diff --git a/README.adoc b/README.adoc index 19a6c96..63d8254 100644 --- a/README.adoc +++ b/README.adoc @@ -35,7 +35,7 @@ https://github.com/gosecure/malboxes == Requirements * Python 3.3+ -* packer: https://www.packer.io/docs/install/index.html +* https://www.packer.io/docs/install/index.html[Packer] * vagrant: https://www.vagrantup.com/downloads.html * https://www.virtualbox.org/wiki/Downloads[VirtualBox] or an vSphere / ESXi server @@ -132,7 +132,7 @@ include it in a Vagrantfile afterwards. For example: - malboxes build win10_64_analyst + malboxes build win10_x64_analyst <<_configuration,The configuration section>> contains further information about what can be configured with malboxes. @@ -140,7 +140,7 @@ what can be configured with malboxes. === Per analysis instances - malboxes spin win10_64_analyst + malboxes spin win10_x64_analyst This will create a `Vagrantfile` prepared to use for malware analysis. Move it into a directory of your choice and issue: @@ -152,7 +152,7 @@ can be changed by commenting the relevant part of the `Vagrantfile`. For example: - malboxes spin win7_32_analyst 20160519.cryptolocker.xyz + malboxes spin win7_x86_analyst 20160519.cryptolocker.xyz === To deploy on AWS (optional) diff --git a/docs/windows-licenses.adoc b/docs/windows-licenses.adoc index a82c0e8..3cfa2a6 100644 --- a/docs/windows-licenses.adoc +++ b/docs/windows-licenses.adoc @@ -10,18 +10,53 @@ If you want to use a trial version make sure you have the following in your "trial": true -=== Windows 10 32-bit +=== Windows 10 + +==== 1903 May 2019 Update (19H1) + +===== x64 + +* filename: 18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso +* sha1sum: 743FC483BB8BF1901C0534A0AE15208A5A72A3C5 +* download link: https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso + +===== x86 + +* filename: 18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso +* sha1sum: d0373ab9d590ff3d512d9e91b7e3d458026ea1c6 +* download link: https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso + + +==== 1703 Creators Update (Redstone 2) + +===== x64 + +* filename: 15063.0.170317-1834.RS2_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO +* sha1sum: 6c60f91bf0ad7b20f469ab8f80863035c517f34f +* download link: http://care.dlservice.microsoft.com/dl/download/B/8/B/B8B452EC-DD2D-4A8F-A88C-D2180C177624/15063.0.170317-1834.RS2_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO + +===== x86 + +* filename: 15063.0.170317-1834.RS2_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO +* sha1sum: 1aa6d3c4451e79e69e84118ec629ad99e2ad36e7 +* download link: http://care.dlservice.microsoft.com/dl/download/B/8/B/B8B452EC-DD2D-4A8F-A88C-D2180C177624/15063.0.170317-1834.RS2_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO + + +==== 1607 Anniversary Update (Redstone 1) + +===== x86 * filename: 14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO * sha1 checksum: 0b8e56772c71dc7bb73654c61e53998a997e1e4d * download link: http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO -=== Windows 10 64-bit +===== x64 * filename: 14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO" * sha1 checksum: a86ae3d664553cd0ee9a6bcd83a5dbe92e3dc41a * download link: http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO" + === Windows 7 32-bit * filename: 7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso diff --git a/malboxes/installconfig/windows10/Autounattend.xml b/malboxes/installconfig/windows10/Autounattend.xml index 6b86fff..7484a90 100644 --- a/malboxes/installconfig/windows10/Autounattend.xml +++ b/malboxes/installconfig/windows10/Autounattend.xml @@ -49,7 +49,7 @@ en-US Never - {{ input_locale or 'en-US' }} + {{ input_locale or 'en-US' }} en-US en-US en-US @@ -62,13 +62,20 @@ - {% if proxy %} - - 0 - true - {{ proxy }} - - {% endif %} + + en-US + en-US + en-US + en-US + en-US + + {% if proxy %} + + 0 + true + {{ proxy }} + + {% endif %} diff --git a/malboxes/installconfig/windows10_64/Autounattend.xml b/malboxes/installconfig/windows10_64/Autounattend.xml index 6b211fe..2c5eb2f 100644 --- a/malboxes/installconfig/windows10_64/Autounattend.xml +++ b/malboxes/installconfig/windows10_64/Autounattend.xml @@ -49,7 +49,7 @@ en-US Never - {{ input_locale or 'en-US' }} + {{ input_locale or 'en-US' }} en-US en-US en-US @@ -62,13 +62,20 @@ - {% if proxy %} - - 0 - true - {{ proxy }} - - {% endif %} + + en-US + en-US + en-US + en-US + en-US + + {% if proxy %} + + 0 + true + {{ proxy }} + + {% endif %} diff --git a/malboxes/malboxes.py b/malboxes/malboxes.py index 9e73b0a..40882e8 100644 --- a/malboxes/malboxes.py +++ b/malboxes/malboxes.py @@ -159,8 +159,17 @@ def prepare_packer_template(config, template_name): # write to temporary file f = create_cachefd('{}.json'.format(template_name)) - packer_config = template.render(config) # pylint: disable=no-member - f.write(packer_config) + + # load packer config as JSON + packer_config = json.loads(template.render(config)) # pylint: disable=no-member + + # merge special _malboxes key into config and get rid of it + # packer doesn't like unknown keys yet we need to pass info from template to malboxes + if packer_config.get('_malboxes'): + config.update(packer_config['_malboxes']) + packer_config.pop('_malboxes') + + json.dump(packer_config, f, indent=4) f.close() if DEBUG: @@ -544,6 +553,11 @@ def spin(parser, args): print("Vagrantfile generated. You can move it in your analysis directory " "and issue a `vagrant up` to get started with your VM.") + if config.get("windows_defender", "false") == "false" \ + and config.get("os") == "Windows10" and config.get("os_version") >= 1903: + _r = resource_stream(__name__, 'messages/defender-1903.txt') + print(_r.read().decode()) + def prepare_profile(template, config): """Converts the profile to a powershell script.""" diff --git a/malboxes/messages/defender-1903.txt b/malboxes/messages/defender-1903.txt new file mode 100644 index 0000000..4cb3da2 --- /dev/null +++ b/malboxes/messages/defender-1903.txt @@ -0,0 +1,7 @@ + +Starting with Windows 10 May 2019 Update (version 1903) Windows Defender has a Tamper Protection enabled by default. This protection is meant to be unremovable without user intervention (if you know how let us know). If you need Defender disabled it is advised that you manually disable it and then run as Administrator the batch script provided in C:\Tools of the VM. This is only required once. + +Instructions to disable Windows Defender Tamper Protection: +https://www.tenforums.com/tutorials/123792-turn-off-tamper-protection-windows-defender-antivirus.html + +Batch script to run as Administrator in the VM: C:\Tools\disable_defender.bat \ No newline at end of file diff --git a/malboxes/scripts/windows/disable_defender.bat b/malboxes/scripts/windows/disable_defender.bat new file mode 100644 index 0000000..9e53642 --- /dev/null +++ b/malboxes/scripts/windows/disable_defender.bat @@ -0,0 +1,53 @@ +@echo off +rem A modified version of the disable defender script from: https://pastebin.com/kYCVzZPz + +@echo on +rem ========================================== +rem This section will Disable Windows Defender +rem You can ignore error messages +rem 1 - Disable Real-time protection +reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f + +rem 0 - Disable Logging +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f + +rem Disable WD Tasks +schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable + +rem Disable WD systray icon +reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f +reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f + +rem Remove WD context menu +reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f +reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f +reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f + +rem Disable WD services +reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f + +rem Force success exit code +exit /b 0 +rem ========================================== \ No newline at end of file diff --git a/malboxes/scripts/windows/disable_defender.ps1 b/malboxes/scripts/windows/disable_defender.ps1 deleted file mode 100644 index 179b385..0000000 --- a/malboxes/scripts/windows/disable_defender.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -# Disable Windows Defender on Windows 10 -Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1 - -# Disable Windows Defender cloud protection and automatic sample submission -$spynet = "HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet" - -If (!(Test-Path $spynet)) { - New-Item -Path $spynet -Force | Out-Null -} - -Set-ItemProperty -Path $spynet -Name "SpynetReporting" -Type DWord -Value 0 -Set-ItemProperty -Path $spynet -Name "SubmitSamplesConsent" -Type DWord -Value 2 \ No newline at end of file diff --git a/malboxes/templates/snippets/provision_powershell.json b/malboxes/templates/snippets/provision_win10_common.json similarity index 73% rename from malboxes/templates/snippets/provision_powershell.json rename to malboxes/templates/snippets/provision_win10_common.json index fcd5b30..91936b4 100644 --- a/malboxes/templates/snippets/provision_powershell.json +++ b/malboxes/templates/snippets/provision_win10_common.json @@ -1,9 +1,19 @@ +{% if not windows_defender == "true" %} + { + "type": "windows-shell", + "script": "{{ dir }}/scripts/windows/disable_defender.bat" + }, + { + "type": "file", + "source": "{{ dir }}/scripts/windows/disable_defender.bat", + "destination": "C:\\Tools\\disable_defender.bat" + }, +{% endif %} { "type": "powershell", "scripts": [ "{{ dir }}/scripts/windows/allow-WinRM-public.ps1", {% if not windows_updates == "true" %}"{{ dir }}/scripts/windows/disable_auto-updates.ps1",{% endif %} - {% if not windows_defender == "true" %}"{{ dir }}/scripts/windows/disable_defender.ps1",{% endif %} {% if hypervisor == "virtualbox" %} "{{ dir }}/scripts/windows/vmtools.ps1", {% endif %} diff --git a/malboxes/templates/snippets/provision_powershell_win7.json b/malboxes/templates/snippets/provision_win7_common.json similarity index 88% rename from malboxes/templates/snippets/provision_powershell_win7.json rename to malboxes/templates/snippets/provision_win7_common.json index 923509a..9368b31 100644 --- a/malboxes/templates/snippets/provision_powershell_win7.json +++ b/malboxes/templates/snippets/provision_win7_common.json @@ -1,9 +1,14 @@ {# Needed a different provision script due to chocolatey / .Net 4.0 install issues on Windows 7 (gh#59) #} +{% if not windows_defender == "true" %} + { + "type": "windows-shell", + "script": "{{ dir }}/scripts/windows/disable_defender.bat" + }, +{% endif %} { "type": "powershell", "scripts": [ {% if not windows_updates == "true" %}"{{ dir }}/scripts/windows/disable_auto-updates.ps1",{% endif %} - {% if not windows_defender == "true" %}"{{ dir }}/scripts/windows/disable_defender.ps1",{% endif %} {% if hypervisor == "virtualbox" %} "{{ dir }}/scripts/windows/vmtools.ps1", {% endif %} diff --git a/malboxes/templates/win10_64_analyst.json b/malboxes/templates/snippets/win10_x64_analyst.json similarity index 73% rename from malboxes/templates/win10_64_analyst.json rename to malboxes/templates/snippets/win10_x64_analyst.json index d8c1a5e..0a971a6 100644 --- a/malboxes/templates/win10_64_analyst.json +++ b/malboxes/templates/snippets/win10_x64_analyst.json @@ -10,10 +10,10 @@ {% endif %} "iso_urls": [ - "file://{{ iso_path }}/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO", - "http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO" + "file://{{ iso_path }}/{{ iso_filename }}", + "{{ iso_url }}" ], - "iso_checksum": "a86ae3d664553cd0ee9a6bcd83a5dbe92e3dc41a", + "iso_checksum": "{{ iso_checksum }}", "iso_checksum_type": "sha1", "floppy_files": [ @@ -30,7 +30,7 @@ "provisioners": [ - {% include 'snippets/provision_powershell.json' %} + {% include 'snippets/provision_win10_common.json' %} {% if tools_path %}, {% include 'snippets/tools.json' %} @@ -45,4 +45,3 @@ {% endfor %} {% endif %} ] -} diff --git a/malboxes/templates/win10_32_analyst.json b/malboxes/templates/snippets/win10_x86_analyst.json similarity index 69% rename from malboxes/templates/win10_32_analyst.json rename to malboxes/templates/snippets/win10_x86_analyst.json index e7077d4..b607071 100644 --- a/malboxes/templates/win10_32_analyst.json +++ b/malboxes/templates/snippets/win10_x86_analyst.json @@ -10,10 +10,10 @@ {% endif %} "iso_urls": [ - "file://{{ iso_path }}/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO", - "http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO" + "file://{{ iso_path }}/{{ iso_filename }}", + "{{ iso_url }}" ], - "iso_checksum": "0b8e56772c71dc7bb73654c61e53998a997e1e4d", + "iso_checksum": "{{ iso_checksum }}", "iso_checksum_type": "sha1", "floppy_files": [ @@ -28,7 +28,7 @@ "provisioners": [ - {% include 'snippets/provision_powershell.json' %} + {% include 'snippets/provision_win10_common.json' %} {% if tools_path %}, {% include 'snippets/tools.json' %} @@ -42,4 +42,3 @@ {% endfor %} {% endif %} ] -} diff --git a/malboxes/templates/win10_1607_x64_analyst.json b/malboxes/templates/win10_1607_x64_analyst.json new file mode 100644 index 0000000..405d594 --- /dev/null +++ b/malboxes/templates/win10_1607_x64_analyst.json @@ -0,0 +1,6 @@ +{% set iso_filename = '14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO' %} +{% set iso_url = 'http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X64FRE_EN-US.ISO' %} +{% set iso_checksum = 'a86ae3d664553cd0ee9a6bcd83a5dbe92e3dc41a' %} +{% include 'snippets/win10_x64_analyst.json' %} + , "_malboxes": {"os": "Windows10", "os_version": 1607} +} \ No newline at end of file diff --git a/malboxes/templates/win10_1607_x86_analyst.json b/malboxes/templates/win10_1607_x86_analyst.json new file mode 100644 index 0000000..91c2fb8 --- /dev/null +++ b/malboxes/templates/win10_1607_x86_analyst.json @@ -0,0 +1,6 @@ +{% set iso_filename = '14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO' %} +{% set iso_url = 'http://download.microsoft.com/download/2/5/4/254230E8-AEA5-43C5-94F6-88CE222A5846/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISEEVAL_OEMRET_X86FRE_EN-US.ISO' %} +{% set iso_checksum = '0b8e56772c71dc7bb73654c61e53998a997e1e4d' %} +{% include 'snippets/win10_x86_analyst.json' %} + , "_malboxes": {"os": "Windows10", "os_version": 1607} +} \ No newline at end of file diff --git a/malboxes/templates/win10_1903_x64_analyst.json b/malboxes/templates/win10_1903_x64_analyst.json new file mode 100644 index 0000000..a90053a --- /dev/null +++ b/malboxes/templates/win10_1903_x64_analyst.json @@ -0,0 +1,6 @@ +{% set iso_filename = '18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso' %} +{% set iso_url = 'https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso' %} +{% set iso_checksum = '743FC483BB8BF1901C0534A0AE15208A5A72A3C5' %} +{% include 'snippets/win10_x64_analyst.json' %} + , "_malboxes": {"os": "Windows10", "os_version": 1903} +} \ No newline at end of file diff --git a/malboxes/templates/win10_1903_x86_analyst.json b/malboxes/templates/win10_1903_x86_analyst.json new file mode 100644 index 0000000..bd50f1d --- /dev/null +++ b/malboxes/templates/win10_1903_x86_analyst.json @@ -0,0 +1,6 @@ +{% set iso_filename = '18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso' %} +{% set iso_url = 'https://software-download.microsoft.com/download/pr/18362.30.190401-1528.19h1_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso' %} +{% set iso_checksum = 'd0373ab9d590ff3d512d9e91b7e3d458026ea1c6' %} +{% include 'snippets/win10_x86_analyst.json' %} + , "_malboxes": {"os": "Windows10", "os_version": 1903} +} \ No newline at end of file diff --git a/malboxes/templates/win10_x64_analyst.json b/malboxes/templates/win10_x64_analyst.json new file mode 100644 index 0000000..1ca3609 --- /dev/null +++ b/malboxes/templates/win10_x64_analyst.json @@ -0,0 +1 @@ +{% include 'win10_1903_x64_analyst.json' %} diff --git a/malboxes/templates/win10_x86_analyst.json b/malboxes/templates/win10_x86_analyst.json new file mode 100644 index 0000000..0b78cfc --- /dev/null +++ b/malboxes/templates/win10_x86_analyst.json @@ -0,0 +1 @@ +{% include 'win10_1903_x86_analyst.json' %} diff --git a/malboxes/templates/win7_64_analyst.json b/malboxes/templates/win7_x64_analyst.json similarity index 96% rename from malboxes/templates/win7_64_analyst.json rename to malboxes/templates/win7_x64_analyst.json index eeeaf33..9e5266f 100644 --- a/malboxes/templates/win7_64_analyst.json +++ b/malboxes/templates/win7_x64_analyst.json @@ -31,7 +31,7 @@ "provisioners": [ - {% include 'snippets/provision_powershell_win7.json' %} + {% include 'snippets/provision_win7_common.json' %} {% if tools_path %}, {% include 'snippets/tools.json' %} diff --git a/malboxes/templates/win7_32_analyst.json b/malboxes/templates/win7_x86_analyst.json similarity index 96% rename from malboxes/templates/win7_32_analyst.json rename to malboxes/templates/win7_x86_analyst.json index 31e7ed1..19c0a95 100644 --- a/malboxes/templates/win7_32_analyst.json +++ b/malboxes/templates/win7_x86_analyst.json @@ -31,7 +31,7 @@ "provisioners": [ - {% include 'snippets/provision_powershell_win7.json' %} + {% include 'snippets/provision_win7_common.json' %} {% if tools_path %}, {% include 'snippets/tools.json' %} diff --git a/tests/smoke/Dockerfile b/tests/smoke/Dockerfile index 521e937..04c7c30 100644 --- a/tests/smoke/Dockerfile +++ b/tests/smoke/Dockerfile @@ -4,8 +4,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certifi curl -sSL https://www.virtualbox.org/download/oracle_vbox_2016.asc | apt-key add - && \ echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list && \ apt-get update && apt-get install -y --no-install-recommends virtualbox-5.2 module-init-tools python3 python3-pip python3-setuptools wget unzip bash git && \ - wget https://releases.hashicorp.com/packer/1.3.1/packer_1.3.1_linux_amd64.zip && unzip packer_1.3.1_linux_amd64.zip -d packer && \ - mv packer/packer /usr/local/bin/ && chmod a+x /usr/local/bin/packer && rm packer_1.3.1_linux_amd64.zip && rmdir packer + wget https://releases.hashicorp.com/packer/1.4.3/packer_1.4.3_linux_amd64.zip && unzip packer_1.4.3_linux_amd64.zip -d packer && \ + mv packer/packer /usr/local/bin/ && chmod a+x /usr/local/bin/packer && rm packer_1.4.3_linux_amd64.zip && rmdir packer # Enable this RUN statement when you need to connect to the VRDP server of the VM to troubleshoot issues