Move Exchange to AddOns Folder

Addons/Exchange/Azure/Ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory.yml
+host_key_checking = False

Addons/Exchange/Azure/Ansible/exchange.yml

@@ -0,0 +1,6 @@
+---
+- hosts: exchange
+  roles:
+    - exchange
+    - common
+  tags: exchange

Addons/Exchange/Azure/Ansible/group_vars/all.yml

@@ -0,0 +1 @@
+../../../../Azure/Ansible/group_vars/all.yml

Addons/Exchange/Azure/Ansible/roles/common

@@ -0,0 +1 @@
+../../../../../Azure/Ansible/roles/common

Addons/Exchange/Azure/Ansible/roles/exchange/tasks/main.yml

@@ -0,0 +1,137 @@
+---
+
+- name: Hostname -> EXCHANGE
+  win_hostname:
+    name: EXCHANGE
+  register: res
+
+- name: Reboot
+  win_reboot:
+  when: res.reboot_required
+
+- name: Set HostOnly DNS Address
+  win_dns_client:
+    adapter_names: '*'
+    ipv4_addresses:
+      - 192.168.38.102
+      - 8.8.8.8
+    log_path: C:\dns_log.txt
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_join_domain
+  changed_when: "'HasSucceeded : True' in exchange_join_domain.stdout"
+
+- debug: msg="{{ exchange_join_domain.stdout_lines }}"
+
+- name: Reboot After Joining the Domain
+  win_reboot:
+    msg: "Joining the domain. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Install Exchange Prereqs
+  win_command: powershell.exe .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_prereqs
+  changed_when: "'A reboot is required to continue installation of exchange.' in exchange_prereqs.stdout"
+
+- debug: msg="{{ exchange_prereqs.stdout_lines }}"
+
+- name: Reboot After Installing Exchange PreReqs
+  win_reboot:
+    msg: "Exchange Prereqs installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Download Exchange ISO and Mount It
+  win_shell: .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: download_exchange_iso
+
+- name: Prepare Schema
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareSchema
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: prepare_schema
+
+- name: Prepare AD
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareAD
+      /OrganizationName: DetectionLab
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: prepare_ad
+
+- name: Install Exchange
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /Mode:Install
+      /Role:Mailbox
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: install_exchange
+
+- name: Reboot after Exchange Installation
+  win_reboot:
+    msg: "Exchange installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+
+- name: Configure EXCHANGE with raw Commands
+  win_shell: "{{ item }}"
+  with_items:
+    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
+
+

Addons/Exchange/Azure/Terraform/locals.tf

@@ -0,0 +1,3 @@
+locals {  
+  exchange_url    = "https://${azurerm_public_ip.exchange-publicip.ip_address}"
+}

Addons/Exchange/Azure/Terraform/main.tf

@@ -0,0 +1,81 @@
+resource "azurerm_virtual_machine" "exchange" {
+  name = "exchange.windomain.local"
+  location = var.region
+  resource_group_name  = azurerm_resource_group.detectionlab.name
+  network_interface_ids = [azurerm_network_interface.exchange-nic[count.index].id]
+  vm_size               = "Standard_D3_v2"
+
+  delete_os_disk_on_termination = true
+
+  storage_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter"
+    version   = "latest"
+  }
+
+  os_profile {
+    computer_name  = "exchange"
+    admin_username = "vagrant"
+    admin_password = "Vagrant123"
+    custom_data    = local.custom_data_content
+  }
+
+  os_profile_windows_config {
+    provision_vm_agent        = true
+    enable_automatic_upgrades = false
+
+    # Auto-Login's required to configure WinRM
+    additional_unattend_config {
+      pass         = "oobeSystem"
+      component    = "Microsoft-Windows-Shell-Setup"
+      setting_name = "AutoLogon"
+      content      = "<AutoLogon><Password><Value>Vagrant123</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>vagrant</Username></AutoLogon>"
+    }
+
+    # Unattend config is to enable basic auth in WinRM, required for the provisioner stage.
+    # https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/provisioners/windows/files/FirstLogonCommands.xml
+    additional_unattend_config {
+      pass         = "oobeSystem"
+      component    = "Microsoft-Windows-Shell-Setup"
+      setting_name = "FirstLogonCommands"
+      content      = file("${path.module}/files/FirstLogonCommands.xml")
+    }
+  }
+
+  storage_os_disk {
+    name              = "OsDiskExchange"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+
+  tags = {
+    role = "exchange"
+  }
+}
+
+resource "azurerm_network_interface" "exchange-nic" {
+  name = "exchange-nic"
+  location = var.region
+  resource_group_name  = azurerm_resource_group.detectionlab.name
+
+  ip_configuration {
+    name                          = "myNicConfiguration"
+    subnet_id                     = azurerm_subnet.detectionlab-subnet.id
+    private_ip_address_allocation = "Static"
+    private_ip_address            = "192.168.38.106"
+    public_ip_address_id          = azurerm_public_ip.exchange-publicip[count.index].id
+  }
+}
+
+resource "azurerm_public_ip" "exchange-publicip" {
+  name                = "exchange-public-ip"
+  location            = var.region
+  resource_group_name = azurerm_resource_group.detectionlab.name
+  allocation_method   = "Static"
+
+  tags = {
+    role = "exchange"
+  }
+}

Addons/Exchange/Azure/Terraform/outputs.tf

@@ -0,0 +1,7 @@
+output "exchange_public_ip" {
+  value = azurerm_public_ip.exchange-publicip
+}
+
+output "exchange_url" {
+  value = local.exchange_url
+}

Addons/Exchange/ESXi/Ansible/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory = inventory.yml

Addons/Exchange/ESXi/Ansible/exchange.yml

@@ -0,0 +1,6 @@
+---
+- hosts: exchange
+  roles:
+    - exchange
+    - common
+  tags: exchange

Addons/Exchange/ESXi/Ansible/group_vars/all.yml

@@ -0,0 +1 @@
+../../../../../ESXi/Ansible/group_vars/all.yml

Addons/Exchange/ESXi/Ansible/roles/common

@@ -0,0 +1 @@
+../../../../../ESXi/Ansible/roles/common

Addons/Exchange/ESXi/Ansible/roles/exchange/tasks/main.yml

@@ -0,0 +1,126 @@
+---
+
+- name: Hostname -> EXCHANGE
+  win_hostname:
+    name: EXCHANGE
+  register: res
+
+- name: Reboot
+  win_reboot:
+  when: res.reboot_required
+
+- name: Set HostOnly IP Address
+  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.106'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.106 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"
+
+- name: Set HostOnly DNS Address
+  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.38.102,8.8.8.8"
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_join_domain
+  changed_when: "'HasSucceeded : True' in exchange_join_domain.stdout"
+
+- debug: msg="{{ exchange_join_domain.stdout_lines }}"
+
+- name: Reboot After Joining the Domain
+  win_reboot:
+    msg: "Joining the domain. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Install Exchange Prereqs
+  win_shell: .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_prereqs
+  changed_when: "'A reboot is required to continue installation of exchange.' in exchange_prereqs.stdout"
+
+- name: Reboot After Installing Exchange PreReqs
+  win_reboot:
+    msg: "Exchange Prereqs installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Download Exchange ISO and Mount It
+  win_shell: .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: download_exchange_iso
+
+- name: Prepare Schema
+  win_package:
+    path: E:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareSchema
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN.local\Administrator
+    ansible_become_password: vagrant
+  register: prepare_schema
+
+- name: Prepare AD
+  win_package:
+    path: E:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareAD
+      /OrganizationName: DetectionLab
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN.local\Administrator
+    ansible_become_password: vagrant
+  register: prepare_ad
+
+- name: Install Exchange
+  win_package:
+    path: E:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /Mode:Install
+      /Role:Mailbox
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN.local\Administrator
+    ansible_become_password: vagrant
+  register: install_exchange
+
+- name: Reboot after Exchange Installation
+  win_reboot:
+    msg: "Exchange installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+

Addons/Exchange/ESXi/Terraform/main.tf

@@ -0,0 +1,40 @@
+#########################################
+#  ESXI Provider host/login details
+#########################################
+#
+#   Use of variables here to hide/move the variables to a separate file
+#
+provider "esxi" {
+  esxi_hostname = var.esxi_hostname
+  esxi_hostport = var.esxi_hostport
+  esxi_username = var.esxi_username
+  esxi_password = var.esxi_password
+}
+
+resource "esxi_guest" "exchange" {
+  guest_name = "exchange"
+  disk_store = var.esxi_datastore
+  guestos    = "windows9srv-64"
+
+  boot_disk_type = "thin"
+
+  memsize            = "8192"
+  numvcpus           = "4"
+  resource_pool_name = "/"
+  power              = "on"
+  clone_from_vm = "WindowsServer2016"
+  # This is the network that bridges your host machine with the ESXi VM
+  network_interfaces {
+    virtual_network = var.vm_network
+    mac_address     = "00:50:56:a1:b2:c5"
+    nic_type        = "e1000"
+  }
+  # This is the local network that will be used for 192.168.38.x addressing
+  network_interfaces {
+    virtual_network = var.hostonly_network
+    mac_address     = "00:50:56:a1:b4:c5"
+    nic_type        = "e1000"
+  }
+  guest_startup_timeout  = 45
+  guest_shutdown_timeout = 30
+}

Addons/Exchange/ESXi/Terraform/outputs.tf

@@ -0,0 +1,7 @@
+output "exchange_interfaces" {
+  value = esxi_guest.exchange.network_interfaces
+}
+
+output "exchange_ips" {
+  value = esxi_guest.exchange.ip_address
+}

Addons/Exchange/ESXi/Terraform/variables.tf

@@ -0,0 +1 @@
+../../../../ESXi/variables.tf

Addons/Exchange/ESXi/Terraform/versions.tf

@@ -0,0 +1,9 @@
+terraform {     
+  required_version = ">= 0.13"                                                                                                                                                                                                    
+  required_providers {                                                                                                                                                                                              
+    esxi = {                                                                                                                                                                                                        
+      source = "josenk/esxi"                                                                                                                                                                                        
+      version = "1.8.0"                                                                                                                                                                                             
+    }
+  }
+}

Addons/Exchange/Vagrant/Vagrantfile

@@ -0,0 +1,59 @@
+    config.vm.define "exchange" do |cfg|
+      cfg.vm.box = "detectionlab/win2016"
+      cfg.vm.hostname = "exchange"
+      cfg.vm.boot_timeout = 600
+      cfg.vm.communicator = "winrm"
+      cfg.winrm.basic_auth_only = true
+      cfg.winrm.timeout = 300
+      cfg.winrm.retry_limit = 20
+      cfg.vm.network :private_network, ip: "192.168.38.106", gateway: "192.168.38.1", dns: "192.168.38.102"
+
+      cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.106 -dns 8.8.8.8 -gateway 192.168.38.1" 
+      cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+      cfg.vm.provision "reload"
+      cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false
+      cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false
+      cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false 
+      cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false
+      cfg.vm.provision "shell", inline: 'cscript c:\windows\system32\slmgr.vbs /dlv', privileged: false
+
+      cfg.vm.provider "vmware_desktop" do |v, override|
+        v.vmx["displayname"] = "exchange.windomain.local"
+        v.memory = 8192
+        v.cpus = 4
+        v.gui = true
+        v.enable_vmrun_ip_lookup = false
+      end
+
+      cfg.vm.provider "virtualbox" do |vb, override|
+        vb.gui = true
+        vb.name = "exchange.windomain.local"
+        vb.default_nic_type = "82545EM"
+        vb.customize ["modifyvm", :id, "--memory", 8192]
+        vb.customize ["modifyvm", :id, "--cpus", 4]
+        vb.customize ["modifyvm", :id, "--vram", "32"]
+        vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
+        vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+        vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
+      end
+
+      cfg.vm.provider "libvirt" do |lv, override|
+        lv.graphics_type = "spice"
+        lv.video_type = "qxl"
+        lv.input :type => "tablet", :bus => "usb"
+        override.vm.box = "../Boxes/windows_2016_libvirt.box"
+        lv.video_vram = 32768
+        lv.memory = 8192
+        lv.cpus = 4
+        override.vm.synced_folder '.', '/', type: 'winrm' 
+      end
+    end
+  end

Addons/Exchange/Vagrant/resources

@@ -0,0 +1 @@
+../../../Vagrant/resources

Addons/Exchange/Vagrant/scripts

@@ -0,0 +1 @@
+../../../Vagrant/scripts