diff --git a/README.md b/README.md index 94316d5..e960b88 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,13 @@ Requirements: * [VirtualBox](https://www.virtualbox.org/wiki/Downloads) * Internet connection -To build: +To build automatically: + +1. Run the build_win2008.sh script if using bash, or build_win2008.ps1 if using Windows. +2. If the command completes successfully, run 'vagrant up'. +3. When this process completes, you should be able to open the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant. + +To build manually: 1. Clone this repo and navigate to the main directory. 2. Build the base VM image by running `packer build windows_2008_r2.json`. This will take a while the first time you run it since it has to download the OS installation ISO. diff --git a/Vagrantfile b/Vagrantfile index 19fa59f..9833c53 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -64,6 +64,11 @@ Vagrant.configure("2") do |config| config.vm.provision :shell, path: "scripts/installs/install_wordpress.bat" config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + # Vulnerability - JMX + config.vm.provision :shell, path: "scripts/installs/install_openjdk6.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + config.vm.provision :shell, path: "scripts/installs/setup_jmx.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 # Configure Firewall to open up vulnerable services config.vm.provision :shell, path: "scripts/configs/configure_firewall.bat" diff --git a/build_win2008.ps1 b/build_win2008.ps1 new file mode 100644 index 0000000..fd64e71 --- /dev/null +++ b/build_win2008.ps1 @@ -0,0 +1,123 @@ +$ErrorActionPreference = "Stop" +$packerMinVersion = "0.10.0" +$vagrantMinVersion = "1.8.1" +$virtualBoxMinVersion = "5.1.0" +$vagrantreloadMinVersion = "0.0.1" + +function CompareVersions ($actualVersion, $expectedVersion, $exactMatch = $False) { + $actualVersion = $actualVersion.split(".") + $expectedVersion = $expectedVersion.split(".") + + If ($exactMatch) { + If ($actualVersion -eq $expectedVersion) { + return $True + } else { + return $False + } + } + + for($i=0; $i -le $expectedVersion.length; $i++) { + If([INT]$actualVersion[$i] -gt [INT]$expectedVersion[$i]) { + return $True + } + + If([INT]$actualVersion[$i] -lt [INT]$expectedVersion[$i]) { + return $False + } + } + return $True +} + +If ($(Test-Path "C:\Program Files\Oracle\VirtualBox\VBoxManage.exe") -eq $True) { + $vboxVersion = cmd.exe /c "C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" -v + $vboxVersion = $vboxVersion.split("r")[0] +} + +If (CompareVersions -actualVersion $vboxVersion -expectedVersion $virtualBoxMinVersion) { + Write-Host "Compatible version of VirtualBox found." +} else { + Write-Host "Could not find a compatible version of VirtualBox at C:\Program Files\Oracle\VirtualBox\. Please download and install it from https://www.virtualbox.org/wiki/Downloads." + exit +} + +$packerVersion = cmd.exe /c "packer" -v + +If (CompareVersions -actualVersion $packerVersion -expectedVersion $packerMinVersion) { + Write-Host "Compatible version of packer found." +} else { + Write-Host "Could not find a compatible version of packer. Please download it from https://www.packer.io/downloads.html and add it to your PATH." + exit +} + +If ($(Test-Path "C:\HashiCorp\Vagrant\bin\vagrant.exe") -eq $True) { + $vagrantVersion = cmd.exe /c "vagrant" -v + $vagrantVersion = $vagrantVersion.split(" ")[1] +} + +If (CompareVersions -actualVersion $vagrantVersion -expectedVersion $vagrantMinVersion -exactVersion True) { + Write-Host "Compatible version of Vagrant found." +} else { + Write-Host "Could not find a compatible version of Vagrant at C:\HashiCorp\Vagrant\bin\. At this time only $vagrantMinVersion is supported. Please download and install it from https://releases.hashicorp.com/vagrant/1.8.1/." + exit +} + +$vagrantPlugins = cmd.exe /c "vagrant plugin list" | select-string -pattern "vagrant-reload" + +If (![string]::IsNullOrEmpty($vagrantPlugins)) { + $vagrantPlugins = $vagrantPlugins.ToString().Trim() + $vagrantreloadVersion = $vagrantPlugins.Replace("(", "") + $vagrantreloadVersion = $vagrantreloadVersion.Replace(")", "") + $vagrantreloadVersion = $vagrantreloadVersion.split(" ")[1] + + If (CompareVersions -actualVersion $vagrantreloadVersion -expectedVersion $vagrantreloadMinVersion) { + Write-Host "Compatible version of vagrant-reload plugin found." + } +} else { + Write-Host "Could not find a compatible version of vagrant-reload plugin. Attempting to install..." + cmd.exe /c "vagrant plugin install vagrant-reload" + + # Hacky version of Try-Catch for non-terminating errors. + # See http://stackoverflow.com/questions/1142211/try-catch-does-not-seem-to-have-an-effect + if($?) { + Write-Host "The vagrant-reload plugin was successfully installed." + } else { + throw "Error installing vagrant-reload plugin. Please check the output above for any error messages." + } +} + +Write-Host "All requirements found. Proceeding..." + +If ($(Test-Path "windows_2008_r2_virtualbox.box") -eq $True) { + Write-Host "It looks like the Vagrant box already exists. Skipping the Packer build." +} else { + Write-Host "Building the Vagrant box..." + cmd.exe /c packer build windows_2008_r2.json + + if($?) { + Write-Host "Box successfully built by Packer." + } else { + throw "Error building the Vagrant box using Packer. Please check the output above for any error messages." + } +} + +echo "Attempting to add the box to Vagrant..." + +$vagrant_box_list = cmd.exe /c "vagrant box list" | select-string -pattern "metasploitable3" + +If ($vagrant_box_list) { $vagrant_box_list = $vagrant_box_list.ToString().Trim() } + +If ($vagrant_box_list -eq "metasploitable3") { + Write-Host "metasploitable3 already found in Vagrant box repository. Skipping the addition to Vagrant." +} else { + + cmd.exe /c vagrant box add windows_2008_r2_virtualbox.box --name metasploitable3 + + if($?) { + Write-Host "Box successfully added to Vagrant." + } else { + throw "Error adding box to Vagrant. See the above output for any error messages." + } +} + +Write-Host "SUCCESS: Run 'vagrant up' to provision and start metasploitable3." +Write-Host "NOTE: The VM will need Internet access to provision properly." \ No newline at end of file diff --git a/build_win2008.sh b/build_win2008.sh new file mode 100755 index 0000000..abf3c09 --- /dev/null +++ b/build_win2008.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +min_virtualbox_ver="5.1.0" +min_vagrant_ver="1.8.1" +min_vagrantreload_ver="0.0.1" +min_packer_ver="0.10.0" + +function compare_versions { + actual_version=$1 + expected_version=$2 + exact_match=$3 + + if $exact_match; then + if [ "$actual_version" == "$expected_version" ]; then + return 0 + else + return 1 + fi + fi + + IFS='.' read -ra actual_version <<< "$actual_version" + IFS='.' read -ra expected_version <<< "$expected_version" + + for ((i=0; i < ${#expected_version[@]}; i++)) + do + if [[ ${actual_version[$i]} -gt ${expected_version[$i]} ]]; then + return 0 + fi + + if [[ ${actual_version[$i]} -lt ${expected_version[$i]} ]]; then + return 1 + fi + done + return 0 +} + +if compare_versions $(VBoxManage -v | cut -d'r' -f1) $min_virtualbox_ver false; then + echo "Compatible version of VirtualBox found." +else + echo "A compatible version of VirtualBox was not found. Please download and install it from here: https://www.virtualbox.org/wiki/Downloads" + exit 1 +fi + +if compare_versions $(packer -v) $min_packer_ver false; then + echo 'Compatible version of packer was found.' +else + echo "A compatible version of packer was not found. Please install from here: https://www.packer.io/downloads.html" + exit 1 +fi + +if compare_versions $(vagrant -v | cut -d' ' -f2) $min_vagrant_ver true; then + echo 'Correct version of vagrant was found.' +else + echo "A compatible version of vagrant was not found. At this time only $min_vagrant_ver is supported. Please install from here: https://releases.hashicorp.com/vagrant/1.8.1/" + exit 1 +fi + +if compare_versions $(vagrant plugin list | grep 'vagrant-reload' | cut -d' ' -f2 | tr -d '(' | tr -d ')') $min_vagrantreload_ver false; then + echo 'Compatible version of vagrant-reload plugin was found.' +else + echo "A compatible version of vagrant-reload plugin was not found." + echo "Attempting to install..." + if vagrant plugin install vagrant-reload; then + echo "Successfully installed the vagrant-reload plugin." + else + echo "There was an error installing the vagrant-reload plugin. Please see the above output for more information." + exit 1 + fi +fi + +echo "All requirements found. Proceeding..." + +if ls | grep -q 'windows_2008_r2_virtualbox.box'; then + echo "It looks like the vagrant box already exists. Skipping the Packer build." +else + echo "Building the Vagrant box..." + if packer build windows_2008_r2.json; then + echo "Box successfully built by Packer." + else + echo "Error building the Vagrant box using Packer. Please check the output above for any error messages." + exit 1 + fi +fi + +echo "Attempting to add the box to Vagrant..." + +if vagrant box list | grep -q 'metasploitable3'; then + echo 'metasploitable3 already found in Vagrant box repository. Skipping the addition to Vagrant.' +else + if vagrant box add windows_2008_r2_virtualbox.box --name metasploitable3; then + echo "Box successfully added to Vagrant." + else + echo "Error adding box to Vagrant. See the above output for any error messages." + exit 1 + fi +fi + +echo "SUCCESS: Run 'vagrant up' to provision and start metasploitable3." +echo "NOTE: The VM will need Internet access to provision properly." diff --git a/resources/jmx/Hello.class b/resources/jmx/Hello.class new file mode 100755 index 0000000..38f1a64 Binary files /dev/null and b/resources/jmx/Hello.class differ diff --git a/resources/jmx/HelloMBean.class b/resources/jmx/HelloMBean.class new file mode 100755 index 0000000..8372ddf Binary files /dev/null and b/resources/jmx/HelloMBean.class differ diff --git a/resources/jmx/SimpleAgent.class b/resources/jmx/SimpleAgent.class new file mode 100755 index 0000000..db44b16 Binary files /dev/null and b/resources/jmx/SimpleAgent.class differ diff --git a/resources/jmx/jmx.exe b/resources/jmx/jmx.exe new file mode 100755 index 0000000..03846fe Binary files /dev/null and b/resources/jmx/jmx.exe differ diff --git a/resources/jmx/start_jmx.bat b/resources/jmx/start_jmx.bat new file mode 100644 index 0000000..8d0dc8a --- /dev/null +++ b/resources/jmx/start_jmx.bat @@ -0,0 +1 @@ +"C:\openjdk6\openjdk-1.6.0-unofficial-b27-windows-amd64\jre\bin\java.exe" -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1617 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false SimpleAgent \ No newline at end of file diff --git a/scripts/configs/configure_firewall.bat b/scripts/configs/configure_firewall.bat index a85bf0f..70e77e5 100644 --- a/scripts/configs/configure_firewall.bat +++ b/scripts/configs/configure_firewall.bat @@ -5,4 +5,5 @@ netsh advfirewall firewall add rule name="Open Port 80 for IIS" dir=in action=al netsh advfirewall firewall add rule name="Open Port 4848 for GlassFish" dir=in action=allow protocol=TCP localport=4848 netsh advfirewall firewall add rule name="Open Port 8080 for GlassFish" dir=in action=allow protocol=TCP localport=8080 netsh advfirewall firewall add rule name="Open Port 3389 for Remote Desktop" dir=in action=allow protocol=TCP localport=3389 -netsh advfirewall firewall add rule name="Open Port 8585 for Wordpress and phpMyAdmin" dir=in action=allow protocol=TCP localport=8585 \ No newline at end of file +netsh advfirewall firewall add rule name="Open Port 8585 for Wordpress and phpMyAdmin" dir=in action=allow protocol=TCP localport=8585 +netsh advfirewall firewall add rule name="Java 1.6 java.exe" dir=in action=allow program="C:\openjdk6\openjdk-1.6.0-unofficial-b27-windows-amd64\jre\bin\java.exe" enable=yes diff --git a/scripts/installs/install_openjdk6.bat b/scripts/installs/install_openjdk6.bat new file mode 100644 index 0000000..49d1c56 --- /dev/null +++ b/scripts/installs/install_openjdk6.bat @@ -0,0 +1,2 @@ +powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/downloads/alexkasko/openjdk-unofficial-builds/openjdk-1.6.0-unofficial-b27-windows-amd64.zip', 'C:\Windows\Temp\openjdk-1.6.0-unofficial-b27-windows-amd64.zip')"