Adding exchange module for AWS Terraform

AWS/Terraform/exchange.tf

@@ -0,0 +1,11 @@
+## Remove the block comment to enable the creation of the Exchange server
+module "exchange" {
+  source = "./modules/exchange"
+  region = var.region
+  subnet_id = aws_subnet.default.id
+  security_group_id = [aws_security_group.windows.id]
+  instance_name_prefix = var.instance_name_prefix
+  custom-tags = var.custom-tags
+  exchange_ami = var.exchange_ami
+}
+

AWS/Terraform/main.tf

@@ -285,43 +285,6 @@ resource "aws_instance" "wef" {
   }
 }
 
-# Uncomment when the AMI has been created
-# resource "aws_instance" "exchange" {
-#   instance_type = "t3.medium"
-#   count = var.create_exchange_server ? 1 : 0
-
-#   provisioner "remote-exec" {
-#     inline = [
-#       "choco install -force -y winpcap",
-#       "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' '        192.168.38.102    dc.windomain.local'\"",
-#       "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' '        192.168.38.102    windomain.local'\"",
-#       "ipconfig /renew",
-#     ]
-
-#     connection {
-#       type     = "winrm"
-#       user     = "vagrant"
-#       password = "vagrant"
-#       host     = coalesce(self.public_ip, self.private_ip)
-#     }
-#   }
-
-#   # Uses the local variable if external data source resolution fails
-#   ami = coalesce(var.exchange_ami, data.aws_ami.exchange_ami.image_id)
-
-#   tags = merge(var.custom-tags, map(
-#     "Name", "${var.instance_name_prefix}exchange.windomain.local"
-#   ))
-
-#   subnet_id              = aws_subnet.default.id
-#   vpc_security_group_ids = [aws_security_group.windows.id]
-#   private_ip             = "192.168.38.106"
-
-#   root_block_device {
-#     delete_on_termination = true
-#   }
-# }
-
 resource "aws_instance" "win10" {
   instance_type = "t2.medium"
 

AWS/Terraform/modules/exchange/locals.tf

@@ -0,0 +1,3 @@
+locals {  
+  exchange_url    = "https://${aws_instance.exchange.public_ip}"
+}

AWS/Terraform/modules/exchange/main.tf

@@ -0,0 +1,35 @@
+resource "aws_instance" "exchange" {
+  instance_type = "t3.xlarge"
+
+  provisioner "remote-exec" {
+    inline = [
+      "choco install -force -y winpcap",
+      "ipconfig /renew",
+      "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' '        192.168.38.103    wef.windomain.local'\"",
+      "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' '        192.168.38.102    dc.windomain.local'\"",
+      "powershell.exe -c \"Add-Content 'c:\\windows\\system32\\drivers\\etc\\hosts' '        192.168.38.102    windomain.local'\"",
+      ]
+
+    connection {
+      type     = "winrm"
+      user     = "vagrant"
+      password = "vagrant"
+      host     = coalesce(self.public_ip, self.private_ip)
+    }
+  }
+
+  # Uses the local variable if external data source resolution fails
+  ami = coalesce(var.exchange_ami, data.aws_ami.exchange_ami.image_id)
+
+  tags = merge(var.custom-tags, map(
+    "Name", "${var.instance_name_prefix}exchange.windomain.local"
+  ))
+
+  subnet_id              = var.subnet_id
+  vpc_security_group_ids = var.security_group_id
+  private_ip             = "192.168.38.106"
+
+  root_block_device {
+    delete_on_termination = true
+  }
+}

AWS/Terraform/modules/exchange/outputs.tf

@@ -0,0 +1,7 @@
+output "exchange_public_ip" {
+  value = aws_instance.exchange.public_ip
+}
+
+output "exchange_url" {
+  value = local.exchange_url
+}

AWS/Terraform/modules/exchange/variables.tf

@@ -0,0 +1,38 @@
+variable "security_group_id" {
+  type = list(string)
+}
+
+variable "subnet_id" {
+  type = string
+}
+
+variable "instance_name_prefix" {
+  type = string
+}
+
+variable "region" {
+  type    = string
+  default = ""
+}
+
+variable "custom-tags" {
+  type = map(string)
+  description = "Optional mapping for additional tags to apply to all related AWS resources"
+  default = {}
+}
+
+variable "exchange_ami" {
+  type    = string
+  default = ""
+}
+
+# Use Data Sources to resolve the AMI-ID for the pre-built EXCHANGE host
+data "aws_ami" "exchange_ami" {
+  owners      = ["505638924199"]
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["detectionlab-exchange"]
+  }
+}

AWS/Terraform/outputs.tf

@@ -37,3 +37,11 @@ output "guacamole_url" {
 output "velociraptor_url" {
   value = local.velociraptor_url
 }
+
+output "exchange_public_ip" {
+  value = module.exchange.exchange_public_ip
+}
+
+output "exchange_url" {
+  value = module.exchange.exchange_url
+}

AWS/Terraform/variables.tf

@@ -88,18 +88,6 @@ data "aws_ami" "wef_ami" {
   }
 }
 
-# Uncomment after this AMI has been created and uploaded to AWS
-# # Use Data Sources to resolve the AMI-ID for the pre-built EXCHANGE host
-# data "aws_ami" "exchange_ami" {
-#   owners      = ["505638924199"]
-#   most_recent = true
-
-#   filter {
-#     name   = "name"
-#     values = ["detectionlab-exchange"]
-#   }
-# }
-
 # Use Data Sources to resolve the AMI-ID for the pre-built Win10 host
 data "aws_ami" "win10_ami" {
   owners      = ["505638924199"]
@@ -137,10 +125,3 @@ variable "win10_ami" {
   type    = string
   default = ""
 }
-
-# Set to "true" in terraform.tfvars if you want to add the Exchange server
-variable "create_exchange_server" {
-  description = "If set to true, adds an additional host that installs exchange"
-  type        = bool
-  default     = false
-}

AWS/Terraform/vm_import/exchange.json

@@ -0,0 +1,9 @@
+[
+  {
+    "Description": "exchange",
+    "Format": "ova",
+    "UserBucket": {
+        "S3Bucket": "YOUR_BUCKET_GOES_HERE",
+        "S3Key": "exchange.ova"
+    }
+}]

Azure/Terraform/outputs.tf

@@ -37,3 +37,11 @@ output "guacamole_url" {
 output "velociraptor_url" {
   value = local.velociraptor_url
 }
+
+output "exchange_public_ip" {
+  value = module.exchange.exchange_public_ip
+}
+
+output "exchange_url" {
+  value = module.exchange.exchange_public_ip
+}

Vagrant/Exchange/Vagrantfile

@@ -1,59 +1,60 @@
-    config.vm.define "exchange" do |cfg|
-      cfg.vm.box = "detectionlab/win2016"
-      cfg.vm.hostname = "exchange"
-      cfg.vm.boot_timeout = 600
-      cfg.vm.communicator = "winrm"
-      cfg.winrm.basic_auth_only = true
-      cfg.winrm.timeout = 300
-      cfg.winrm.retry_limit = 20
-      cfg.vm.network :private_network, ip: "192.168.38.106", gateway: "192.168.38.1", dns: "192.168.38.102"
+Vagrant.configure("2") do |config|
+  config.vm.define "exchange" do |cfg|
+    cfg.vm.box = "detectionlab/win2016"
+    cfg.vm.hostname = "exchange"
+    cfg.vm.boot_timeout = 600
+    cfg.vm.communicator = "winrm"
+    cfg.winrm.basic_auth_only = true
+    cfg.winrm.timeout = 300
+    cfg.winrm.retry_limit = 20
+    cfg.vm.network :private_network, ip: "192.168.38.106", gateway: "192.168.38.1", dns: "192.168.38.102"
 
-      cfg.vm.provision "shell", path: "../scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.106 -dns 8.8.8.8 -gateway 192.168.38.1" 
-      cfg.vm.provision "shell", path: "../scripts/provision.ps1", privileged: false
-      cfg.vm.provision "reload"
-      cfg.vm.provision "shell", path: "../scripts/provision.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/download_palantir_wef.ps1", privileged: false
-      cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-splunkuf.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-windows_ta.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-utilities.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-redteam.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-choco-extras.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-osquery.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-sysinternals.ps1", privileged: false
-      cfg.vm.provision "shell", path: "../scripts/install-velociraptor.ps1", privileged: false 
-      cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
-      cfg.vm.provision "shell", inline: 'cscript c:\windows\system32\slmgr.vbs /dlv', privileged: false
+    cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.106 -dns 8.8.8.8 -gateway 192.168.38.1" 
+    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+    cfg.vm.provision "reload"
+    cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
+    cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
+    cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false 
+    cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
+    cfg.vm.provision "shell", inline: 'cscript c:\windows\system32\slmgr.vbs /dlv', privileged: false
 
-      cfg.vm.provider "vmware_desktop" do |v, override|
-        v.vmx["displayname"] = "exchange.windomain.local"
-        v.memory = 8192
-        v.cpus = 4
-        v.gui = true
-        v.enable_vmrun_ip_lookup = false
-      end
+    cfg.vm.provider "vmware_desktop" do |v, override|
+      v.vmx["displayname"] = "exchange.windomain.local"
+      v.memory = 8192
+      v.cpus = 4
+      v.gui = true
+      v.enable_vmrun_ip_lookup = false
+    end
 
-      cfg.vm.provider "virtualbox" do |vb, override|
-        vb.gui = true
-        vb.name = "exchange.windomain.local"
-        vb.default_nic_type = "82545EM"
-        vb.customize ["modifyvm", :id, "--memory", 8192]
-        vb.customize ["modifyvm", :id, "--cpus", 4]
-        vb.customize ["modifyvm", :id, "--vram", "32"]
-        vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
-        vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
-        vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
-      end
+    cfg.vm.provider "virtualbox" do |vb, override|
+      vb.gui = true
+      vb.name = "exchange.windomain.local"
+      vb.default_nic_type = "82545EM"
+      vb.customize ["modifyvm", :id, "--memory", 8192]
+      vb.customize ["modifyvm", :id, "--cpus", 4]
+      vb.customize ["modifyvm", :id, "--vram", "32"]
+      vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
+      vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+      vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
+    end
 
-      cfg.vm.provider "libvirt" do |lv, override|
-        lv.graphics_type = "spice"
-        lv.video_type = "qxl"
-        lv.input :type => "tablet", :bus => "usb"
-        override.vm.box = "../Boxes/windows_2016_libvirt.box"
-        lv.video_vram = 32768
-        lv.memory = 8192
-        lv.cpus = 4
-        override.vm.synced_folder '.', '/', type: 'winrm' 
-      end
+    cfg.vm.provider "libvirt" do |lv, override|
+      lv.graphics_type = "spice"
+      lv.video_type = "qxl"
+      lv.input :type => "tablet", :bus => "usb"
+      override.vm.box = "../Boxes/windows_2016_libvirt.box"
+      lv.video_vram = 32768
+      lv.memory = 8192
+      lv.cpus = 4
+      override.vm.synced_folder '.', '/', type: 'winrm' 
     end
   end
+end

Vagrant/Exchange/resources

@@ -0,0 +1 @@
+../resources/

Vagrant/Exchange/scripts

@@ -0,0 +1 @@
+../scripts/

ci/build_machine_bootstrap.sh

@@ -79,8 +79,8 @@ ufw --force enable
 echo "[$(date +%H:%M:%S)]: Installing Vagrant..."
 mkdir /opt/vagrant
 cd /opt/vagrant || exit 1
-wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.14/vagrant_2.2.14_x86_64.deb
-dpkg -i vagrant_2.2.14_x86_64.deb
+wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.16/vagrant_2.2.16_x86_64.deb
+dpkg -i vagrant_2.2.16_x86_64.deb
 echo "[$(date +%H:%M:%S)]: Installing vagrant-reload plugin..."
 vagrant plugin install vagrant-reload
 

ci/copy_to_s3.sh

@@ -36,48 +36,78 @@ do
   vagrant winrm -s powershell -c "cscript c:\windows\system32\slmgr.vbs /dlv" $host
   sleep 2
 done
+
+## Check for exchange box
+if [ -f "/opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/*/private_key" ]; then
+  EXCHANGE_EXISTS=1
+  cd /opt/DetectionLab/Vagrant/Exchange || exit 1
+  echo "Exchange appears to have been built! Running the above commands on exchange."
+  host="exchange"
+  echo "Running 'Set-NetFirewallRule -Name WINRM-HTTP-In-TCP -Profile Any' on $host..."
+  vagrant winrm -e -c "Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP' -Profile Any" -s powershell $host; sleep 2
+  echo "Running 'Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-NoScope -Profile Any' on $host..."
+  vagrant winrm -c "Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP-NoScope' -Profile Any" -s powershell $host; sleep 2
+  echo "Clearing event logs on $host..."
+  vagrant winrm -e -s powershell -c "Clear-Eventlog -Log Application, System" $host
+  echo "Printing activivation status..."
+  vagrant winrm -s powershell -c "cscript c:\windows\system32\slmgr.vbs /dlv" $host
+fi
+
 echo "If you're ready to continue, type y:"
 read READY
-
 if [ "$READY" != "y" ]; then
   echo "Okay, quitting"
   exit 1
 fi
 
-#echo "Re-arming WEF"
-#vagrant winrm -e -s powershell -c "cscript c:\windows\system32\slmgr.vbs /rearm" wef
-#echo "Activating Win10..."
-#vagrant winrm -e -s powershell -c "Set-Service TrustedInstaller -StartupType Automatic" win10
-#sleep 2
-#vagrant winrm -e -s powershell -c "Start-Service TrustedInstaller" win10
-#sleep 10
-#vagrant winrm -e -s powershell -c "cscript c:\windows\system32\slmgr.vbs /ato " win10
-
 # Stop vagrant and export each box as an OVA
 cd /opt/DetectionLab/Vagrant || exit 1
 echo "Halting all VMs..."
 vagrant halt
 
+if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+  cd /opt/DetectionLab/Vagrant/Exchange || exit 1
+  echo "Halting Exchange..."
+  vagrant halt
+fi
+
 echo "Creating a new tmux session..."
 sn=tmuxsession
 tmux new-session -s "$sn" -d
 tmux new-window -t "$sn:2" -n "dc" -d
 tmux new-window -t "$sn:3" -n "wef" -d
 tmux new-window -t "$sn:4" -n "win10" -d
+if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+  tmux new-window -t "$sn:5" -n "exchange" -d
+fi
+
 if which vmrun; then
   tmux send-keys -t "$sn:2" 'ovftool /opt/DetectionLab/Vagrant/.vagrant/machines/dc/vmware_desktop/*/WindowsServer2016.vmx /root/dc.ova && echo -n "success" > /root/dc.export || echo "failed" > /root/dc.export' Enter
   tmux send-keys -t "$sn:3" 'ovftool /opt/DetectionLab/Vagrant/.vagrant/machines/wef/vmware_desktop/*/WindowsServer2016.vmx /root/wef.ova && echo -n "success" > /root/wef.export || echo "failed" > /root/wef.export' Enter
   tmux send-keys -t "$sn:4" 'ovftool /opt/DetectionLab/Vagrant/.vagrant/machines/win10/vmware_desktop/*/windows_10.vmx /root/win10.ova && echo -n "success" > /root/win10.export || echo "failed" > /root/win10.export' Enter
+  if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+    tmux send-keys -t "$sn:4" 'ovftool /opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/vmware_desktop/*/exchange.vmx /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter
+  fi
 else
   tmux send-keys -t "$sn:2" 'vboxmanage export dc.windomain.local -o /root/dc.ova && echo -n "success" > /root/dc.export || echo "failed" > /root/dc.export' Enter
   tmux send-keys -t "$sn:3" 'vboxmanage export wef.windomain.local -o /root/wef.ova && echo -n "success" > /root/wef.export || echo "failed" > /root/wef.export' Enter
   tmux send-keys -t "$sn:4" 'vboxmanage export win10.windomain.local -o /root/win10.ova && echo -n "success" > /root/win10.export || echo "failed" > /root/win10.export' Enter
+  if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+    tmux send-keys -t "$sn:4" 'vboxmanage export exchange.windomain.local -o /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter
+  fi
 fi
 
 # Sleep until all exports are complete
 while [[ ! -f /root/dc.export || ! -f /root/wef.export || ! -f /root/win10.export ]];
-  do sleep 5
-  echo "Waiting for the OVA export to complete. Sleeping for 5."
+  if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+    if [ ! -f /root/exchange.export ]; 
+      do sleep 5
+      echo "Waiting for the OVA export to complete. Sleeping for 5."
+    fi
+  else
+      do sleep 5
+      echo "Waiting for the OVA export to complete. Sleeping for 5."
+  fi
 done
 
 # Copy each OVA into S3
@@ -88,6 +118,10 @@ if [[ "$(cat /root/dc.export)" == "success" && "$(cat /root/wef.export)" == "suc
   done
 fi
 
+if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+  aws s3 cp /root/exchange.ova s3://$BUCKET_NAME/disks/
+fi
+
 # Fix the bucket
 cd /opt/DetectionLab/AWS/Terraform/vm_import || exit 1
 for file in *.json;
@@ -102,3 +136,6 @@ done
 aws ec2 import-image --description "dc" --license-type byol --disk-containers file:///opt/DetectionLab/AWS/Terraform/vm_import/dc.json
 aws ec2 import-image --description "wef" --license-type byol --disk-containers file:///opt/DetectionLab/AWS/Terraform/vm_import/wef.json
 aws ec2 import-image --description "win10" --license-type byol --disk-containers file:///opt/DetectionLab/AWS/Terraform/vm_import/win10.json
+if [ "$EXCHANGE_EXISTS" -eq 1 ]; then
+  aws ec2 import-image --description "exchange" --license-type byol --disk-containers file:///opt/DetectionLab/AWS/Terraform/vm_import/exchange.json
+fi

ci/manual_machine_bootstrap.sh

@@ -25,8 +25,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
 # Install Vagrant
 mkdir /opt/vagrant
 cd /opt/vagrant || exit 1
-wget https://releases.hashicorp.com/vagrant/2.2.14/vagrant_2.2.14_x86_64.deb
-dpkg -i vagrant_2.2.14_x86_64.deb
+wget https://releases.hashicorp.com/vagrant/2.2.16/vagrant_2.2.16_x86_64.deb
+dpkg -i vagrant_2.2.16_x86_64.deb
 
 # Disable IPv6 - may help with the vagrant-reload plugin: https://github.com/hashicorp/vagrant/issues/8795#issuecomment-468945063
 echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf

ci/manual_machine_bootstrap_vmware.sh

@@ -28,8 +28,8 @@ git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
 # Install Vagrant
 mkdir /opt/vagrant
 cd /opt/vagrant || exit 1
-wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.14/vagrant_2.2.14_x86_64.deb
-dpkg -i vagrant_2.2.14_x86_64.deb
+wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.16/vagrant_2.2.16_x86_64.deb
+dpkg -i vagrant_2.2.16_x86_64.deb
 # Disable IPv6 - may help with the vagrant-reload plugin: https://github.com/hashicorp/vagrant/issues/8795#issuecomment-468945063
 echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
 sysctl -p /etc/sysctl.conf > /dev/null