trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adding some small fixes

Browse Source
This commit is contained in:
Chris Long
2018-06-26 23:48:11 -07:00
parent 4ac14cb432
commit a105722872
6 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Packer/scripts/debloat-windows.ps1
View File

@@ -14,6 +14,9 @@ if ($env:PACKER_BUILDER_TYPE -And $($env:PACKER_BUILDER_TYPE).startsWith("hyperv
#. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1 #. $env:TEMP\Debloat-Windows-10-master\scripts\block-telemetry.ps1
#Write-Host Disable services #Write-Host Disable services
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1 #. $env:TEMP\Debloat-Windows-10-master\scripts\disable-services.ps1
Write-host Disable Windows Defender
#. $env:TEMP\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1
Uninstall-WindowsFeature Windows-Defender-Features
Write-host Optimize Windows Update Write-host Optimize Windows Update
. $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1 . $env:TEMP\Debloat-Windows-10-master\scripts\optimize-windows-update.ps1
#Write-host Disable Windows Update #Write-host Disable Windows Update

7
Packer/scripts/vm-guest-tools.bat
View File

@@ -18,7 +18,7 @@ if exist "C:\Users\vagrant\windows.iso" (
) )
if not exist "C:\Windows\Temp\windows.iso" ( if not exist "C:\Windows\Temp\windows.iso" (
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://softwareupdate.vmware.com/cds/vmw-desktop/ws/14.1.1/7528167/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://softwareupdate.vmware.com/cds/vmw-desktop/ws/14.1.2/8497320/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')" <NUL
cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp" cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp"
FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso" FOR /r "C:\Windows\Temp" %%a in (VMware-tools-windows-*.iso) DO REN "%%~a" "windows.iso"
rd /S /Q "C:\Program Files (x86)\VMWare" rd /S /Q "C:\Program Files (x86)\VMWare"
@@ -27,6 +27,11 @@ if not exist "C:\Windows\Temp\windows.iso" (
cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare" cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare"
cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\" cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\"
sc query vmtools > NUL
IF ERRORLEVEL 1060 cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\"
sc query vmtools > NUL
IF ERRORLEVEL 1060 ECHO "Unable to install VMware Tools." & exit /b 1
rd /Q "C:\Windows\Temp\vmware-tools.tar" rd /Q "C:\Windows\Temp\vmware-tools.tar"
rd /Q "C:\Windows\Temp\windows.iso" rd /Q "C:\Windows\Temp\windows.iso"
rd /S /Q "C:\Windows\Temp\VMware" rd /S /Q "C:\Windows\Temp\VMware"

3
Vagrant/Vagrantfile vendored
View File

@@ -31,7 +31,7 @@ Vagrant.configure("2") do |config|
config.vm.define "dc" do |cfg| config.vm.define "dc" do |cfg|
cfg.vm.box = "../Boxes/windows_2016_virtualbox.box" cfg.vm.box = "../Boxes/windows_2016_virtualbox.box"
cfg.vm.hostname = "dc" cfg.vm.hostname = "dc"
cfg.vm.boot_timeout = 600
# use the plaintext WinRM transport and force it to use basic authentication. # use the plaintext WinRM transport and force it to use basic authentication.
# NB this is needed because the default negotiate transport stops working # NB this is needed because the default negotiate transport stops working
# after the domain controller is installed. # after the domain controller is installed.
@@ -89,6 +89,7 @@ Vagrant.configure("2") do |config|
config.vm.define "wef" do |cfg| config.vm.define "wef" do |cfg|
cfg.vm.box = "../Boxes/windows_2016_virtualbox.box" cfg.vm.box = "../Boxes/windows_2016_virtualbox.box"
cfg.vm.hostname = "wef" cfg.vm.hostname = "wef"
cfg.vm.boot_timeout = 600
cfg.vm.communicator = "winrm" cfg.vm.communicator = "winrm"
cfg.winrm.basic_auth_only = true cfg.winrm.basic_auth_only = true
cfg.winrm.timeout = 300 cfg.winrm.timeout = 300

7
Vagrant/scripts/configure-ou.ps1
View File

@@ -1,9 +1,8 @@
# Purpose: Sets up the Server and Workstations OUs # Purpose: Sets up the Server and Workstations OUs
Write-Host "Sleeping for 30 seconds, then creating Server and Workstation OUs" Write-Host "Creating Server and Workstation OUs..."
Start-Sleep 30 Write-Host "Creating Servers OU..."
Write-Host "Creating Servers OU"
if (!([ADSI]::Exists("LDAP://OU=Servers,DC=windomain,DC=local"))) if (!([ADSI]::Exists("LDAP://OU=Servers,DC=windomain,DC=local")))
{ {
New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local" New-ADOrganizationalUnit -Name "Servers" -Server "dc.windomain.local"
} }
else else

8
Vagrant/scripts/fix-second-network.ps1
View File

@@ -5,24 +5,22 @@ if (! (Test-Path 'C:\Program Files\VMware\VMware Tools')) {
Write-Host "Nothing to do for other providers than VMware." Write-Host "Nothing to do for other providers than VMware."
exit 0 exit 0
} }
Write-Host "Setting IP address and DNS information for the second network adapter" Write-Host "Setting IP address and DNS information for the Ethernet1 interface"
Write-Host "If this step times out, it's because vagrant is connecting to the VM on the wrong interface"
Write-Host "See https://github.com/clong/DetectionLab/issues/114 for more information"
$subnet = $ip -replace "\.\d+$", "" $subnet = $ip -replace "\.\d+$", ""
write-host "debug 1"
$name = (Get-NetIPAddress -AddressFamily IPv4 ` $name = (Get-NetIPAddress -AddressFamily IPv4 `
| Where-Object -FilterScript { ($_.IPAddress).StartsWith($subnet) } ` | Where-Object -FilterScript { ($_.IPAddress).StartsWith($subnet) } `
).InterfaceAlias ).InterfaceAlias
write-host "debug 2"
if (!$name) { if (!$name) {
$name = (Get-NetIPAddress -AddressFamily IPv4 ` $name = (Get-NetIPAddress -AddressFamily IPv4 `
| Where-Object -FilterScript { ($_.IPAddress).StartsWith("169.254.") } ` | Where-Object -FilterScript { ($_.IPAddress).StartsWith("169.254.") } `
).InterfaceAlias ).InterfaceAlias
} }
write-host "debug 3"
if ($name) { if ($name) {
Write-Host "Set IP address to $ip of interface $name" Write-Host "Set IP address to $ip of interface $name"
& netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$subnet.1" & netsh.exe int ip set address "$name" static $ip 255.255.255.0 "$subnet.1"
write-host "debug 4"
if ($dns) { if ($dns) {
Write-Host "Set DNS server address to $dns of interface $name" Write-Host "Set DNS server address to $dns of interface $name"
& netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1 & netsh.exe interface ipv4 add dnsserver "$name" address=$dns index=1

21
Vagrant/scripts/install-sysinternals.ps1
View File

@@ -24,25 +24,28 @@ $sysmonPath = "C:\Tools\Sysinternals\Sysmon64.exe"
$tcpviewPath = "C:\Tools\Sysinternals\Tcpview.exe" $tcpviewPath = "C:\Tools\Sysinternals\Tcpview.exe"
$sysmonConfigPath = "$sysmonDir\sysmonConfig.xml" $sysmonConfigPath = "$sysmonDir\sysmonConfig.xml"
# Microsoft likes TLSv1.2 as well
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Host "Downloading Autoruns64.exe..." Write-Host "Downloading Autoruns64.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/Autoruns64.exe" -OutFile $autorunsPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Autoruns64.exe', $autorunsPath)
Write-Host "Downloading Procmon.exe..." Write-Host "Downloading Procmon.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/Procmon.exe" -OutFile $procmonPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Procmon.exe', $procmonPath)
Write-Host "Downloading PsExec64.exe..." Write-Host "Downloading PsExec64.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/PsExec64.exe" -OutFile $psexecPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/PsExec64.exe', $psexecPath)
Write-Host "Downloading procexp64.exe..." Write-Host "Downloading procexp64.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/procexp64.exe" -OutFile $procexpPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/procexp64.exe', $procexpPath)
Write-Host "Downloading Sysmon64.exe..." Write-Host "Downloading Sysmon64.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/Sysmon64.exe" -Outfile $sysmonPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Sysmon64.exe', $sysmonPath)
Write-Host "Downloading Tcpview.exe..." Write-Host "Downloading Tcpview.exe..."
Invoke-WebRequest -Uri "https://live.sysinternals.com/Tcpview.exe" -Outfile $tcpviewPath (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Tcpview.exe', $tcpviewPath)
Copy-Item $sysmonPath $sysmonDir Copy-Item $sysmonPath $sysmonDir
# Download SwiftOnSecurity's Sysmon config # Download SwiftOnSecurity's Sysmon config
Write-Host "Downloading SwiftOnSecurity's Sysmon config..." Write-Host "Downloading SwiftOnSecurity's Sysmon config..."
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml" -Outfile "$sysmonConfigPath" (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml', "$sysmonConfigPath")
# Alternative: Download Olaf Hartong's Sysmon config (more CPU intensive) # Alternative: Download Olaf Hartongs Sysmon config (more CPU intensive)
#Invoke-WebRequest -Uri "https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml" -Outfile "$sysmonConfigPath" # (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml, "$sysmonConfigPath"
# Start Sysmon # Start Sysmon
Write-Host "Starting Sysmon..." Write-Host "Starting Sysmon..."