diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile
index c5712f0..6969716 100644
--- a/Vagrant/Vagrantfile
+++ b/Vagrant/Vagrantfile
@@ -29,10 +29,6 @@ Vagrant.configure("2") do |config|
cfg.vm.box = "detectionlab/win2016"
cfg.vm.hostname = "dc"
cfg.vm.boot_timeout = 600
- # use the plaintext WinRM transport and force it to use basic authentication.
- # NB this is needed because the default negotiate transport stops working
- # after the domain controller is installed.
- # see https://groups.google.com/forum/#!topic/vagrant-up/sZantuCM0q4
cfg.winrm.transport = :plaintext
cfg.vm.communicator = "winrm"
cfg.winrm.basic_auth_only = true
@@ -58,13 +54,14 @@ Vagrant.configure("2") do |config|
cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false
+ cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false
cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
cfg.vm.provider "vmware_desktop" do |v, override|
v.vmx["displayname"] = "dc.windomain.local"
- v.memory = 2560
+ v.memory = 3072
v.cpus = 2
v.gui = true
v.enable_vmrun_ip_lookup = false
@@ -74,7 +71,7 @@ Vagrant.configure("2") do |config|
vb.gui = true
vb.name = "dc.windomain.local"
vb.default_nic_type = "82545EM"
- vb.customize ["modifyvm", :id, "--memory", 2560]
+ vb.customize ["modifyvm", :id, "--memory", 3072]
vb.customize ["modifyvm", :id, "--cpus", 2]
vb.customize ["modifyvm", :id, "--vram", "32"]
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
@@ -145,12 +142,12 @@ Vagrant.configure("2") do |config|
cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102"
cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.104 -dns 192.168.38.102"
+ cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "reload"
cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/download_palantir_osquery.ps1", privileged: false
- cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false
cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
diff --git a/Vagrant/resources/GPO/rdp_users/manifest.xml b/Vagrant/resources/GPO/rdp_users/manifest.xml
new file mode 100644
index 0000000..fd766e0
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/manifest.xml
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
new file mode 100644
index 0000000..ab953e5
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/Backup.xml
@@ -0,0 +1,20 @@
+
+ 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 e8 03 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 11 ba 8e 91 83 90 50 4c a7 e8 f6 a4 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..ef38d8a
Binary files /dev/null and b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
new file mode 100644
index 0000000..88e7503
--- /dev/null
+++ b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/bkupInfo.xml
@@ -0,0 +1 @@
+
diff --git a/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml
new file mode 100644
index 0000000..58ca288
Binary files /dev/null and b/Vagrant/resources/GPO/rdp_users/{87A41109-E0FA-4D74-BE50-9ED009D4BAAF}/gpreport.xml differ
diff --git a/Vagrant/resources/windows/classic_shell_win7.reg b/Vagrant/resources/windows/classic_shell_win7.reg
new file mode 100644
index 0000000..83fb24e
--- /dev/null
+++ b/Vagrant/resources/windows/classic_shell_win7.reg
@@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\IvoSoft\ClassicStartMenu]
+"MenuStyle_Default"="Win7"
diff --git a/Vagrant/scripts/configure-powershelllogging.ps1 b/Vagrant/scripts/configure-powershelllogging.ps1
index 86628fd..213c323 100755
--- a/Vagrant/scripts/configure-powershelllogging.ps1
+++ b/Vagrant/scripts/configure-powershelllogging.ps1
@@ -1,7 +1,7 @@
# Purpose: Install the GPO that specifies the WEF collector
Write-Host "Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging..."
Import-GPO -BackupGpoName 'Powershell Logging' -Path "c:\vagrant\resources\GPO\powershell_logging" -TargetName 'Powershell Logging' -CreateIfNeeded
-$OU = "ou=Workstations,dc=windomain,dc=local"
+$OU = "ou=Workstations,dc=windomain,dc=local"
$gPLinks = $null
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name 'Powershell Logging'
@@ -11,9 +11,9 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
}
else
{
- Write-Host "Powershell Loggin was already linked at $OU. Moving On."
+ Write-Host "Powershell Logging was already linked at $OU. Moving On."
}
-$OU = "ou=Servers,dc=windomain,dc=local"
+$OU = "ou=Servers,dc=windomain,dc=local"
$gPLinks = $null
$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
$GPO = Get-GPO -Name 'Powershell Logging'
@@ -23,7 +23,7 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
}
else
{
- Write-Host "Powershell Loggin was already linked at $OU. Moving On."
+ Write-Host "Powershell Logging was already linked at $OU. Moving On."
}
$OU = "ou=Domain Controllers,dc=windomain,dc=local"
$gPLinks = $null
@@ -34,6 +34,6 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
}
else
{
- Write-Host "Powershell Loggin was already linked at $OU. Moving On."
+ Write-Host "Powershell Logging was already linked at $OU. Moving On."
}
gpupdate /force
diff --git a/Vagrant/scripts/configure-rdp-user-gpo.ps1 b/Vagrant/scripts/configure-rdp-user-gpo.ps1
new file mode 100644
index 0000000..19a1452
--- /dev/null
+++ b/Vagrant/scripts/configure-rdp-user-gpo.ps1
@@ -0,0 +1,29 @@
+# Purpose: Install the GPO that allows windomain\vagrant to RDP
+Write-Host "Importing the GPO to allow windomain/vagrant to RDP..."
+Import-GPO -BackupGpoName 'Allow Domain Users RDP' -Path "c:\vagrant\resources\GPO\rdp_users" -TargetName 'Allow Domain Users RDP' -CreateIfNeeded
+
+$OU = "ou=Workstations,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Allow Domain Users RDP'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
+{
+ New-GPLink -Name 'Allow Domain Users RDP' -Target $OU -Enforced yes
+}
+else
+{
+ Write-Host "Allow Domain Users RDP GPO was already linked at $OU. Moving On."
+}
+$OU = "ou=Servers,dc=windomain,dc=local"
+$gPLinks = $null
+$gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions
+$GPO = Get-GPO -Name 'Allow Domain Users RDP'
+If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path)
+{
+ New-GPLink -Name 'Allow Domain Users RDP' -Target $OU -Enforced yes
+}
+else
+{
+ Write-Host "Allow Domain Users RDP GPO was already linked at $OU. Moving On."
+}
+gpupdate /force
diff --git a/Vagrant/scripts/install-utilities.ps1 b/Vagrant/scripts/install-utilities.ps1
index 28225ea..2b2a419 100755
--- a/Vagrant/scripts/install-utilities.ps1
+++ b/Vagrant/scripts/install-utilities.ps1
@@ -1,19 +1,20 @@
-# Purpose: Installs chocolatey package manager, then installs custom utilities from Choco.
-
-If (-not (Test-Path "C:\ProgramData\chocolatey")) {
- Write-Host "Installing Chocolatey"
- iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
-} else {
- Write-Host "Chocolatey is already installed."
-}
-
-Write-Host "Installing utilities..."
-If ($(hostname) -eq "win10") {
- # Because the Windows10 start menu sucks
- choco install -y classic-shell -installArgs ADDLOCAL=ClassicStartMenu
-}
-choco install -y NotepadPlusPlus
-choco install -y GoogleChrome
-choco install -y WinRar
-
-Write-Host "Utilties installation complete!"
+# Purpose: Installs chocolatey package manager, then installs custom utilities from Choco.
+
+If (-not (Test-Path "C:\ProgramData\chocolatey")) {
+ Write-Host "Installing Chocolatey"
+ iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
+} else {
+ Write-Host "Chocolatey is already installed."
+}
+
+Write-Host "Installing utilities..."
+If ($(hostname) -eq "win10") {
+ # Because the Windows10 start menu sucks
+ choco install -y classic-shell -installArgs ADDLOCAL=ClassicStartMenu
+ reg import "c:\vagrant\resources\windows\classic_shell_win7.reg"
+}
+choco install -y NotepadPlusPlus
+choco install -y GoogleChrome
+choco install -y WinRar
+
+Write-Host "Utilties installation complete!"
diff --git a/ci/build_machine_bootstrap.sh b/ci/build_machine_bootstrap.sh
index f31f6a0..775155d 100755
--- a/ci/build_machine_bootstrap.sh
+++ b/ci/build_machine_bootstrap.sh
@@ -37,8 +37,10 @@ fi
echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list
sed -i "2ideb mirror://mirrors.ubuntu.com/mirrors.txt xenial main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-updates main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-backports main restricted universe multiverse\ndeb mirror://mirrors.ubuntu.com/mirrors.txt xenial-security main restricted universe multiverse" /etc/apt/sources.list
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
-apt-get update
-apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2
+echo "Running apt-get update..."
+apt-get -qq update
+echo "Running apt-get install..."
+apt-get -qq install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential unzip git ufw apache2
echo "building" > /var/www/html/index.html
@@ -52,10 +54,16 @@ if [ "$PACKER_ONLY" -eq 0 ]; then
# Install Vagrant
mkdir /opt/vagrant
cd /opt/vagrant || exit 1
- wget https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb
+ wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb
dpkg -i vagrant_2.2.4_x86_64.deb
vagrant plugin install vagrant-reload
+ # Make sure the plugin installed correctly. Retry if not.
+ if [ "$(vagrant plugin list | grep -c vagrant-reload)" -ne "1" ]; then
+ echo "The first attempt to install the vagrant-reload plugin failed. Trying again."
+ vagrant plugin install vagrant-reload
+ fi
+
# Make the Vagrant instances headless
cd /opt/DetectionLab/Vagrant || exit 1
sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
@@ -65,7 +73,7 @@ if [ "$VAGRANT_ONLY" -eq 0 ]; then
# Install Packer
mkdir /opt/packer
cd /opt/packer || exit 1
- wget https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip
+ wget --progress=bar:force https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip
unzip packer_1.3.2_linux_amd64.zip
cp packer /usr/local/bin/packer
diff --git a/ci/circle_workflows/vagrant_changes.sh b/ci/circle_workflows/vagrant_changes.sh
index a0f4943..6d6f56d 100644
--- a/ci/circle_workflows/vagrant_changes.sh
+++ b/ci/circle_workflows/vagrant_changes.sh
@@ -35,7 +35,7 @@ IP_ADDRESS=$(curl -s -X GET --header 'Accept: application/json' --header 'X-Auth
# Copy repo to Packet server
# TODO: Tar up the repo and expand it remotely
cd ~/repo
-rsync -Pav -e "ssh -i ~/.ssh/id_rsa" ~/repo/ root@"$IP_ADDRESS":/opt/DetectionLab
+rsync -Paq -e "ssh -i ~/.ssh/id_rsa" ~/repo/ root@"$IP_ADDRESS":/opt/DetectionLab
## Running install script on Packet server
ssh -i ~/.ssh/id_rsa root@"$IP_ADDRESS" 'bash -s' -- < ci/build_machine_bootstrap.sh --vagrant-only
@@ -46,16 +46,16 @@ while [ "$MINUTES_PAST" -lt 180 ]; do
STATUS=$(curl $IP_ADDRESS)
if [ "$STATUS" == "building" ]; then
echo "$STATUS"
- scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present"
+ scp -q -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present"
sleep 300
((MINUTES_PAST += 5))
else
- scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present"
+ scp -q -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/ || echo "Vagrant log not yet present"
break
fi
if [ "$MINUTES_PAST" -gt 180 ]; then
echo "Serer timed out. Uptime: $MINUTES_PAST minutes."
- scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/
+ scp -q -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/
curl -X DELETE --header 'Accept: application/json' --header 'X-Auth-Token: '"$PACKET_API_TOKEN" 'https://api.packet.net/devices/'"$DEVICE_ID"
exit 1
fi
@@ -64,7 +64,7 @@ done
## Recording the build results
echo $STATUS
if [ "$STATUS" != "success" ]; then
- scp -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/
+ scp -q -i ~/.ssh/id_rsa root@"$IP_ADDRESS":/opt/DetectionLab/Vagrant/vagrant_up_*.log /tmp/artifacts/
echo "Build failed. Cleaning up server with ID $DEVICE_ID"
curl -X DELETE --header 'Accept: application/json' --header 'X-Auth-Token: '"$PACKET_API_TOKEN" 'https://api.packet.net/devices/'"$DEVICE_ID"
exit 1