mandiant
Initial addition of packer scripts. Windows 1809 Only
Opening this up as a draft PR to encourage some more discussions.
Right now there is still no solid way to disable Windows Defender with 2004 (20H1). Right now this will be a build using 1809. I do not expect this to be merged until more discussions have been had about templates/approaches.
- I see that you are waiting for a bunch of powershell scripts to complete, is this because you are letting the automated installation that comes with the commando-vm project take it's course in it's installation process?
Yeah mostly this is because I didn't want to deconstruct how the boxstarter process works. If we want to, then would end up creating a much heavier maintenance headache for the project going forward. If the project as a whole was to shift away from the boxstarter usage, then all of the waits should be able to disappear completely.
- what are the three different packer templates for?
So each one of those templates represent a particular "state that a user might want to get to. 1 takes an ISO to a basic Windows 10 install and stops. Another takes an existing snapshot state and "applies" the CommandoVM settings to it. The final one combines both stages into 1 build
- also, what is the flow someone would normally use them in?
Normal flows are kinda explained above but it would be used like so:
- I have no VM available but I want to make some customizations before configuring a VM for CommandoVM usage
- use
win10_1809_iso_to_base.jsonto make the initial VM and then halt before making a CommandoVM image
- use
- I have a VM and I am ready to turn it into a CommandoVM image. (assume here this user has renamed the needed user/pass to what the scripts expect)
- use
win10_1809_snapshot_to_finish.jsonto use the snapshot make a CommandoVM image, and then halt.
- use
- I have no VM available and I don't care to make any settings changes before the VM becomes a CommandoVM
- use
win10_1809_iso_to_finish.jsonto make a CommandoVM image from "scratch", and then halt.
- use
- I see that you are waiting for a bunch of powershell scripts to complete, is this because you are letting the automated installation that comes with the commando-vm project take it's course in it's installation process?
Yeah mostly this is because I didn't want to deconstruct how the boxstarter process works. If we want to, then would end up creating a much heavier maintenance headache for the project going forward. If the project as a whole was to shift away from the boxstarter usage, then all of the waits should be able to disappear completely.
Ya, I don't think that is necessary for now ( especially since this is the first iteration of the packer build ), and we can eventually figure out the long term plan for how @day1player sees this going. I think for now this will work perfectly fine and fits well with the current provisioning scheme of the project.
- what are the three different packer templates for?
So each one of those templates represent a particular "state that a user might want to get to. 1 takes an ISO to a basic Windows 10 install and stops. Another takes an existing snapshot state and "applies" the CommandoVM settings to it. The final one combines both stages into 1 build
very cool :grin:
- also, what is the flow someone would normally use them in?
Normal flows are kinda explained above but it would be used like so:
* I have no VM available but I want to make some customizations before configuring a VM for CommandoVM usage * use `win10_1809_iso_to_base.json` to make the initial VM and then halt before making a CommandoVM image * I have a VM and I am ready to turn it into a CommandoVM image. (assume here this user has renamed the needed user/pass to what the scripts expect) * use `win10_1809_snapshot_to_finish.json` to use the snapshot make a CommandoVM image, and then halt. * I have no VM available and I don't care to make any settings changes before the VM becomes a CommandoVM * use `win10_1809_iso_to_finish.json` to make a CommandoVM image from "scratch", and then halt.
awesome, that make sense. I might try and contribute a pull request either after it is merged or to your branch for trying to add a README.md to help explain these points inside the folder (since you have done all the code :slightly_smiling_face: ) and might try and come up with a powershell script that helps walk people through choosing one of the options & making sure they have everything they need (like the metasploitable 3 scripts). So that way it is less intimidating for people to try and do builds with packer, but can just run a powershell script that has the built out commands already made for them.
I went to try and build the
win10_1809_virtualbox_iso_to_finish.json, and could not get it to complete. It kept failing on themklinkcommand.This was towards the end of the packer output (where it output the error text):
==> virtualbox-iso: Pausing 5m0s before the next provisioner... ==> virtualbox-iso: Provisioning with windows-shell... ==> virtualbox-iso: Provisioning with shell script: /tmp/windows-shell-provisioner587656433 virtualbox-iso: ==> virtualbox-iso: The syntax of the command is incorrect. virtualbox-iso: C:\Users\vagrant>mklink 'C:\ProgramData\Microsoft\Windows Defender:omgwtfbbq' '\??\NUL' ==> virtualbox-iso: Provisioning step had errors: Running the cleanup provisioner, if present... ==> virtualbox-iso: Cleaning up floppy disk... ==> virtualbox-iso: Deregistering and deleting VM... ==> virtualbox-iso: Deleting output directory... Build 'virtualbox-iso' errored after 22 minutes 47 seconds: Script exited with non-zero exit status: 1.Allowed exit codes are: [0] ==> Wait completed after 22 minutes 47 seconds ==> Some builds didn't complete successfully and had errors: --> virtualbox-iso: Script exited with non-zero exit status: 1.Allowed exit codes are: [0]and here is me running the command in the vm manually before it failed once:
Again, I am not a powershell person, so maybe there is something that I am doing wrong, but I didn't make any modifications.
Oh you're probably not doing anything wrong. I'll try and tinker with this tomorrow afternoon.
Hello @geo-lit ,
I was curious were we missing a bunch of commits or was this closed because of how long it's been? There hasn't been a commit to the master/main branch in 2 years, so I don't think our PR was too stale, was it?
Also, I think we were pretty close to getting this work IIRC. If we/I picked this back up to carry it over the finish line (I'd personally completely forgot about it 😅). Is that something that would get merged?
@elreydetoda we are overhauling the project! We've started some new branches and got some more devs involved. @geo-lit is one of the guys helping out. We are triaging all of our issues and existing PRs currently, as well as figuring out better ways for community involvment. The work you've done here is going to be valuable going forward but given the changes we are planning to make we're not sure this will work. There havent been any commits to this repo aside from what we're working on in the new branches. We're planning a rebuild for Commando similar to how Flare-VM was just recently updated. Feel free to hit me up in the BH slack again and we can figure out a way to get this stuff included in the new version.
That sounds awesome @day1player! I love that @mandiant is taking this more community based approach! 🥳
I also definitely love to help make this packer automated build work for commando-vm. I've used it a little bit with some 99% completed builds and it's super slick to adjust port forwarding, snapshots, and specs just via a file or through the vagrant CLI 😁 (especially in a headless setting).
Also, packer is moving to using an HCL templating language, which has some pretty powerful feature, so when working towards building that in now we can use that so it's more future proof. Plus if you're planning on doing the how install script (+ cli version) approach like Flare is as well that'd probably make things easier for different types of builds during packer.
Feel free to hit me up in the BH slack again and we can figure out a way to get this stuff included in the new version.
Sure, would you prefer a DM or in the commando-vm channel?
Yep that is what we are planning on doing. I think the commando-vm channel would be good, more people will probably chime in that way. I am getting the other devs added as well.