading DnSpyEx.zip..." 153 | Try { 154 | (New-Object System.Net.WebClient).DownloadFile('https://github.com/dnSpyEx/dnSpy/releases/download/v6.3.0/dnSpy-net-win64.zip', $dnspyex) 155 | Expand-Archive -LiteralPath $dnspyex -DestinationPath 'C:\Tools\dnspyex' 156 | del $dnspyex 157 | $desk = 'C:\users\vagrant\desktop\' 158 | Set-Shortcut -src 'C:\Tools\dnspyex\dnSpy.exe' -dst $desk'DnSpyEx.lnk' 159 | } Catch { 160 | Write-Host "Error downloading dnspy :(" 161 | } 162 | } 163 | ############################################################################################# 164 | # Download PEStudio 165 | function Get-PEStudio { 166 | # https://www.winitor.com/ 167 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading pestudio.zip..." 168 | Try { 169 | (New-Object System.Net.WebClient).DownloadFile('https://www.winitor.com/tools/pestudio/current/pestudio.zip', $pestudioPath) 170 | } Catch { 171 | Write-Host "HTTPS connection failed. Switching to HTTP :(" 172 | (New-Object System.Net.WebClient).DownloadFile('http://www.winitor.com/tools/pestudio/current/pestudio.zip', $pestudioPath) 173 | } 174 | Expand-Archive -LiteralPath $pestudioPath -DestinationPath 'C:\Tools' 175 | del $pestudioPath 176 | $desk = 'C:\users\vagrant\desktop\' 177 | Set-Shortcut -src 'C:\Tools\pestudio\pestudio.exe' -dst $desk'pestudio.lnk' 178 | } 179 | ############################################################################################# 180 | # Download and Run Get-ZimmermanTools 181 | Function Install-ZimmermanTools { 182 | # https://github.com/EricZimmerman/Get-ZimmermanTools 183 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Get-ZimmermanTools.zip..." 184 | Try { 185 | (New-Object System.Net.WebClient).DownloadFile('https://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip', $zimmermanPath) 186 | Expand-Archive -LiteralPath $zimmermanPath -DestinationPath 'C:\Tools\ZimmermanTools' 187 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Running Get-ZimmermanTools.ps1..." 188 | . c:\tools\ZimmermanTools\Get-ZimmermanTools.ps1 -Dest C:\Tools\ZimmermanTools 189 | Update-PathEnvVar -path "C:\Tools\ZimmermanTools" 190 | Update-PathEnvVar -path "C:\Tools\ZimmermanTools\EvtxECmd" 191 | Update-PathEnvVar -path "C:\Tools\ZimmermanTools\RECmd" 192 | Update-PathEnvVar -path "C:\Tools\ZimmermanTools\SQLECmd" 193 | } Catch { 194 | Write-Host "HTTPS connection failed. Switching to HTTP :(" 195 | (New-Object System.Net.WebClient).DownloadFile('http://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip', $zimmermanPath) 196 | } 197 | } 198 | ############################################################################################# 199 | function Get-CyberChef { 200 | # https://github.com/gchq/CyberChef 201 | # Download for offline usage 202 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading CyberChef.zip..." 203 | Try { 204 | # TODO implement functionality to update hardcoded version to latest release 205 | # Get latest version of Cyberchef 206 | $latestUri = Invoke-WebRequest -UseBasicParsing -Method Get -Uri ('https://github.com/gchq/CyberChef/releases/latest') -MaximumRedirection 0 -ErrorAction SilentlyContinue 207 | if ($latestUri.StatusCode -eq 302) 208 | { 209 | $latestUri = $latestUri.Headers.Location 210 | } 211 | $latestVersion = $latestUri.split("/")[-1] 212 | $cyberChefLatest = 'https://github.com/gchq/CyberChef/releases/download/'+ $latestVersion +'/CyberChef_'+ $latestVersion +'.zip' 213 | 214 | (New-Object System.Net.WebClient).DownloadFile($cyberChefLatest, $cyberChefPath) 215 | Expand-Archive -LiteralPath $cyberChefPath -DestinationPath 'C:\Tools\CyberChef' 216 | del $cyberChefPath 217 | } Catch { 218 | Write-Host "CyberChef download failed..." 219 | } 220 | } 221 | ############################################################################################# 222 | function Get-Airstrike { 223 | # https://github.com/smokeme/airstrike 224 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading airstrike..." 225 | Try { 226 | (New-Object System.Net.WebClient).DownloadFile('https://github.com/smokeme/airstrike/archive/refs/heads/main.zip', $airstrikePath) 227 | Expand-Archive -LiteralPath $airstrikePath 'C:\Tools\' 228 | del $airstrikePath 229 | } Catch { 230 | Write-Host "Airstrike download failed..." 231 | } 232 | } 233 | ############################################################################################# 234 | function Get-Ghostpack { 235 | # https://github.com/r3motecontrol/Ghostpack-CompiledBinaries 236 | # https://github.com/GhostPack 237 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Ghostpack.zip..." 238 | Try { 239 | (New-Object System.Net.WebClient).DownloadFile('https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/archive/refs/heads/master.zip', $ghostpackPath) 240 | Expand-Archive -LiteralPath $ghostpackPath 'C:\Tools\' 241 | del $ghostpackPath 242 | } Catch { 243 | Write-Host "Ghostpack download failed..." 244 | } 245 | } 246 | ############################################################################################# 247 | function Get-CorkamiPosters { 248 | # https://github.com/corkami/pics 249 | # Beautiful reference 250 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Corkami Posters..." 251 | Try { 252 | (New-Object System.Net.WebClient).DownloadFile('https://github.com/corkami/pics/archive/refs/heads/master.zip', $corkamiPath) 253 | Expand-Archive -LiteralPath $corkamiPath -DestinationPath 'C:\users\vagrant\desktop\Corkami' 254 | del $corkamiPath 255 | } Catch { 256 | Write-Host "Corkami Posters download failed..." 257 | } 258 | } 259 | ############################################################################################# 260 | function Get-SysInternals { 261 | # https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite 262 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading SysInternals..." 263 | Try { 264 | (New-Object System.Net.WebClient).DownloadFile('https://download.sysinternals.com/files/SysinternalsSuite.zip', $sysInternalsPath) 265 | Expand-Archive -LiteralPath $sysInternalsPath -DestinationPath 'C:\Tools\SysInternals' 266 | del $sysInternalsPath 267 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating shortcuts for SysInternals..." 268 | $desk = 'C:\users\vagrant\desktop\' 269 | Set-Shortcut -src 'C:\Tools\SysInternals\Autoruns64.exe' -dst $desk'Autoruns64.lnk' 270 | Set-Shortcut -src 'C:\Tools\SysInternals\procexp64.exe' -dst $desk'procexp64.lnk' 271 | Set-Shortcut -src 'C:\Tools\SysInternals\tcpview64.exe' -dst $desk'tcpview64.lnk' 272 | Set-Shortcut -src 'C:\Tools\SysInternals\strings64.exe' -dst $desk'strings64.lnk' 273 | Set-Shortcut -src 'C:\Tools\SysInternals\Procmon64.exe' -dst $desk'Procmon64.lnk' 274 | } Catch { 275 | Write-Host "SysInternals download failed..." 276 | } 277 | } 278 | ############################################################################################# 279 | function Get-Nim { 280 | # https://github.com/dom96/choosenim 281 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Nim..." 282 | Try { 283 | mkdir C:\Tools\nim 284 | # # TODO implement functionality to update hardcoded version to latest release 285 | (New-Object System.Net.WebClient).DownloadFile( 286 | 'https://github.com/dom96/choosenim/releases/download/v0.8.2/choosenim-0.8.2_windows_amd64.exe', 287 | 'C:\Tools\nim\choosenim.exe') 288 | # cmd /c C:\Tools\nim\choosenim.exe stable -y --firstInstall --noColor # TODO causes powershell.exe : out of memory error, fix it 289 | } Catch { 290 | Write-Host "Choosenim download failed..." 291 | } 292 | } 293 | ############################################################################################# 294 | function Install-CommunityVS2022 { 295 | # Prepare machine for C# and C++ development 296 | # https://docs.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio?view=vs-2022 297 | # https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-community?view=vs-2022&preserve-view=true 298 | # https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies 299 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and installing Visual Studio..." 300 | Try { 301 | (New-Object System.Net.WebClient).DownloadFile('https://aka.ms/vs/17/release/vs_community.exe', $vsCommunityPath) 302 | Start-Process -FilePath $vsCommunityPath -ArgumentList ( 303 | '--wait','--passive','--norestart', '--installWhileDownloading', 304 | '--installPath', 'C:\Tools\VS2022', 305 | '--add', 'Microsoft.VisualStudio.Component.CoreEditor', 306 | '--add', 'Microsoft.VisualStudio.Workload.ManagedDesktop', # C# 307 | '--add', 'Microsoft.Net.Component.4.7.2.SDK', 308 | '--add', 'Microsoft.Net.Component.4.7.2.TargetingPack', 309 | '--add', 'Microsoft.VisualStudio.Workload.NativeDesktop', # C++ 310 | '--includeRecommended' 311 | ) -Wait 312 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating shortcut for Visual Studio..." 313 | $desk = 'C:\users\vagrant\desktop\' 314 | Set-Shortcust -src 'C:\Tools\VS2022\Common7\IDE\devenv.exe' -dst $desk'Visual Studio 2022.lnk' 315 | } Catch { 316 | Write-Host "VS Community bootstraper Download failed..." 317 | } 318 | } 319 | ############################################################################################# 320 | function Install-GoLang { 321 | # https://go.dev/doc/install 322 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading GoLang..." 323 | Try { 324 | mkdir C:\Tools\golang 325 | # # TODO implement functionality to update hardcoded version to latest release 326 | (New-Object System.Net.WebClient).DownloadFile( 327 | 'https://go.dev/dl/go1.18.1.windows-amd64.msi', 328 | 'C:\Tools\golang\go.msi') 329 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing GoLang..." 330 | MsiExec.exe /i C:\Tools\golang\go.msi /qn 331 | } Catch { 332 | Write-Host "GoLang download failed..." 333 | } 334 | } 335 | ############################################################################################# 336 | function Install-Bloodhound { 337 | # https://bloodhound.readthedocs.io/en/latest/installation/windows.html 338 | # https://community.chocolatey.org/packages/openjdk 339 | # https://neo4j.com/download-center/#community 340 | # http://localhost:7474/browser/ 341 | # neo4j: Default login is username 'neo4j' and password 'neo4j' 342 | Try { 343 | $wc = New-Object System.Net.WebClient 344 | #--- 345 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading & installing Bloodhound dependencies: OpenJDK..." 346 | # TODO set JDK 11 version in a better way 347 | choco install -y --limit-output --ignore-checksums --no-progress openjdk11 --version=11.0.15_10 348 | #-------------------------------------------------------------------------------------- 349 | # Update env vars manually to solve 'Unable to determine the path to java.exe' error 350 | # TODO did mass update of env vars to solve the issue, maybe there is a better way 351 | $env:JAVA_HOME = 'C:\Program Files\OpenJDK\openjdk-11.0.15_10' 352 | $env:Path += 'C:\Program Files\OpenJDK\openjdk-11.0.15_10\bin' 353 | [System.Environment]::SetEnvironmentVariable('JAVA_HOME','C:\Program Files\OpenJDK\openjdk-11.0.15_10', 354 | [System.EnvironmentVariableTarget]::Machine) 355 | [System.Environment]::SetEnvironmentVariable('JAVA_HOME','C:\Program Files\OpenJDK\openjdk-11.0.15_10', 356 | [System.EnvironmentVariableTarget]::User) 357 | [System.Environment]::SetEnvironmentVariable('Path',$Env:Path+';C:\Program Files\OpenJDK\openjdk-11.0.15_10\bin', 358 | [System.EnvironmentVariableTarget]::Machine) 359 | [System.Environment]::SetEnvironmentVariable('Path',$Env:Path+';C:\Program Files\OpenJDK\openjdk-11.0.15_10\bin', 360 | [System.EnvironmentVariableTarget]::User) 361 | # refreshenv 362 | #--- 363 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Bloodhound dependencies: Neo4J..." 364 | $wc.DownloadFile( 365 | 'https://neo4j.com/artifact.php?name=neo4j-community-4.4.6-windows.zip', $neo4jPath) 366 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Bloodhound dependencies: Neo4J..." 367 | Expand-Archive -LiteralPath $neo4jPath -DestinationPath 'C:\Tools\' 368 | cmd /c c:\tools\neo4j-community-4.4.6\bin\neo4j.bat install-service 369 | cmd /c net start neo4j 370 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Neo4j: http://localhost:7474/browser/" 371 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Neo4j: Default creds are: neo4j\neo4j" 372 | #--- 373 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Bloodhound..." 374 | $wc.DownloadFile( 375 | 'https://github.com/BloodHoundAD/BloodHound/releases/download/4.1.0/BloodHound-win32-x64.zip', 376 | $bloodhoundPath) 377 | Expand-Archive -LiteralPath $bloodhoundPath -DestinationPath 'C:\Tools\' 378 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating shortcut for Bloodhound..." 379 | Set-Shortcut -src 'c:\Tools\BloodHound-win32-x64\BloodHound.exe' -dst 'c:\users\vagrant\desktop\Bloodhound.lnk' 380 | Set-Shortcut -src 'http://localhost:7474/browser/' -dst 'c:\users\vagrant\desktop\Neo4j Setup.lnk' 381 | # clean up 382 | del $bloodhoundPath 383 | del $neo4jPath 384 | } Catch { 385 | Write-Host "GoLang download failed..." 386 | } 387 | } 388 | ############################################################################################# 389 | function Install-AtomicRedTeam { 390 | # https://github.com/redcanaryco/invoke-atomicredteam/wiki/Installing-Atomic-Red-Team 391 | # https://github.com/redcanaryco/invoke-atomicredteam/wiki/Import-the-Module 392 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Atomic Red Team..." 393 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force 394 | IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); 395 | Install-AtomicRedTeam -getAtomics -InstallPath "C:\Tools\AtomicRedTeam" 396 | Set-Shortcut -src 'C:\Tools\AtomicRedTeam' -dst 'C:\users\vagrant\desktop\AtomicRedTeam.lnk' 397 | } 398 | ############################################################################################# 399 | function Install-Kansa { 400 | # https://github.com/davehull/Kansa 401 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Kansa..." 402 | Try { 403 | (New-Object System.Net.WebClient).DownloadFile( 404 | 'https://github.com/davehull/Kansa/archive/refs/heads/master.zip', 405 | 'C:\Tools\Kansa.zip') 406 | 407 | Expand-Archive -LiteralPath 'C:\Tools\Kansa.zip' -DestinationPath 'C:\Tools\' 408 | del 'C:\Tools\Kansa.zip' 409 | Set-Shortcut -src 'C:\Tools\Kansa-master' -dst 'C:\users\vagrant\desktop\Kansa.lnk' 410 | } Catch { 411 | Write-Host "Kansa Download failed" 412 | } 413 | } 414 | ############################################################################################# 415 | function Install-Chainsaw { 416 | # https://github.com/countercept/chainsaw 417 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Chainsaw..." 418 | Try { 419 | (New-Object System.Net.WebClient).DownloadFile( 420 | 'https://github.com/countercept/chainsaw/releases/download/v1.1.7/chainsaw_x86_64-pc-windows-msvc.zip', 421 | 'C:\Tools\chainsaw.zip') 422 | 423 | Expand-Archive -LiteralPath 'C:\Tools\chainsaw.zip' -DestinationPath 'C:\Tools\' 424 | del 'C:\Tools\chainsaw.zip' 425 | Set-Shortcut -src 'C:\Tools\chainsaw' -dst 'C:\users\vagrant\desktop\chainsaw.lnk' 426 | } Catch { 427 | Write-Host "Chainsaw Download failed" 428 | } 429 | } 430 | ############################################################################################# 431 | function Install-DeepBlueCLI { 432 | # https://github.com/sans-blue-team/DeepBlueCLI.git 433 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading DeepBlueCLI..." 434 | Try { 435 | (New-Object System.Net.WebClient).DownloadFile( 436 | 'https://github.com/sans-blue-team/DeepBlueCLI/archive/refs/heads/master.zip', 437 | 'C:\Tools\DeepBlueCLI.zip') 438 | 439 | Expand-Archive -LiteralPath 'C:\Tools\DeepBlueCLI.zip' -DestinationPath 'C:\Tools\' 440 | del 'C:\Tools\DeepBlueCLI.zip' 441 | Set-Shortcut -src 'C:\Tools\DeepBlueCLI-master' -dst 'C:\users\vagrant\desktop\DeepBlueCLI.lnk' 442 | } Catch { 443 | Write-Host "DeepBlueCLI Download failed" 444 | } 445 | } 446 | ############################################################################################# 447 | function Install-Jadx { 448 | # https://github.com/skylot/jadx 449 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Jadx..." 450 | Try { 451 | (New-Object System.Net.WebClient).DownloadFile( 452 | 'https://github.com/skylot/jadx/releases/download/v1.4.0/jadx-gui-1.4.0-with-jre-win.zip', 453 | 'C:\Tools\jadx.zip') 454 | 455 | Expand-Archive -LiteralPath 'C:\Tools\jadx.zip' -DestinationPath 'C:\Tools\' 456 | del 'C:\Tools\jadx.zip' 457 | Set-Shortcut -src 'C:\Tools\jadx-gui-1.4.0.exe' -dst 'C:\users\vagrant\desktop\jadx-gui.lnk' 458 | } Catch { 459 | Write-Host "Jadx Download failed" 460 | } 461 | } 462 | ############################################################################################# 463 | function Install-Frida { 464 | # https://frida.re/docs/installation/ 465 | # Check dependency 466 | if (Test-Path -Path $pythonPath) { 467 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python is already installed..." 468 | } else { 469 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python not installed..." 470 | Install-Python 471 | } 472 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Frida..." 473 | Start-Process -FilePath "c:\Python310\Scripts\pip.exe" -ArgumentList "install -q frida-tools" -Wait -NoNewWindow 474 | } 475 | ############################################################################################# 476 | function Install-HxD { 477 | # https://mh-nexus.de/en/hxd/ 478 | # https://forum.mh-nexus.de/viewtopic.php?t=885 479 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading HxD..." 480 | Try { 481 | (New-Object System.Net.WebClient).DownloadFile( 482 | 'https://mh-nexus.de/downloads/HxDPortableSetup.zip', 483 | 'C:\Tools\hxd.zip') 484 | 485 | Expand-Archive -LiteralPath 'C:\Tools\hxd.zip' -DestinationPath 'C:\Tools\' 486 | Start-Process -FilePath "C:\Tools\HxDPortableSetup.exe" -ArgumentList '/Silent /ALLUSERS /LANG=English /DIR="C:\Tools\HxD"' -Wait -NoNewWindow 487 | del 'C:\Tools\hxd.zip' 488 | del 'C:\Tools\HxDPortableSetup.exe' 489 | } Catch { 490 | Write-Host "HxD Download failed" 491 | } 492 | } 493 | ############################################################################################# 494 | function Install-PEFile { 495 | # https://pypi.org/project/pefile/ 496 | # Check dependency 497 | if (Test-Path -Path $pythonPath) { 498 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python is already installed..." 499 | } else { 500 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python not installed..." 501 | Install-Python 502 | } 503 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing PEFile..." 504 | Start-Process -FilePath "c:\Python310\Scripts\pip.exe" -ArgumentList "install -q pefile" -Wait -NoNewWindow 505 | } 506 | ############################################################################################# 507 | function Install-APIMonitor { 508 | # http://www.rohitab.com/downloads 509 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading API Monitor..." 510 | Try { 511 | (New-Object System.Net.WebClient).DownloadFile( 512 | 'http://www.rohitab.com/download/api-monitor-v2r13-x86-x64.zip', 513 | 'C:\Tools\api-monitor.zip') 514 | 515 | Expand-Archive -LiteralPath 'C:\Tools\api-monitor.zip' -DestinationPath 'C:\Tools\' 516 | del 'C:\Tools\api-monitor.zip' 517 | } Catch { 518 | Write-Host "HxD Download failed" 519 | } 520 | } 521 | ############################################################################################# 522 | function Install-MalcodeAnalystPack { 523 | # https://github.com/dzzie/MAP 524 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Malcode Analyst Pack..." 525 | Try { 526 | (New-Object System.Net.WebClient).DownloadFile( 527 | 'https://github.com/dzzie/MAP/releases/download/current/map_setup.exe', 528 | 'C:\Tools\map_setup.exe') 529 | Start-Process -FilePath "C:\Tools\map_setup.exe" -ArgumentList '/Silent /ALLUSERS /DIR="C:\Tools\map"' -Wait -NoNewWindow 530 | del 'C:\Tools\map_setup.exe' 531 | # Update path env var 532 | [Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";C:\Tools\map", [EnvironmentVariableTarget]::Machine) 533 | [Environment]::SetEnvironmentVariable("PATH", $Env:PATH + ";C:\Tools\map", [EnvironmentVariableTarget]::User) 534 | } Catch { 535 | Write-Host "Malcode Analyst Pack Download failed" 536 | } 537 | } 538 | ############################################################################################# 539 | function Install-AndroidPlatformTools { 540 | # For ADB, fastboot, etc 541 | # https://developer.android.com/studio/releases/platform-tools 542 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Android Platform Tools..." 543 | Try { 544 | (New-Object System.Net.WebClient).DownloadFile( 545 | 'https://dl.google.com/android/repository/platform-tools-latest-windows.zip', 546 | 'C:\Tools\platform-tools.zip') 547 | Expand-Archive -LiteralPath 'C:\Tools\platform-tools.zip' -DestinationPath 'C:\Tools\Android\' 548 | del 'C:\Tools\platform-tools.zip' 549 | Update-PathEnvVar -path "C:\Tools\Android\platform-tools" 550 | } Catch { 551 | Write-Host "Android Platform Tools Download failed" 552 | } 553 | } 554 | ############################################################################################# 555 | function Install-DummyFilesCreator { 556 | # https://github.com/Humoud/dummy-files-creator 557 | # Fork of https://github.com/matuzalemmuller/dummy-files-creator 558 | # Check dependency 559 | if (Test-Path -Path $pythonPath) { 560 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python is already installed..." 561 | } else { 562 | write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Python not installed..." 563 | Install-Python 564 | } 565 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Dummy Files Creator..." 566 | Try { 567 | (New-Object System.Net.WebClient).DownloadFile( 568 | 'https://github.com/Humoud/dummy-files-creator/archive/refs/heads/master.zip', 569 | 'C:\Tools\dummyfilescreator.zip') 570 | Expand-Archive -LiteralPath 'C:\Tools\dummyfilescreator.zip' -DestinationPath 'C:\Tools\' 571 | Start-Process -FilePath "cmd" -ArgumentList '/c cd C:\Tools\dummy-files-creator-master\spec && C:\Python310\Scripts\pip.exe install -q -r ..\requirements.txt && C:\Python310\Scripts\pyinstaller.exe --clean --windowed --onefile windows.spec' -Wait -NoNewWindow 572 | cp 'C:\tools\dummy-files-creator-master\spec\dist\Dummy Files Creator.exe' C:\Tools\ 573 | Remove-Item C:\Tools\dummy-files-creator-master\ -Recurse 574 | del 'C:\Tools\dummyfilescreator.zip' 575 | } Catch { 576 | Write-Host "Dummy Files Creator Download failed" 577 | } 578 | } 579 | ############################################################################################# 580 | ############################################################################################# 581 | ## Think of the below as "main" 582 | ## Include or exclude functions as you please 583 | # Create shortcut for tools folder 584 | 585 | Set-Shortcut -src 'C:\Tools' -dst 'C:\users\vagrant\desktop\Tools.lnk' 586 | 587 | 588 | Install-Choco # Needed by other functions 589 | Install-ChocoEssentials 590 | ########### 591 | # Blue-ish 592 | Install-AnalysisMiscTools 593 | Install-ZimmermanTools 594 | Install-Kansa 595 | Install-Chainsaw 596 | Install-DeepBlueCLI 597 | Get-PEStudio 598 | Install-NetworkAnalysisTools 599 | Install-DebuggerDisassembler 600 | Get-DnSpyEx 601 | Install-HasherezadeTools 602 | Install-HxD 603 | Install-Jadx 604 | Install-PEFile 605 | Install-APIMonitor 606 | Install-MalcodeAnalystPack 607 | ########### 608 | # Red-ish 609 | Install-Burp 610 | Get-Ghostpack 611 | Get-Nim 612 | Get-Airstrike 613 | Install-GoLang 614 | Install-Bloodhound 615 | Install-CommunityVS2022 616 | Install-AtomicRedTeam 617 | 618 | ########### 619 | # Misc 620 | Get-CorkamiPosters 621 | Get-CyberChef 622 | Get-SysInternals 623 | Install-Frida 624 | Install-AndroidPlatformTools 625 | Install-DummyFilesCreator 626 | 627 | 628 | Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Utilities installation complete!" --------------------------------------------------------------------------------