nbeede / boombox Goto Github PK

View Code? Open in Web Editor NEW

231.0 231.0 38.0 186 KB

Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant

License: Mozilla Public License 2.0

PowerShell 53.99% Batchfile 6.60% Ruby 4.60% Shell 24.33% Python 10.49%

boombox's People

Contributors

Stargazers

Watchers

Forkers

gussj jbeley yupm tmcmil veanome jpressnell rythmosadvisory blue-infosec nurajbihari ivanletteri qiyeboy unlimitedzz audibleblink avineshwar wikijm mysysmon tomnookmalware chaoscalm cybersecuritycircle therealsuser mwatermolen tai-rex ggossens isoolatetest gleeda daffodi1 virminions kenuosec rwinfosec cryptoluks northshade paradoxxs crawc hartl3y94 guliqbal87 gogo2464 anshuman13 dverbeeck r00x-dev

boombox's Issues

insert malware in the vm

I want to install malware in the vm for malware analysis.

vagrant upload malware.exe C:\Users\vagrant\desktop\malware.exe

raise an error including :

Errno::ECONNREFUSED

I suggest to add an argument in order to install some files such as tools or virus for malware analysis.

Let's insert this line: https://github.com/nbeede/BoomBox/blob/master/build.ps1#L214

Update sandbox.json file to the latest packer version.

i've taken the time to update the json file to work with the latest packer version. below is the fix. I'll try to spend some time learning github to update the fix...

{
"builders": [
{
"boot_command": "",
"boot_wait": "6m",
"communicator": "winrm",
"disk_size": "{{user disk_size}}",
"floppy_files": [
"{{user autounattend}}",
"./floppy/WindowsPowershell.lnk",
"./floppy/PinTo10.exe",
"./scripts/fixnetwork.ps1",
"./scripts/MakeWindows10GreatAgain.ps1",
"./scripts/MakeWindows10GreatAgain.reg",
"./scripts/rearm-windows.ps1",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/enable-winrm.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/win-updates.ps1",
"./scripts/oracle-cert.cer"
],
"guest_additions_mode": "disable",
"guest_os_type": "Windows81_64",
"headless": false,
"iso_checksum": "{{user iso_checksum_type}}:{{user iso_checksum}}",
"iso_url": "{{user iso_url}}",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c "Packer Shutdown"",
"type": "virtualbox-iso",
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--memory",
"2048"
],
[
"modifyvm",
"{{.Name}}",
"--cpus",
"2"
]
],
"vm_name": "sandbox",
"winrm_password": "vagrant",
"winrm_timeout": "4h",
"winrm_username": "vagrant"
}
],
"post-processors": [
{
"keep_input_artifact": false,
"output": "sandbox_{{.Provider}}.box",
"type": "vagrant"
}
],
"provisioners": [
{
"execute_command": "{{ .Vars }} cmd /c "{{ .Path }}"",
"remote_path": "/tmp/script.bat",
"scripts": [
"./scripts/enable-rdp.bat"
],
"type": "windows-shell"
},
{
"scripts": [
"./scripts/debloat-windows.ps1",
"./scripts/rearm-windows.ps1",
"./scripts/MakeWindows10GreatAgain.ps1"
],
"type": "powershell"
},
{
"type": "windows-restart"
},
{
"scripts": [
"./scripts/set-powerplan.ps1",
"./scripts/docker/disable-windows-defender.ps1"
],
"type": "powershell"
},
{
"execute_command": "{{ .Vars }} cmd /c "{{ .Path }}"",
"remote_path": "/tmp/script.bat",
"scripts": [
"./scripts/pin-powershell.bat",
"./scripts/compile-dotnet-assemblies.bat",
"./scripts/set-winrm-automatic.bat",
"./scripts/compact.bat"
],
"type": "windows-shell"
}
],
"variables": {
"autounattend": "./answer_files/10/Autounattend.xml",
"disk_size": "61440",
"iso_checksum": "27e4feb9102f7f2b21ebdb364587902a70842fb550204019d1a14b120918e455",
"iso_checksum_type": "sha256",
"iso_url": "https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso"
}
}

Windows 10: Timeout waiting for restart

./build.ps1 times out whilst waiting for VM to restart even though it has restarted on virtualbox. Does not register on powershell and goes ahead and deletes & deregisters VM, has happened twice now so definitely a bug.

error while trying to build ujnder windows 11 [Deprecated configuration key: 'iso_checksum_type'.]

Checking if Packer is installed
Checking if Vagrant is installed...
Checking for pre-existing boxes...
Checking for vagrant instances...
Checking disk space...
Checking if the vagrant-reload plugin is installed
Prerequisite checks have finished.
Running Packer for sandbox
Using Packer to build the sandbox Box. This can take 90-180 minutes depending on bandwidth and hardware.
Error: Failed to prepare build: "virtualbox-iso"

1 error occurred:
* Deprecated configuration key: 'iso_checksum_type'. Please call packer fix
against your template to update your template to be compatible with the current
version of Packer. Visit https://www.packer.io/docs/commands/fix/ for more
detail.

==> Wait completed after 0 seconds

==> Builds finished but no artifacts were created.
Finished for sandbox. Got exit code: 1
packer_build_box : Something went wrong while attempting to build the sandbox box.
In C:\Users\jamy\Downloads\BoomBox-master\build.ps1:279 Zeichen:3

packer_build_box -Box 'sandbox'

+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,packer_build_box

PS C:\Users\jamy\Downloads\BoomBox-master\Packer>

Windows 10 Install - "packer_build_box : Something went wrong while attempting to build the sandbox box."

I'm doing the "./build.ps1 -ProviderName virtualbox" build and when I run

./build.ps1 -ProviderName virtualbox -PackerPath C:\Users\Me\Downloads\Compressed\packer_1.6.3_windows_amd64\packer.exe

I get the following error

Finished for sandbox. Got exit code: 1
packer_build_box : Something went wrong while attempting to build the sandbox box.
At C:\Users\kmhs1\Downloads\BoomBox\build.ps1:279 char:3
+   packer_build_box -Box sandbox
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,packer_build_box

I was having issues earlier with even loading the script in powershell due to "running scripts is disabled on this system." However I fixed that by running CMD as admin and using the command

powershell Set-ExecutionPolicy RemoteSigned

Bringing that up in case it's relevant to the first issue.

Cuckoo doesn´t work when using vagrant up

cuckoo:     Complete output from command python setup.py egg_info:
cuckoo:     Sorry, Python 3.4 or newer required
cuckoo:
cuckoo:     ----------------------------------------
cuckoo: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-9FHkRN/idna/
cuckoo: You are using pip version 8.1.1, however version 21.0.1 is available.
cuckoo: You should consider upgrading via the 'pip install --upgrade pip' command.
cuckoo: [20:00:43]: Initializing Cuckoo Config...
cuckoo: /tmp/vagrant-shell: line 60: cuckoo: command not found
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/cuckoo.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/reporting.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [Errno 2] No such file or directory: '/root/.cuckoo/conf/physical.conf'
cuckoo: [20:00:43]: Installing community packages
cuckoo: /tmp/vagrant-shell: line 78: cuckoo: command not found
cuckoo: [20:00:43]: Installing supervisord configuration
cuckoo: cp: cannot create regular file '/root/.cuckoo/supervisord.conf': No such file or directory
cuckoo: [20:00:43]: Enable supervisord in systemctl
cuckoo: Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /lib/systemd/system/supervisord.service.
cuckoo: [20:00:43]: Starting Supervisord
cuckoo: Job for supervisord.service failed because the control process exited with error code. See "systemctl status supervisord.service" and "journalctl -xe" for details.
cuckoo: [20:00:43]: Starting Cuckoo services
cuckoo: http://localhost:9001 refused connection
cuckoo: [20:00:43]: Everything has been setup correctly!

TLS Error Powershell 1.0 install_choco.ps1

Hi there,
TLS 1.0 it's used by default using powershell..
We need to add this line in install_choco.ps1 to use TLS1.2 and avoid the SSL error.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Thanks you for you work btw !

Ubuntu 18.04 (server and desktop) install fails

i've tried all i know..
i've tried ubuntu 18.04 desktop and server

what i've done:
installed clean version of ubuntu 18.04

sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y
sudo apt install git -y
sudo git clone https://github.com/nbeede/BoomBox.git

install virtualbox 5.2

sudo apt-get -y install gcc make linux-headers-$(uname -r) dkms
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian $(lsb_release -sc) contrib" >> /etc/apt/sources.list'
sudo apt-get update
sudo apt-get install virtualbox-5.2 -y
curl -O http://download.virtualbox.org/virtualbox/5.2.0/Oracle_VM_VirtualBox_Extension_Pack-5.2.0-118431.vbox-extpack
sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.0-118431.vbox-extpack

sudo ./build.sh virtualbox

sudo ./build.sh

Traceback (most recent call last):
25: from /usr/bin/vagrant:23:in <main>' 24: from /usr/bin/vagrant:23:in load'
23: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/bin/vagrant:146:in <top (required)>' 22: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/environment.rb:269:in cli'
21: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/cli.rb:46:in execute' 20: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/commands/status/command.rb:20:in execute'
19: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/plugin/v2/command.rb:212:in with_target_vms' 18: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/plugin/v2/command.rb:212:in map'
17: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/plugin/v2/command.rb:213:in block in with_target_vms' 16: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/plugin/v2/command.rb:180:in block in with_target_vms'
15: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/environment.rb:694:in machine' 14: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/vagrantfile.rb:79:in machine'
13: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/vagrantfile.rb:79:in new' 12: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/machine.rb:140:in initialize'
11: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/machine.rb:248:in communicate' 10: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/registry.rb:27:in get'
9: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/plugin.rb:15:in block in <class:Plugin>' 8: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require'
7: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require' 6: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:6:in <top (required)>'
5: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/communicator.rb:6:in require_relative' 4: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:8:in <top (required)>'
3: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/lib/vagrant/util/silence_warnings.rb:8:in silence!' 2: from /usr/share/rubygems-integration/all/gems/vagrant-2.0.2/plugins/communicators/winrm/shell.rb:9:in block in <top (required)>'
1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in require': cannot load such file -- winrm (LoadError)
You appear to have already created at least one Vagrant instance of BoomBox. This script does not support pre-created instances. Please either destroy the existing instances or follow the build steps in the README to continue.

#install vagrant and packer
sudo apt install vagrant -y
sudo apt install packer -y

#tried the packer install instructions:
sudo packer build --only=virtualbox-iso sandbox.json
virtualbox-iso output will be in this color.

==> virtualbox-iso: Downloading or copying ISO
virtualbox-iso: Downloading or copying: https://software-download.microsoft.com/download/pr/17134.1.180410-1804.rs4_release_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso
virtualbox-iso: Download progress: 1%
...
virtualbox-iso: Download progress: 100%
==> virtualbox-iso: Creating floppy disk...
virtualbox-iso: Copying files flatly from floppy_files
virtualbox-iso: Copying file: ./answer_files/10/Autounattend.xml
virtualbox-iso: Copying file: ./floppy/WindowsPowershell.lnk
virtualbox-iso: Copying file: ./floppy/PinTo10.exe
virtualbox-iso: Copying file: ./scripts/fixnetwork.ps1
virtualbox-iso: Copying file: ./scripts/MakeWindows10GreatAgain.ps1
virtualbox-iso: Copying file: ./scripts/MakeWindows10GreatAgain.reg
virtualbox-iso: Copying file: ./scripts/rearm-windows.ps1
virtualbox-iso: Copying file: ./scripts/disable-screensaver.ps1
virtualbox-iso: Copying file: ./scripts/disable-winrm.ps1
virtualbox-iso: Copying file: ./scripts/enable-winrm.ps1
virtualbox-iso: Copying file: ./scripts/microsoft-updates.bat
virtualbox-iso: Copying file: ./scripts/win-updates.ps1
virtualbox-iso: Copying file: ./scripts/oracle-cert.cer
virtualbox-iso: Done copying files from floppy_files
virtualbox-iso: Collecting paths from floppy_dirs
virtualbox-iso: Resulting paths from floppy_dirs : []
virtualbox-iso: Done copying paths from floppy_dirs
==> virtualbox-iso: Creating virtual machine...
==> virtualbox-iso: Creating hard drive...
==> virtualbox-iso: Attaching floppy disk...
==> virtualbox-iso: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 3827)
==> virtualbox-iso: Executing custom VBoxManage commands...
virtualbox-iso: Executing: modifyvm sandbox --memory 2048
virtualbox-iso: Executing: modifyvm sandbox --cpus 2
==> virtualbox-iso: Starting the virtual machine...
==> virtualbox-iso: Error starting VM: VBoxManage error: VBoxManage: error: The virtual machine 'sandbox' has terminated unexpectedly during startup with exit code 1 (0x1)
==> virtualbox-iso: VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine
==> virtualbox-iso: Unregistering and deleting virtual machine...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored: Error starting VM: VBoxManage error: VBoxManage: error: The virtual machine 'sandbox' has terminated unexpectedly during startup with exit code 1 (0x1)
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine

==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: Error starting VM: VBoxManage error: VBoxManage: error: The virtual machine 'sandbox' has terminated unexpectedly during startup with exit code 1 (0x1)
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine

#---=========================================================---
Any suggestions would be appreciated

Issue with ./build.sh

Hi there I have followed the steps in the "Manually Building BoomBox" portion on your git repo.

After running step 3. running the vagrant plugin install vagrant-reload command in step 4. caused me to have to install an earlier version of vagrant. Once I got that working when I ran step 5. the ./build.sh command reports

There is a syntax error in the following Vagrantfile. The syntax error message is reproduced below for convenience: cfg.vm.box = /Boxes/sandbox

Access cuckoo web portal from PC outside of the host machine

Hello, is there a way I access the cuckoo web portal via my PC that's on a different subnet? I want to pass through the Host Machine and open the cuckoo web portal on my PC instead of having to remote into the host machine and opening it up there.

My PC (10.10.10.10) ---> Host Machine (10.20.20.20)---> Cuckoo VM (Web Portal) (192.168.30.100)

Any help would be great! Thanks!

Failed to bring up sandbox after a reload. Exiting.

The sandbox vm is created and does a few reboots. It says "Attempting to reload and reprovision the host..." and then after a bit says "Failed to bring up sandbox after a reload. Exiting."

I see errors in the logs related powershell from vagrant:
Stderr from the command:

At C:\tmp\vagrant-shell.ps1:8 char:20
+ fix_eth1_static_ip() {
+                    ~
An expression was expected after '('.
At C:\tmp\vagrant-shell.ps1:16 char:27
+ apt_install_prerequisites() {
+                           ~
An expression was expected after '('.
At C:\tmp\vagrant-shell.ps1:38 char:25
+ configure_prerequisites() {
+                         ~
An expression was expected after '('.
At C:\tmp\vagrant-shell.ps1:47 char:16
+ install_cuckoo() {
+                ~
An expression was expected after '('.
At C:\tmp\vagrant-shell.ps1:51 char:18
+ configure_cuckoo() {
+                  ~
An expression was expected after '('.
At C:\tmp\vagrant-shell.ps1:95 char:6
+ main() {
+      ~
An expression was expected after '('.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ExpectedExpression`

pip update is required otherwise the cuckoo installation fails

After vagrant up i see:

Collecting setuptools (from jsonschema->pymisp==2.4.106->cuckoo)
  Using cached https://files.pythonhosted.org/packages/2f/8e/38259f4a44944a92068d5ff77230511a4c685604b47a81318f9e5cf2cc24/setuptools-49.2.0.zip
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "setuptools/__init__.py", line 21, in <module>
        import setuptools.version
      File "setuptools/version.py", line 1, in <module>
        import pkg_resources
      File "pkg_resources/__init__.py", line 1380
        raise SyntaxError(e) from e
                                ^
    SyntaxError: invalid syntax
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-cYz99c/setuptools/
You are using pip version 8.1.1, however version 20.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

to fix add pip install --upgrade pip in bootstrap.sh before pip install -U supervisor