From c8dca0f77f6c4ac84e11d6ed6417448e251d22a9 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Thu, 20 May 2021 15:02:26 -0700 Subject: [PATCH] Updates for exchange --- Vagrant/scripts/install-exchange.ps1 | 52 +++++++++++------------- Vagrant/scripts/install-sysinternals.ps1 | 10 +++++ Vagrant/scripts/join-domain.ps1 | 2 +- ci/build_machine_bootstrap.sh | 3 ++ ci/copy_to_s3.sh | 25 ++++++------ ci/manual_machine_bootstrap.sh | 3 ++ ci/manual_machine_bootstrap_vmware.sh | 13 +++--- 7 files changed, 61 insertions(+), 47 deletions(-) diff --git a/Vagrant/scripts/install-exchange.ps1 b/Vagrant/scripts/install-exchange.ps1 index 5ca36fa..96f41e2 100644 --- a/Vagrant/scripts/install-exchange.ps1 +++ b/Vagrant/scripts/install-exchange.ps1 @@ -33,7 +33,14 @@ If ($physicalMemory -lt 8000000000) { Write-Host "It is STRONGLY recommended that you provide this host with 8GB+ of memory before continuing or it is highly likely that it will run out of memory while installing Exchange." } +# If we're installing Exchange, we can remove the ATA ISO +if (Test-Path "C:\Microsoft ATA 1.9.iso") { + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Removing the ATA ISO to save space" + Remove-Item -Path "C:\Microsoft ATA 1.9.iso" +} + # Gotta temporarily re-enable these services +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Temporarily re-enabling TrustedInstaller and Windows Update services..." Set-Service TrustedInstaller -StartupType Automatic Start-Service TrustedInstaller Set-Service wuauserv -StartupType Automatic @@ -143,29 +150,21 @@ If (-not(Test-Path c:\exchange_prereqs_complete.txt)) { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) C++ 2013 Redistributable installation successfully completed!" } } + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Re-disabling TrustedInstaller and Windows Update services..." Stop-Service wuauserv Set-Service wuauserv -StartupType Disabled Set-Service TrustedInstaller -StartupType Disabled Stop-Service TrustedInstaller # Create a file so this script knows to skip pre-req installation upon next run. New-Item -Path "c:\exchange_prereqs_complete.txt" -ItemType "file" - Write-Host "A reboot is required to continue installation of exchange." - Write-Host "Rebooting in 3 seconds..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] A reboot is required to continue installation of exchange." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Rebooting in 3 seconds..." Start-Sleep -Seconds 3 shutdown /r /t 1 + exit 0 - # $reboot = Read-Host "Would you like to reboot now? [y/n]" - # If ($reboot -eq "y") { - # Write-Host "Rebooting in 3 seconds..." - # Start-Sleep -Seconds 3 - # shutdown /r /t 1 - # exit - # } Else { - # Write-Host "Okay, exiting." - # exit - # } } Else { - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) It appears the Exchange prerequisites have been installed already. Continuing installation..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] It appears the Exchange prerequisites have been installed already. Continuing installation..." } If (-not (Test-Path $exchangeFolder)) { @@ -177,12 +176,14 @@ Set-Location -Path $exchangeFolder # Download Exchange ISO and mount it $ProgressPreference = 'SilentlyContinue' If (-not (Test-Path $exchangeISOPath)) { - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading the Exchange 2016 ISO..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Exchange ISO not found at $exchangeISOPath..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] Downloading the Exchange 2016 ISO..." Invoke-WebRequest -Uri "$exchangeDownloadUrl" -OutFile $exchangeISOPath } Else { - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) The Exchange ISO was already downloaded. Moving On." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [+] The Exchange ISO was already downloaded. Moving On." } -If (-not (Test-Path "E:\Setup.EXE")) { +If (-not (Test-Path "d:\Setup.EXE")) { + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) The Exchange ISO doesn't appear to be mounted." Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Mounting the Exchange 2016 ISO..." if (Mount-DiskImage -ImagePath $exchangeISOPath) { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) ISO mounted successfully." @@ -191,21 +192,14 @@ If (-not (Test-Path "E:\Setup.EXE")) { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) The Exchange ISO was already mounted. Moving On." } -################################### -## DEBUGGING STUFF ## -################################### -## Probably a good idea to add some code to see if this script is being run manually or by ansible or not -## Or maybe just split this into two separate scripts - prereq install + exchange install -# (Get-CimInstance win32_process -Filter "ProcessID=$PID" | ? { $_.processname -eq "pwsh.exe" }) | select commandline -# https://stackoverflow.com/questions/9738535/powershell-test-for-noninteractive-mode - -<# If (Test-Path "E:\Setup.exe") { - Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/PrepareSchema", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait - Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/PrepareAD", "/OrganizationName: DetectionLab", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait - Start-Process cmd.exe -ArgumentList "/k", "e:\setup.exe", "/Mode:Install", "/Role:Mailbox", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait +If (Test-Path "d:\Setup.exe") { + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Beginning installation of Exchange 2016..." + Start-Process cmd.exe -ArgumentList "/k", "d:\setup.exe", "/PrepareSchema", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait + Start-Process cmd.exe -ArgumentList "/k", "d:\setup.exe", "/PrepareAD", "/OrganizationName: DetectionLab", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait + Start-Process cmd.exe -ArgumentList "/k", "d:\setup.exe", "/Mode:Install", "/Role:Mailbox", "/IAcceptExchangeServerLicenseTerms" -Credential $credential -Wait + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Exchange installation complete!" } Else { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong downloading or mounting the ISO..." } - #> diff --git a/Vagrant/scripts/install-sysinternals.ps1 b/Vagrant/scripts/install-sysinternals.ps1 index da00183..52ef6b2 100755 --- a/Vagrant/scripts/install-sysinternals.ps1 +++ b/Vagrant/scripts/install-sysinternals.ps1 @@ -23,6 +23,7 @@ $procmonPath = "C:\Tools\Sysinternals\Procmon.exe" $psexecPath = "C:\Tools\Sysinternals\PsExec64.exe" $procexpPath = "C:\Tools\Sysinternals\procexp64.exe" $sysmonPath = "C:\Tools\Sysinternals\Sysmon64.exe" +$sdeletePath = "C:\Tools\Sysinternals\Sdelete64.exe" $tcpviewPath = "C:\Tools\Sysinternals\Tcpview.exe" $sysmonConfigPath = "$sysmonDir\sysmonConfig.xml" $shortcutLocation = "$ENV:ALLUSERSPROFILE\Microsoft\Windows\Start Menu\Programs\" @@ -72,6 +73,15 @@ $Shortcut = $WScriptShell.CreateShortcut($ShortcutLocation + "Process Explorer.l $Shortcut.TargetPath = $procexpPath $Shortcut.Save() +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading sdelete64.exe..." +Try { + (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/sdelete64.exe', $sdeletePath) +} +Catch { + Write-Host "HTTPS connection failed. Switching to HTTP :(" + (New-Object System.Net.WebClient).DownloadFile('http://live.sysinternals.com/sdelete64.exe', $sdeletePath) +} + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Sysmon64.exe..." Try { (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Sysmon64.exe', $sysmonPath) diff --git a/Vagrant/scripts/join-domain.ps1 b/Vagrant/scripts/join-domain.ps1 index 552eac2..7ee1629 100755 --- a/Vagrant/scripts/join-domain.ps1 +++ b/Vagrant/scripts/join-domain.ps1 @@ -19,7 +19,7 @@ $pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force $DomainCred = New-Object System.Management.Automation.PSCredential $user, $pass # Place the computer in the correct OU based on hostname -If ($hostname -eq "wef") { +If (($hostname -eq "wef") -or ($hostname -eq "exchange")) { Add-Computer -DomainName "windomain.local" -credential $DomainCred -OUPath "ou=Servers,dc=windomain,dc=local" -PassThru # Attempt to fix Issue #517 Set-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control' -Name 'WaitToKillServiceTimeout' -Value '500' -Type String -Force -ea SilentlyContinue diff --git a/ci/build_machine_bootstrap.sh b/ci/build_machine_bootstrap.sh index 0cc08aa..b6c4a27 100755 --- a/ci/build_machine_bootstrap.sh +++ b/ci/build_machine_bootstrap.sh @@ -97,6 +97,9 @@ sysctl -p /etc/sysctl.conf > /dev/null # Make the Vagrant instances headless cd /opt/DetectionLab/Vagrant || exit 1 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant/Exchange || exit 1 +sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant || exit 1 # If the boxes are present on external storage, we can modify the Vagrantfile to # point to the boxes on disk so we don't have to download them diff --git a/ci/copy_to_s3.sh b/ci/copy_to_s3.sh index 98b8903..628ea67 100644 --- a/ci/copy_to_s3.sh +++ b/ci/copy_to_s3.sh @@ -8,9 +8,11 @@ aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY aws configure set default.region us-west-1 export BUCKET_NAME="FILL_ME_IN" +EXCHANGE_EXISTS=0 + cd /opt/DetectionLab/Vagrant || exit 1 echo "Clearing out Splunk indexes" -ssh -i /opt/DetectionLab/Vagrant/.vagrant/machines/logger/virtualbox/private_key vagrant@192.168.38.105 'sudo /opt/splunk/bin/splunk stop && sudo /opt/splunk/bin/splunk clean eventdata -f' +ssh -o StrictHostKeyChecking=no -i /opt/DetectionLab/Vagrant/.vagrant/machines/logger/virtualbox/private_key vagrant@192.168.38.105 'sudo /opt/splunk/bin/splunk stop && sudo /opt/splunk/bin/splunk clean eventdata -f' echo "Running WinRM Commands to open WinRM on the firewall..." for host in dc wef win10; @@ -25,7 +27,7 @@ echo "Running WinRM Commands to clear the event logs..." for host in dc wef win10; do echo "Clearing event logs on $host..." - vagrant winrm -e -s powershell -c "Clear-Eventlog -Log Application, System" $host + vagrant winrm -e -s powershell -c 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}' $host sleep 2 done @@ -38,17 +40,15 @@ do done ## Check for exchange box -if [ -f "/opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/*/private_key" ]; then +if ls /opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/*/id 1> /dev/null 2>&1; then EXCHANGE_EXISTS=1 cd /opt/DetectionLab/Vagrant/Exchange || exit 1 - echo "Exchange appears to have been built! Running the above commands on exchange." + echo "Exchange appears to have been built. Running the above commands on exchange." host="exchange" echo "Running 'Set-NetFirewallRule -Name WINRM-HTTP-In-TCP -Profile Any' on $host..." vagrant winrm -e -c "Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP' -Profile Any" -s powershell $host; sleep 2 - echo "Running 'Set-NetFirewallRule -Name WINRM-HTTP-In-TCP-NoScope -Profile Any' on $host..." - vagrant winrm -c "Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP-NoScope' -Profile Any" -s powershell $host; sleep 2 echo "Clearing event logs on $host..." - vagrant winrm -e -s powershell -c "Clear-Eventlog -Log Application, System" $host + vagrant winrm -e -s powershell -c 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}' $host echo "Printing activivation status..." vagrant winrm -s powershell -c "cscript c:\windows\system32\slmgr.vbs /dlv" $host fi @@ -86,26 +86,27 @@ if which vmrun; then tmux send-keys -t "$sn:3" 'ovftool /opt/DetectionLab/Vagrant/.vagrant/machines/wef/vmware_desktop/*/WindowsServer2016.vmx /root/wef.ova && echo -n "success" > /root/wef.export || echo "failed" > /root/wef.export' Enter tmux send-keys -t "$sn:4" 'ovftool /opt/DetectionLab/Vagrant/.vagrant/machines/win10/vmware_desktop/*/windows_10.vmx /root/win10.ova && echo -n "success" > /root/win10.export || echo "failed" > /root/win10.export' Enter if [ "$EXCHANGE_EXISTS" -eq 1 ]; then - tmux send-keys -t "$sn:4" 'ovftool /opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/vmware_desktop/*/exchange.vmx /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter + tmux send-keys -t "$sn:5" 'ovftool /opt/DetectionLab/Vagrant/Exchange/.vagrant/machines/exchange/vmware_desktop/*/exchange.vmx /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter fi else tmux send-keys -t "$sn:2" 'vboxmanage export dc.windomain.local -o /root/dc.ova && echo -n "success" > /root/dc.export || echo "failed" > /root/dc.export' Enter tmux send-keys -t "$sn:3" 'vboxmanage export wef.windomain.local -o /root/wef.ova && echo -n "success" > /root/wef.export || echo "failed" > /root/wef.export' Enter tmux send-keys -t "$sn:4" 'vboxmanage export win10.windomain.local -o /root/win10.ova && echo -n "success" > /root/win10.export || echo "failed" > /root/win10.export' Enter if [ "$EXCHANGE_EXISTS" -eq 1 ]; then - tmux send-keys -t "$sn:4" 'vboxmanage export exchange.windomain.local -o /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter + tmux send-keys -t "$sn:5" 'vboxmanage export exchange.windomain.local -o /root/exchange.ova && echo -n "success" > /root/exchange.export || echo "failed" > /root/exchange.export' Enter fi fi # Sleep until all exports are complete while [[ ! -f /root/dc.export || ! -f /root/wef.export || ! -f /root/win10.export ]]; +do if [ "$EXCHANGE_EXISTS" -eq 1 ]; then - if [ ! -f /root/exchange.export ]; - do sleep 5 + if [ ! -f /root/exchange.export ]; then + sleep 5 echo "Waiting for the OVA export to complete. Sleeping for 5." fi else - do sleep 5 + sleep 5 echo "Waiting for the OVA export to complete. Sleeping for 5." fi done diff --git a/ci/manual_machine_bootstrap.sh b/ci/manual_machine_bootstrap.sh index 59ff6e2..bc3f939 100644 --- a/ci/manual_machine_bootstrap.sh +++ b/ci/manual_machine_bootstrap.sh @@ -36,6 +36,9 @@ vagrant plugin install vagrant-reload # Make the Vagrant instances headless cd /opt/DetectionLab/Vagrant || exit 1 sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant/Exchange || exit 1 +sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant || exit 1 # Install Packer mkdir /opt/packer diff --git a/ci/manual_machine_bootstrap_vmware.sh b/ci/manual_machine_bootstrap_vmware.sh index 319d98f..f87ac59 100644 --- a/ci/manual_machine_bootstrap_vmware.sh +++ b/ci/manual_machine_bootstrap_vmware.sh @@ -14,9 +14,9 @@ apt-get install -y linux-headers-"$(uname -r)" build-essential unzip git ufw apa pip install awscli --upgrade --user cp /root/.local/bin/aws /usr/local/bin/aws && chmod +x /usr/local/bin/aws -wget -O VMware-Workstation-Full-16.0.0-16894299.x86_64.bundle "https://download3.vmware.com/software/wkst/file/VMware-Workstation-Full-16.0.0-16894299.x86_64.bundle" -chmod +x VMware-Workstation-Full-16.0.0-16894299.x86_64.bundle -sudo sh VMware-Workstation-Full-16.0.0-16894299.x86_64.bundle --console --required --eulas-agreed --set-setting vmware-workstation serialNumber $SERIALNUMBER +wget -O VMware-Workstation-Full-16.1.1-17801498.x86_64.bundle "https://download3.vmware.com/software/wkst/file/VMware-Workstation-Full-16.1.1-17801498.x86_64.bundle" +chmod +x VMware-Workstation-Full-16.1.1-17801498.x86_64.bundle +sudo sh VMware-Workstation-Full-16.1.1-17801498.x86_64.bundle --console --required --eulas-agreed --set-setting vmware-workstation serialNumber $SERIALNUMBER # Set up firewall ufw allow ssh @@ -37,12 +37,15 @@ vagrant plugin install vagrant-reload vagrant plugin install vagrant-vmware-desktop echo $LICENSEFILE | base64 -d > /tmp/license.lic vagrant plugin license vagrant-vmware-desktop /tmp/license.lic -wget --progress=bar:force "https://releases.hashicorp.com/vagrant-vmware-utility/1.0.12/vagrant-vmware-utility_1.0.12_x86_64.deb" -dpkg -i vagrant-vmware-utility_1.0.12_x86_64.deb +wget --progress=bar:force "https://releases.hashicorp.com/vagrant-vmware-utility/1.0.20/vagrant-vmware-utility_1.0.20_x86_64.deb" +dpkg -i vagrant-vmware-utility_1.0.20_x86_64.deb # Make the Vagrant instances headless cd /opt/DetectionLab/Vagrant || exit 1 sed -i 's/v.gui = true/v.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant/Exchange || exit 1 +sed -i 's/v.gui = true/v.gui = false/g' Vagrantfile +cd /opt/DetectionLab/Vagrant || exit 1 # Install Packer mkdir /opt/packer