unless Vagrant.has_plugin?("vagrant-reload") raise 'vagrant-reload plugin is not installed! - run: vagrant plugin install vagrant-reload' end Vagrant.configure("2") do |config| config.vm.define "router" do |cfg| cfg.vm.box = "ubuntu/focal64" cfg.vm.hostname = "router" cfg.vm.network :private_network, ip: "192.168.38.2", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provider "virtualbox" do |vb| vb.gui = false vb.name = "router" vb.memory = "3072" vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive rm -rf /var/lib/apt/lists/* apt-get update apt-get -y upgrade apt-get -y autoremove apt-get clean cat <<-'EOF' >/opt/router.sh #!/bin/bash echo "1" > /proc/sys/net/ipv4/ip_forward modprobe ip_tables iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE EOF cat <<-'EOF' >/etc/systemd/system/router.service [Unit] After=network.service Description=Router [Service] Type=simple ExecStart=/opt/router.sh [Install] WantedBy=multi-user.target EOF chmod 744 /opt/router.sh chmod 664 /etc/systemd/system/router.service systemctl daemon-reload systemctl enable router.service systemctl start router.service SHELL end config.vm.define "logger" do |cfg| cfg.vm.box = "bento/ubuntu-18.04" cfg.vm.hostname = "logger" cfg.vm.network :private_network, ip: "192.168.38.105", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provision :shell, path: "logger_bootstrap.sh" cfg.vm.provision "shell", run: "always", inline: <<-SHELL route del default gw 10.0.2.2 route add default gw 192.168.38.2 SHELL cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive cat <<-'EOF' >/opt/default-gateway.sh #!/bin/bash route del default gw 10.0.2.2 route add default gw 192.168.38.2 EOF cat <<-'EOF' >/etc/systemd/system/default-gateway.service [Unit] After=network.service Description=default-gateway [Service] Type=simple ExecStart=/opt/default-gateway.sh [Install] WantedBy=multi-user.target EOF chmod 744 /opt/default-gateway.sh chmod 664 /etc/systemd/system/default-gateway.service systemctl daemon-reload systemctl enable default-gateway.service systemctl start default-gateway.service SHELL cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "logger" vb.customize ["modifyvm", :id, "--memory", 4096] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "dc" do |cfg| cfg.vm.box = "detectionlab/win2016" cfg.vm.hostname = "dc" cfg.vm.boot_timeout = 1200 cfg.winrm.transport = :plaintext cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 1200 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.102", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.102 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-ou.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-wef-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-powershelllogging.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-AuditingPolicyGPOs.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-rdp-user-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-disable-windows-defender-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-taskbar-layout-gpo.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'DC Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "dc.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 3072] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "wef" do |cfg| cfg.vm.box = "detectionlab/win2016" cfg.vm.hostname = "wef" cfg.vm.boot_timeout = 1200 cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 1200 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.103", gateway: "192.168.38.1", dns: "192.168.38.102" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: true, args: "-ip 192.168.38.103 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", path: "scripts/install-wefsubscriptions.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-splunkuf.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-windows_ta.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-evtx-attack-samples.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/configure-pslogstranscriptsshare.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: "Set-SmbServerConfiguration -AuditSmb1Access $true -Force", privileged: false cfg.vm.provision "shell", path: "scripts/install-microsoft-ata.ps1", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'WEF Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "wef.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 2048] vb.customize ["modifyvm", :id, "--cpus", 2] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "win10" do |cfg| cfg.vm.box = "detectionlab/win10" cfg.vm.hostname = "win10" cfg.vm.boot_timeout = 1200 cfg.vm.communicator = "winrm" cfg.winrm.basic_auth_only = true cfg.winrm.timeout = 1200 cfg.winrm.retry_limit = 20 cfg.vm.network :private_network, ip: "192.168.38.104", gateway: "192.168.38.1", dns: "192.168.38.102" cfg.vm.provision "shell", path: "scripts/fix-second-network.ps1", privileged: false, args: "-ip 192.168.38.104 -dns 8.8.8.8 -gateway 192.168.38.1" cfg.vm.provision "shell", path: "scripts/MakeWindows10GreatAgain.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "reload" cfg.vm.provision "shell", path: "scripts/provision.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/download_palantir_wef.ps1", privileged: false cfg.vm.provision "shell", inline: 'wevtutil el | Select-String -notmatch "Microsoft-Windows-LiveId" | Foreach-Object {wevtutil cl "$_"}', privileged: false cfg.vm.provision "shell", path: "scripts/install-utilities.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-redteam.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-choco-extras.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-osquery.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-sysinternals.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-velociraptor.ps1", privileged: false cfg.vm.provision "shell", path: "scripts/install-autorunstowineventlog.ps1", privileged: false cfg.vm.provision "shell", inline: "Write-Host 'Win10 Provisioning Complete!'", privileged: false cfg.vm.provision "shell", inline: "route delete -p 0.0.0.0 mask 0.0.0.0 10.0.2.2", privileged: true cfg.vm.provision "shell", inline: "route add -p 0.0.0.0 mask 0.0.0.0 192.168.38.2", privileged: true cfg.vm.provision "shell", inline: "netsh interface set interface \"Ethernet 2\" disable", privileged: true cfg.vm.provider "virtualbox" do |vb, override| vb.gui = false vb.name = "win10.windomain.local" vb.default_nic_type = "82545EM" vb.customize ["modifyvm", :id, "--memory", 2048] vb.customize ["modifyvm", :id, "--cpus", 1] vb.customize ["modifyvm", :id, "--vram", "32"] vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"] vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ] end end config.vm.define "kali", autostart: false do |cfg| cfg.vm.box = "kalilinux/rolling" cfg.vm.hostname = "kali" cfg.vm.network :private_network, ip: "192.168.38.20", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.network :private_network, ip: "192.168.39.20", gateway: "192.168.39.1", dns: "8.8.8.8" cfg.vm.provision "shell", run: "always", inline: <<-SHELL route del default gw 10.0.2.2 route add default gw 192.168.38.2 SHELL cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive cat <<-'EOF' >/opt/default-gateway.sh #!/bin/bash route del default gw 10.0.2.2 route add default gw 192.168.38.2 EOF cat <<-'EOF' >/etc/systemd/system/default-gateway.service [Unit] After=network.service Description=default-gateway [Service] Type=simple ExecStart=/opt/default-gateway.sh [Install] WantedBy=multi-user.target EOF chmod 744 /opt/default-gateway.sh chmod 664 /etc/systemd/system/default-gateway.service systemctl daemon-reload systemctl enable default-gateway.service systemctl start default-gateway.service SHELL cfg.vm.provider "virtualbox" do |vb| vb.name = "kali" vb.gui = false vb.cpus = 2 vb.memory = "4096" end end config.vm.define "securityonion", autostart: false do |cfg| cfg.vm.box = "ubuntu/trusty64" cfg.vm.hostname = "securityonion" cfg.vm.network :private_network, ip: "192.168.38.10", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.network :private_network, ip: "192.168.39.10", gateway: "192.168.39.1", dns: "8.8.8.8" cfg.vm.provider "virtualbox" do |vb| vb.name = "securityonion" vb.memory = "4096" vb.gui = false vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive iptables -F rm -rf /var/lib/apt/lists/* apt-get update apt-get -y install software-properties-common add-apt-repository -y ppa:securityonion/stable apt-get update apt-get -y install securityonion-all syslog-ng-core apt-get -y autoremove apt-get clean sosetup -y -f /vagrant/resources/securityonion/sosetup.conf ufw allow 443/tcp SHELL end config.vm.define "malcolm", autostart: false do |cfg| cfg.vm.box = "ubuntu/bionic64" cfg.vm.hostname = "malcolm" cfg.vm.network :private_network, ip: "192.168.38.11", gateway: "192.168.38.1", dns: "8.8.8.8" cfg.vm.network :private_network, ip: "192.168.39.11", gateway: "192.168.39.1", dns: "8.8.8.8" cfg.vm.provider "virtualbox" do |vb| vb.name = "malcolm" vb.memory = "10240" vb.gui = false vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] end cfg.vm.provision "shell", inline: <<-SHELL export DEBIAN_FRONTEND=noninteractive iptables -F apt update apt install -y screen echo "# the maximum number of open file handles" > /etc/security/limits.d/limits.conf echo "* soft nofile 65535" > /etc/security/limits.d/limits.conf echo "* hard nofile 65535" > /etc/security/limits.d/limits.conf echo "# do not limit the size of memory that can be locked" > /etc/security/limits.d/limits.conf echo "* soft memlock unlimited" > /etc/security/limits.d/limits.conf echo "* hard memlock unlimited" > /etc/security/limits.d/limits.conf echo fs.file-max=2097152 >> /etc/sysctl.conf echo fs.inotify.max_user_watches=131072 >> /etc/sysctl.conf echo fs.inotify.max_queued_events=131072 >> /etc/sysctl.conf echo fs.inotify.max_user_instances=512 >> /etc/sysctl.conf echo vm.max_map_count=262144 >> /etc/sysctl.conf echo vm.swappiness=1 >> /etc/sysctl.conf echo net.core.somaxconn=65535 >> /etc/sysctl.conf echo vm.dirty_background_ratio=40 >> /etc/sysctl.conf echo vm.dirty_ratio=80 >> /etc/sysctl.conf echo sysctl -w vm.max_map_count=262144 >> /etc/sysctl.conf SHELL cfg.vm.provision "reload" cfg.vm.provision "shell", inline: <<-SHELL echo "### Copy Malcolm" cp -r /vagrant/resources/malcolm /opt chown -R vagrant /opt/malcolm chgrp -R vagrant /opt/malcolm cd /opt/malcolm echo "### Install Malcolm" su -l vagrant -c "cd /opt/malcolm ; sudo -u vagrant scripts/install.py --defaults --restart-malcolm" #echo "### Configure Malcolm" #su -l vagrant -c "cd /opt/malcolm ; scripts/install.py --defaults --restart-malcolm --configure" SHELL cfg.vm.provision "reload" cfg.vm.provision "shell", inline: <<-SHELL cd /opt/malcolm echo "### Download Malcolm Containers" sudo -u vagrant docker-compose pull -q echo "### Start Malcolm" ifconfig enp0s8 promisc sed -i "s/PCAP_ENABLE_NETSNIFF.*'/PCAP_ENABLE_NETSNIFF : \'true\'/" docker-compose.yml· sed -i "s/PCAP_IFACE.*'/PCAP_IFACE : \'enp0s8\'/" /opt/malcolm/docker-compose.yml | grep PCAP sed -i "s/PCAP_ROTATE_MINUTES.*/PCAP_ROTATE_MINUTES : 1/" docker-compose.yml· screen -dm bash -c "sudo -u vagrant scripts/start" SHELL end end