From 230e4ee882e1cd8f0abbcaa2efe9f76f6bde08eb Mon Sep 17 00:00:00 2001 From: Chris Long Date: Sat, 4 Jul 2020 15:14:01 -0700 Subject: [PATCH] Fixing dumb mistakes --- Vagrant/bootstrap.sh | 4 +- .../resources/velociraptor/server.config.yaml | 52 +++++++++++++++++-- Vagrant/scripts/install-velociraptor.ps1 | 7 +-- 3 files changed, 55 insertions(+), 8 deletions(-) diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh index 791ae05..6612b24 100644 --- a/Vagrant/bootstrap.sh +++ b/Vagrant/bootstrap.sh @@ -377,11 +377,11 @@ install_velociraptor() { fi cd /opt/velociraptor || exit 1 - mv /opt/velociraptor-*-linux-amd64 velociraptor + mv velociraptor-*-linux-amd64 velociraptor chmod +x velociraptor cp /vagrant/resources/velociraptor/server.config.yaml /opt/velociraptor echo "[$(date +%H:%M:%S)]: Creating Velociraptor dpkg..." - ./velociraptor --config ~/server.config.yaml debian server + ./velociraptor --config /opt/velociraptor/server.config.yaml debian server echo "[$(date +%H:%M:%S)]: Installing the dpkg..." if dpkg -i velociraptor_*_server.deb > /dev/null; then echo "[$(date +%H:%M:%S)]: Installation complete!" diff --git a/Vagrant/resources/velociraptor/server.config.yaml b/Vagrant/resources/velociraptor/server.config.yaml index 9779064..ed3a8a1 100644 --- a/Vagrant/resources/velociraptor/server.config.yaml +++ b/Vagrant/resources/velociraptor/server.config.yaml @@ -43,7 +43,36 @@ Client: version: 0.4.5 commit: 17e0f0f build_time: "2020-06-12T09:39:50+10:00" - use_self_signed + use_self_signed_ssl: true + pinned_server_name: VelociraptorServer + max_upload_size: 5242880 + local_buffer: + memory_size: 52428800 + disk_size: 1073741824 + filename_linux: /var/tmp/Velociraptor_Buffer.bin + filename_windows: $TEMP/Velociraptor_Buffer.bin + filename_darwin: /var/tmp/Velociraptor_Buffer.bin +API: + hostname: logger + bind_address: 0.0.0.0 + bind_port: 8001 + bind_scheme: tcp + pinned_gw_name: GRPC_GW +GUI: + bind_address: 0.0.0.0 + bind_port: 9999 + gw_certificate: | + -----BEGIN CERTIFICATE----- + MIIDDTCCAfWgAwIBAgIRAPioG+TXUlkY2xQSJvLLDRswDQYJKoZIhvcNAQELBQAw + GjEYMBYGA1UEChMPVmVsb2NpcmFwdG9yIENBMB4XDTIwMDYzMDAwMTU1MloXDTIx + MDYzMDAwMTU1MlowKTEVMBMGA1UEChMMVmVsb2NpcmFwdG9yMRAwDgYDVQQDDAdH + UlBDX0dXMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl73NRkhNSd/k + U13Jm7Vyua3mRsnUUii1jVFtdNW1j52Fm1Y13NSotSeQ3Mro9Pak2UkUYq/DVLzT + 1v/NEXXMhxAQqeVl+3ei4V3RfHTDG2afBqW2m65/FFNHjRVTPsQ7CSJQdoxOcxIN + C3lStFojFLTpzvXZLJ9ID+vNkUjAGZY9QO5OX2LyIIcWIKl3mGSN3TtLhGz276NS + KIVwfXHSAIa1JbDKtgvwcImcmnL4ziPWuSO9cVBW+jLIhn9PFl2+BauYWX/LvO4c + ZivCzPAqgvjJ4ETAURQlTDwkyAQlEH7h67TiJyZ+YZSEBA1cElRHsUscbK89gfTG + x3VUyOfiLwIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEB AEohrNAKjUcq2wNIiPX6tCRDLbzRB/qmf+GBbpslRTa7RQVvFOgtUVYejcnMYUBG LEmL+uxACJNliCqjo76OkIPUbKj32CrKGU8Jj/dKCAK5PQW1kDEhdes61RA5TuAz @@ -92,7 +121,24 @@ CA: -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvOZFdQauwJghxIDyLQMyrXW5hf+LrMvWBymNbkgqOYtsAqcR rvpMqMjHfURI153y7z8aUpHqFe7gDz4lZ81g+Nw7tn929CoecaaU2B9KW+tDVVeS - qkHdxyNBrLGuVWKi0Y0nm+0jfyTcUY1nlRtFaV/bw05VnEyddZ/f2T93 + qkHdxyNBrLGuVWKi0Y0nm+0jfyTcUY1nlRtFaV/bw05VnEyddZ/f2T93mJzyLjZh + 3QImHtBGzdQm5pIelRQC6H2J2xwuaqnatWh7SOI76rqmKAmIHMtG9xjdNLbmCxu4 + brvhvTYPfWhYxHwg/OHiP/0tqy5/yWkx7GIqmsvlg1h0sKNPuJzLlLaJTHbz+Uf6 + zjzRuzblP/JYPM4Kpfm2mSBRDZUqIZEKXrYPDQIDAQABAoIBAE/9ktwDgGy9/06e + 6+5ztDoP6Af+Nr9tcayGxAU3Oeo0SAC3jp1yEJRIsXEyQUZM9FqrdhIRB/dRuD+8 + KUrThYTcfczCHTU3wLyPtefvGCXkchbphoniam+xVlYyx4gQxLHH/EXjHWzxxvoh + zwMtES+WEBGcUlRlfSgaE0iDv7k3wnB1eAqusEFcEJETAiU+uBM3ga+rSM0k5u2Y + BB88m4pK6QGjVov+lJJJdcKznxfVmL2eznsXx5vVjODmtYuw+A6jJLiTQq4cIbGK + fOfPAxcMX8ttEoQVT8qHo/oSA5quzZDOC2eXaLcGdgkTRQobWwmbQJoqwqZBYG8O + FcO6gWECgYEA2AtTLvtXeZcrZj8LT2kf1fcb7uRXzQ5m736ARcQ45fWsItzZa/Yj + Ghp9s4X4sfMcCl1CYCE0CBzA/GhSt+6mefQDD3n2hF8BSjJYWbkVMfoIOZAJKwlB + NBv/diFGMWsN6ShZKrwJUwYe6JWixEp8bC3FjlMJa/WxeO/GYOT5mQ8CgYEA39XF + YV80yzqPiD/v2bOa5X2ThauenJ7T6FYR83t5R8ZsAz4HYN7U70rc9kpxjMiJEV+O + G8Wv+HC8uW8VRgshHJiYr4nO6jnP7rFyRS02lYmF/Q36qYE7Zxtm9aW2eK02yNiA + Jyw5sOdIbLFPOfBlfyJSBkcEjIc2D6ZnXH0zviMCgYApH8a+y7Mz/vWQ6fFCNXWM + 6hPUHn0kGFi5v++02AwooeIZZMaySVEXN/GziY30eZ1dz7DB0bAw1yBZK5aLUo83 + 6Z3nhUTKn7cEI58zvQpuz/Re2K8WFRXnUGkJWH4fDAzC1B5dBxwTRLf/d/Ravv7+ + LJxNYjsJ5OPabHHrocptOwKBgHl7eynS00NtoBLxqIp+ORZOpm9I6sfUR+x0Mj/0 hqlW3q6Pzs9bgTPybKRbWO9wszuzodwe2de70CHQUTp3tdvgUhYLdDqZb+n7cqpq 1JIqVoc2PBIdKpFWRPYTn0o1sGMnZb5c+V6y2BLt1LL8bwmmJeB0UNq4U7YAuV5w MVIDAoGAGlYxLpCS8cv6TAwOxonJmC3EPAuvnF7SCzgfX1eB9PXL09jiMyq73V7U @@ -172,4 +218,4 @@ Monitoring: bind_port: 8003 api_config: {} server_type: linux -obfuscation_nonce: ZcKwjHiIuWU= \ No newline at end of file +obfuscation_nonce: ZcKwjHiIuWU= diff --git a/Vagrant/scripts/install-velociraptor.ps1 b/Vagrant/scripts/install-velociraptor.ps1 index 64609d9..2e71b76 100644 --- a/Vagrant/scripts/install-velociraptor.ps1 +++ b/Vagrant/scripts/install-velociraptor.ps1 @@ -15,12 +15,13 @@ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Velocir $tag = (Invoke-WebRequest "https://api.github.com/repos/Velocidex/velociraptor/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name $velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/$tag/velociraptor-$tag-windows-amd64.msi" $velociraptorMSIPath = 'C:\Users\vagrant\AppData\Local\Temp\velociraptor.msi' -If (-not (Test-Path "C:\Program Files\Velociraptor")) { +$velociraptorLogFile = 'c:\Users\vagrant\AppData\Local\Temp\velociraptor_install.log' +If (-not (Test-Path $velociraptorLogFile)) { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Velociraptor..." Invoke-WebRequest -Uri "$velociraptorDownloadUrl" -OutFile $velociraptorMSIPath Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Velociraptor..." - msiexec /i $velociraptorMSIPath /quiet /qn /norestart /log c:\Users\vagrant\AppData\Local\Temp\velociraptor_install.log - Copy-File "c:\vagrant\resources\velociraptor\Velociraptor.config.yaml" "C:\Program Files\Velociraptor" + Start-Process C:\Windows\System32\msiexec.exe -ArgumentList "/i $velociraptorMSIPath /quiet /qn /norestart /log $velociraptorLogFile" -wait + Copy-Item "c:\vagrant\resources\velociraptor\Velociraptor.config.yaml" "C:\Program Files\Velociraptor" Restart-Service Velociraptor Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Velociraptor successfully installed!" } Else {