diff --git a/Commando.png b/Commando.png index 4b5d8b4..83118e1 100644 Binary files a/Commando.png and b/Commando.png differ diff --git a/README.md b/README.md index 9f56189..3cbd0b4 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ \/ \/ \/ \/ \/ \/ C O M P L E T E M A N D I A N T O F F E N S I V E V M - Version 1.0 + Version 1.1 _____________________________________________________ Developed by @@ -67,7 +67,6 @@ Type the following command to update all of the packages to the most recent vers cup all - Installed Tools =============== @@ -89,12 +88,15 @@ Installed Tools - Java - Python 2 - Python 3 (default) +- Ruby +- Ruby Devkit - Visual Studio 2017 Build Tools (Windows 10) - Visual Studio Code ### Evasion - CheckPlease - Demiguise +- DefenderCheck - DotNetToJScript - Invoke-CradleCrafter - Invoke-DOSfuscation @@ -114,6 +116,7 @@ Installed Tools - CrackMapExec - CrackMapExecWin - DAMP +- EvilClippy - Exchange-AD-Privesc - FuzzySec's PowerShell-Suite - FuzzySec's Sharp-Suite @@ -149,6 +152,7 @@ Installed Tools - PrivExchange - Ruler - SharpExchangePriv +- SharpExec - SpoolSample - UACME - impacket-examples-windows @@ -160,6 +164,7 @@ Installed Tools - ADOffline - ADRecon - BloodHound +- dnsrecon - Get-ReconInfo - GoWitness - Nmap @@ -235,8 +240,10 @@ Installed Tools - yEd Graph Tool ### Vulnerability Analysis +- AD Control Paths - Egress-Assess - Grouper2 +- NtdsAudit - zBang ### Web Applications @@ -244,12 +251,34 @@ Installed Tools - Fiddler - Firefox - OWASP Zap +- Subdomain-Bruteforce ### Wordlists - FuzzDB - PayloadsAllTheThings - SecLists +## Changelog: +1.1 - April 30 2019 +- Added AD-Control-Paths https://github.com/ANSSI-FR/AD-control-paths/releases +- Added DefenderCheck https://github.com/matterpreter/DefenderCheck +- Added dnsrecon https://github.com/darkoperator/dnsrecon +- Added EvilClippy https://github.com/outflanknl/EvilClippy +- Added NtdsAudit https://github.com/Dionach/NtdsAudit +- Added SharpExec https://github.com/anthemtotheego/SharpExec +- Added Subdomain-Bruteforce https://github.com/visualbasic6/subdomain-bruteforce +- Fixed issue #18 with PATH +- Added Commando Logos with transparent backgrounds to $Home\Pictures +- Pinned Firefox to Taskbar +- Fixed misspellings in Readme #42/#43 +- Added Ruby and Ruby Devkit #1 +- Updated Rubeus package to current version (1.4.2) #31 + +1.0.2 - April 10 2019 +- Added missing 'seclists.fireeye' package to packages.json + +1.0.1 - March 31 2019 +- Used https instead of http to install boxstarter Legal Notice ============ @@ -366,5 +395,7 @@ http://www.gnu.org/copyleft/gpl.html https://github.com/x64dbg/x64dbg/blob/development/LICENSE https://www.yworks.com/products/yed/license.html http://www.apache.org/licenses/LICENSE-2.0 +https://github.com/Dionach/NtdsAudit/blob/master/LICENSE +https://github.com/ANSSI-FR/AD-control-paths/blob/master/LICENSE.txt \ No newline at end of file diff --git a/commandovm.win10.config.fireeye/commandovm.win10.config.fireeye.nuspec b/commandovm.win10.config.fireeye/commandovm.win10.config.fireeye.nuspec index b9f6e5b..30be4fa 100644 --- a/commandovm.win10.config.fireeye/commandovm.win10.config.fireeye.nuspec +++ b/commandovm.win10.config.fireeye/commandovm.win10.config.fireeye.nuspec @@ -2,7 +2,7 @@ commandovm.win10.config.fireeye - 1.0.0.2 + 1.0.0.3 CommandoVM Jake Barteaux CommandoVM - Penetration Testing Distribution diff --git a/commandovm.win10.config.fireeye/tools/CommandoVMLogos.7z b/commandovm.win10.config.fireeye/tools/CommandoVMLogos.7z new file mode 100644 index 0000000..5719591 Binary files /dev/null and b/commandovm.win10.config.fireeye/tools/CommandoVMLogos.7z differ diff --git a/commandovm.win10.config.fireeye/tools/chocolateyinstall.ps1 b/commandovm.win10.config.fireeye/tools/chocolateyinstall.ps1 index b7bd0a0..f5e7c0c 100644 --- a/commandovm.win10.config.fireeye/tools/chocolateyinstall.ps1 +++ b/commandovm.win10.config.fireeye/tools/chocolateyinstall.ps1 @@ -144,6 +144,12 @@ $backgroundzip = 'Backgrounds.7z' $backgrounds = Join-Path $toolsDir $backgroundzip Invoke-Expression "copy $backgrounds ${Env:USERPROFILE}\Pictures" Write-Host "`t[+] Alternative backgrounds copied to ${Env:USERPROFILE}\Pictures" -ForegroundColor Yellow +# Copy Logos +$backgroundzip = 'CommandoVMLogos.7z' +$backgrounds = Join-Path $toolsDir $backgroundzip +Invoke-Expression "copy $backgrounds ${Env:USERPROFILE}\Pictures" +Write-Host "`t[+] Commando logos copied to ${Env:USERPROFILE}\Pictures" -ForegroundColor Yellow + foreach ($item in "0", "1", "2") { # Try to set it multiple times! Windows 10 is not consistent if ((Test-Path $publicWallpaper) -eq $false) @@ -164,6 +170,30 @@ $fileReadme = Join-Path $toolsDir 'readme.txt' $desktopReadme = Join-Path ${Env:USERPROFILE} "Desktop\README.txt" Copy-Item $fileReadme $desktopReadme +# Fix PATH issues with Python installers #18 +$paths = @( + "${Env:HomeDrive}\\Python37\\Scripts", + "${Env:HomeDrive}\\Python37", + "${Env:HomeDrive}\\Python27\\Scripts", + "${Env:HomeDrive}\\Python27" +) + +$env_path = cmd /c echo %PATH% +if ($env_path[-1] -ne ';') { + $env_path += ';' +} +$old_path = $env_path +foreach ($p in $paths) { + if ($env_path -match "$p[\\]{0,1};") { + $env_path = $env_path -replace "$p[\\]{0,1};","" + $env_path += $p.Replace("\\","\") + ";" + } +} + +if ($env_path -ne $old_path) { + setx /M PATH $env_path + refreshenv +} # Remove desktop.ini files Get-ChildItem -Path (Join-Path ${Env:UserProfile} "Desktop") -Hidden -Filter "desktop.ini" -Force | foreach {$_.Delete()} diff --git a/commandovm.win10.config.fireeye/tools/readme.txt b/commandovm.win10.config.fireeye/tools/readme.txt index bddab56..65499fa 100644 --- a/commandovm.win10.config.fireeye/tools/readme.txt +++ b/commandovm.win10.config.fireeye/tools/readme.txt @@ -6,14 +6,13 @@ \/ \/ \/ \/ \/ \/ C O M P L E T E M A N D I A N T O F F E N S I V E V M - Version 1.0 + Version 1.1 _____________________________________________________ Developed by Jake Barteaux Proactive Services - Blaine Stancill - FireEye Labs Advanced Reverse Engineering + Blaine Stancill Nhan Huynh FireEye Labs Advanced Reverse Engineering ______________________________________________________________________________ @@ -25,7 +24,8 @@ Please make sure to take a snapshot after installing so you can always revert back if you have issues. This image has the Chocolatey package manager installed, and you can continue to -customize this machine with any package from the Chocolatey repository. +customize this machine with any package from the Chocolatey repository - +https://chocolatey.org/packages. Try this: choco install github @@ -35,14 +35,31 @@ Or: To keep this distribution up to date, type this into an Administrative terminal: cup all - -This machine now has the Windows package manager Chocolatey installed. For -information on tools available to install, check out chocolatey.org/packages - As this is a Red Teaming and Penetration Testing build certain protections have been disabled, and certain 'risky' features and tweaks have been enabled. -Please enjoy the VM and submit any feedback or feature reqeuests as github +Please enjoy the VM and submit any feedback or feature requests as github issues here: -https://github.com/fireeye/commandovm +https://github.com/fireeye/commando-vm + +Changelog: +1.1 - April 30 2019 +- Added AD-Control-Paths https://github.com/ANSSI-FR/AD-control-paths/releases +- Added DefenderCheck https://github.com/matterpreter/DefenderCheck +- Added dnsrecon https://github.com/darkoperator/dnsrecon +- Added EvilClippy https://github.com/outflanknl/EvilClippy +- Added NtdsAudit https://github.com/Dionach/NtdsAudit +- Added SharpExec https://github.com/anthemtotheego/SharpExec +- Added Subdomain-Bruteforce https://github.com/visualbasic6/subdomain-bruteforce +- Fixed issue #18 with PATH +- Added Commando Logos with transparent backgrounds to $Home\Pictures +- Pinned Firefox to Taskbar +- Fixed misspellings in (this) Readme #42/#43 +- Added Ruby and Ruby Devkit #1 +- Updated Rubeus package to current version (1.4.2) #31 + +1.0.2 - April 10 2019 +- Added missing 'seclists.fireeye' package to packages.json +1.0.1 - March 31 2019 +- Used https instead of http to install boxstarter diff --git a/commandovm.win10.installer.fireeye/commandovm.win10.installer.fireeye.nuspec b/commandovm.win10.installer.fireeye/commandovm.win10.installer.fireeye.nuspec index b494de7..b34626d 100644 --- a/commandovm.win10.installer.fireeye/commandovm.win10.installer.fireeye.nuspec +++ b/commandovm.win10.installer.fireeye/commandovm.win10.installer.fireeye.nuspec @@ -2,7 +2,7 @@ commandovm.win10.installer.fireeye - 1.0.1.3 + 1.0.1.4 CommandoVM Jake Barteaux CommandoVM - Penetration Testing Distribution diff --git a/commandovm.win10.installer.fireeye/tools/packages.json b/commandovm.win10.installer.fireeye/tools/packages.json index 769dfef..59292c4 100644 --- a/commandovm.win10.installer.fireeye/tools/packages.json +++ b/commandovm.win10.installer.fireeye/tools/packages.json @@ -20,6 +20,8 @@ {"name": "python3"}, {"name": "golang"}, {"name": "dep"}, + {"name": "ruby"}, + {"name": "ruby2.devkit"}, {"name": "adexplorer.fireeye"}, {"name": "rsat.fireeye"}, {"name": "tortoisesvn"}, @@ -76,6 +78,7 @@ }, {"name": "burp.free.fireeye"}, {"name": "kali_windowsbinaries.fireeye"}, + {"name": "unxUtils"}, {"name": "ADACLScanner.fireeye"}, {"name": "ADAPE-Script.fireeye"}, @@ -104,7 +107,6 @@ "name": "gowitness.fireeye", "x64Only": true }, - {"name": "Grouper2.fireeye"}, {"name": "impacket.fireeye"}, {"name": "impacket-examples-windows.fireeye"}, @@ -171,6 +173,13 @@ {"name": "WMIOps.fireeye"}, {"name": "zBang.fireeye"}, {"name": "Elite.fireeye"}, + {"name": "ad-control-paths.fireeye"}, + {"name": "defendercheck.fireeye"}, + {"name": "dnsrecon.fireeye"}, + {"name": "EvilClippy.fireeye"}, + {"name": "NtdsAudit.fireeye"}, + {"name": "SharpExec.fireeye"}, + {"name": "subdomain-bruteforce.fireeye"}, {"name": "openvpn.fireeye", "args":"--parameters \'/SELECT_SHORTCUTS=0 /SELECT_LAUNCH=0\'"} ] } \ No newline at end of file diff --git a/commandovm.win7.config.fireeye/commandovm.win7.config.fireeye.nuspec b/commandovm.win7.config.fireeye/commandovm.win7.config.fireeye.nuspec index f8f5a4b..cee083e 100644 --- a/commandovm.win7.config.fireeye/commandovm.win7.config.fireeye.nuspec +++ b/commandovm.win7.config.fireeye/commandovm.win7.config.fireeye.nuspec @@ -2,7 +2,7 @@ commandovm.win7.config.fireeye - 1.0.0.2 + 1.0.0.3 CommandoVM Jake Barteaux CommandoVM - Penetration Testing Distribution diff --git a/commandovm.win7.config.fireeye/tools/CommandoVMLogos.7z b/commandovm.win7.config.fireeye/tools/CommandoVMLogos.7z new file mode 100644 index 0000000..5719591 Binary files /dev/null and b/commandovm.win7.config.fireeye/tools/CommandoVMLogos.7z differ diff --git a/commandovm.win7.config.fireeye/tools/chocolateyinstall.ps1 b/commandovm.win7.config.fireeye/tools/chocolateyinstall.ps1 index cef3df4..bc3aa83 100644 --- a/commandovm.win7.config.fireeye/tools/chocolateyinstall.ps1 +++ b/commandovm.win7.config.fireeye/tools/chocolateyinstall.ps1 @@ -236,6 +236,12 @@ $backgroundzip = 'Backgrounds.7z' $backgrounds = Join-Path $toolsDir $backgroundzip Invoke-Expression "copy $backgrounds ${Env:USERPROFILE}\Pictures" Write-Host "`t[+] Alternative backgrounds copied to ${Env:USERPROFILE}\Pictures" -ForegroundColor Yellow +# Copy Logos +$backgroundzip = 'CommandoVMLogos.7z' +$backgrounds = Join-Path $toolsDir $backgroundzip +Invoke-Expression "copy $backgrounds ${Env:USERPROFILE}\Pictures" +Write-Host "`t[+] Commando logos copied to ${Env:USERPROFILE}\Pictures" -ForegroundColor Yellow + foreach ($item in "0", "1", "2") { # Try to set it multiple times! Windows 10 is not consistent if ((Test-Path $publicWallpaper) -eq $false) @@ -260,6 +266,30 @@ $fileReadme = Join-Path $toolsDir 'readme.txt' $desktopReadme = Join-Path ${Env:USERPROFILE} "Desktop\README.txt" Copy-Item $fileReadme $desktopReadme +# Fix PATH issues with Python installers #18 +$paths = @( + "${Env:HomeDrive}\\Python37\\Scripts", + "${Env:HomeDrive}\\Python37", + "${Env:HomeDrive}\\Python27\\Scripts", + "${Env:HomeDrive}\\Python27" +) + +$env_path = cmd /c echo %PATH% +if ($env_path[-1] -ne ';') { + $env_path += ';' +} +$old_path = $env_path +foreach ($p in $paths) { + if ($env_path -match "$p[\\]{0,1};") { + $env_path = $env_path -replace "$p[\\]{0,1};","" + $env_path += $p.Replace("\\","\") + ";" + } +} + +if ($env_path -ne $old_path) { + setx /M PATH $env_path + refreshenv +} # Remove desktop.ini files Get-ChildItem -Path (Join-Path ${Env:UserProfile} "Desktop") -Hidden -Filter "desktop.ini" -Force | foreach {$_.Delete()} diff --git a/commandovm.win7.config.fireeye/tools/readme.txt b/commandovm.win7.config.fireeye/tools/readme.txt index 0e314ed..8a8374b 100644 --- a/commandovm.win7.config.fireeye/tools/readme.txt +++ b/commandovm.win7.config.fireeye/tools/readme.txt @@ -6,14 +6,13 @@ \/ \/ \/ \/ \/ \/ C O M P L E T E M A N D I A N T O F F E N S I V E V M - Version 1.0 + Version 1.1 _____________________________________________________ Developed by Jake Barteaux Proactive Services - Blaine Stancill - FireEye Labs Advanced Reverse Engineering + Blaine Stancill Nhan Huynh FireEye Labs Advanced Reverse Engineering ______________________________________________________________________________ @@ -25,7 +24,8 @@ Please make sure to take a snapshot after installing so you can always revert back if you have issues. This image has the Chocolatey package manager installed, and you can continue to -customize this machine with any package from the Chocolatey repository. +customize this machine with any package from the Chocolatey repository - +https://chocolatey.org/packages. Try this: choco install github @@ -35,13 +35,31 @@ Or: To keep this distribution up to date, type this into an Administrative terminal: cup all -This machine now has the Windows package manager Chocolatey installed. For -information on tools available to install, check out chocolatey.org/packages - -Note: As this is a Red Teaming and Penetration Testing build certain protections have +As this is a Red Teaming and Penetration Testing build certain protections have been disabled, and certain 'risky' features and tweaks have been enabled. -Please enjoy the VM and submit any feedback or feature reqeuests as github +Please enjoy the VM and submit any feedback or feature requests as github issues here: -https://github.com/fireeye/commandovm +https://github.com/fireeye/commando-vm + +Changelog: +1.1 - April 30 2019 +- Added AD-Control-Paths https://github.com/ANSSI-FR/AD-control-paths/releases +- Added DefenderCheck https://github.com/matterpreter/DefenderCheck +- Added dnsrecon https://github.com/darkoperator/dnsrecon +- Added EvilClippy https://github.com/outflanknl/EvilClippy +- Added NtdsAudit https://github.com/Dionach/NtdsAudit +- Added SharpExec https://github.com/anthemtotheego/SharpExec +- Added Subdomain-Bruteforce https://github.com/visualbasic6/subdomain-bruteforce +- Fixed issue #18 with PATH +- Added Commando Logos with transparent backgrounds to $Home\Pictures +- Pinned Firefox to Taskbar +- Fixed misspellings in (this) Readme #42/#43 +- Added Ruby and Ruby Devkit #1 +- Updated Rubeus package to current version (1.4.2) #31 + +1.0.2 - April 10 2019 +- Added missing 'seclists.fireeye' package to packages.json +1.0.1 - March 31 2019 +- Used https instead of http to install boxstarter diff --git a/commandovm.win7.installer.fireeye/commandovm.win7.installer.fireeye.nuspec b/commandovm.win7.installer.fireeye/commandovm.win7.installer.fireeye.nuspec index 254c5c1..cf67355 100644 --- a/commandovm.win7.installer.fireeye/commandovm.win7.installer.fireeye.nuspec +++ b/commandovm.win7.installer.fireeye/commandovm.win7.installer.fireeye.nuspec @@ -2,7 +2,7 @@ commandovm.win7.installer.fireeye - 1.0.1.2 + 1.0.1.3 CommandoVM Jake Barteaux CommandoVM - Penetration Testing Distribution diff --git a/commandovm.win7.installer.fireeye/tools/packages.json b/commandovm.win7.installer.fireeye/tools/packages.json index 74e35c7..680afe4 100644 --- a/commandovm.win7.installer.fireeye/tools/packages.json +++ b/commandovm.win7.installer.fireeye/tools/packages.json @@ -20,6 +20,8 @@ {"name": "python3"}, {"name": "golang"}, {"name": "dep"}, + {"name": "ruby"}, + {"name": "ruby2.devkit"}, {"name": "adexplorer.fireeye"}, {"name": "rsat.fireeye"}, {"name": "tortoisesvn"}, @@ -76,6 +78,7 @@ }, {"name": "burp.free.fireeye"}, {"name": "kali_windowsbinaries.fireeye"}, + {"name": "unxUtils"}, {"name": "ADACLScanner.fireeye"}, {"name": "ADAPE-Script.fireeye"}, @@ -104,7 +107,6 @@ "name": "gowitness.fireeye", "x64Only": true }, - {"name": "Grouper2.fireeye"}, {"name": "impacket.fireeye"}, {"name": "impacket-examples-windows.fireeye"}, @@ -170,6 +172,13 @@ {"name": "WMImplant.fireeye"}, {"name": "WMIOps.fireeye"}, {"name": "zBang.fireeye"}, + {"name": "ad-control-paths.fireeye"}, + {"name": "defendercheck.fireeye"}, + {"name": "dnsrecon.fireeye"}, + {"name": "EvilClippy.fireeye"}, + {"name": "NtdsAudit.fireeye"}, + {"name": "SharpExec.fireeye"}, + {"name": "subdomain-bruteforce.fireeye"}, {"name": "openvpn.fireeye", "args":"--parameters \'/SELECT_SHORTCUTS=0 /SELECT_LAUNCH=0\'"} ] } \ No newline at end of file diff --git a/install.ps1 b/install.ps1 index 47035ad..cfdd245 100644 --- a/install.ps1 +++ b/install.ps1 @@ -77,7 +77,7 @@ Write-Host "| " -ForegroundColor Red -NoNewline; Write-Host " \/ Write-Host "| C O M P L E T E M A N D I A N T |" -ForegroundColor Red Write-Host "| O F F E N S I V E V M |" -ForegroundColor Red Write-Host "| |" -ForegroundColor Red -Write-Host "| Version 1.0 |" -ForegroundColor Red +Write-Host "| Version 1.1 |" -ForegroundColor Red Write-Host "|____________________________________________________________________________|" -ForegroundColor Red Write-Host "| |" -ForegroundColor Red Write-Host "| Developed by |" -ForegroundColor Red