From a9c154fe42f8fe2465ccbcd7cb193a13029fb561 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 20 Mar 2023 13:36:56 -0600 Subject: [PATCH 001/330] added adconnectdump --- packages/adconnectdump.vm/adconnectdump.vm.nuspec | 12 ++++++++++++ .../adconnectdump.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../adconnectdump.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/adconnectdump.vm/adconnectdump.vm.nuspec create mode 100644 packages/adconnectdump.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/adconnectdump.vm/adconnectdump.vm.nuspec b/packages/adconnectdump.vm/adconnectdump.vm.nuspec new file mode 100644 index 000000000..562a23e8b --- /dev/null +++ b/packages/adconnectdump.vm/adconnectdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + adconnectdump.vm + 0.0.0.20230320 + fox-it + This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. + + + + + diff --git a/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..9e8a13280 --- /dev/null +++ b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ADConnectDump' +$category = 'Cloud' + +$zipUrl = 'https://github.com/fox-it/adconnectdump/archive/3ff6ebe7afac83263dd41857fdec51dcca0012b4.zip' +$zipSha256 = '6f36659f4d0ef7e20ddea0d7c17f36786c2fa8ca0728e6fd790f3234f408e0e9' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fdf72860c --- /dev/null +++ b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ADConnectDump' +$category = 'Cloud' + +VM-Uninstall $toolName $category From 31e818f930655b0e8dc44e997c602a112030ec29 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Sun, 30 Apr 2023 17:48:44 -0700 Subject: [PATCH 002/330] added a python dependency --- packages/adconnectdump.vm/adconnectdump.vm.nuspec | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/adconnectdump.vm/adconnectdump.vm.nuspec b/packages/adconnectdump.vm/adconnectdump.vm.nuspec index 562a23e8b..51671b625 100644 --- a/packages/adconnectdump.vm/adconnectdump.vm.nuspec +++ b/packages/adconnectdump.vm/adconnectdump.vm.nuspec @@ -7,6 +7,7 @@ This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. + From 50ec79562718ddcd6b3d8dc8c40662cc500f2ae3 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 22 May 2023 15:18:58 +0200 Subject: [PATCH 003/330] Fix stringsifter - Use a patched version that restrict the dependencies - Use a lower version of pip as fasttext (dependency of stringsifter) doesn't install with pip 23 --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/chocolateyinstall.ps1 | 7 +++++-- packages/libraries.python3.vm/tools/modules.xml | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index e3274e326..606277012 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230517 + 0.0.0.20230522 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index 9b1844e67..f16bda1f1 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,9 @@ try { # Create output file to log python module installation details $outputFile = VM-New-Install-Log $toolDir - # Upgrade pip - Invoke-Expression "py -3.9 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" + # Fix pip version, stringsifter doesn't install with pip 23: + # https://github.com/mandiant/stringsifter/issues/29 + Invoke-Expression "py -3.9 -m pip install pip==20.1 >> $outputFile" $failures = @{} $modules = $modulesXml.modules.module @@ -39,6 +40,8 @@ try { VM-Write-Log "ERROR" "Check $outputFile for more information" exit 1 } + # Avoid WARNINGs to fail the package install + exit 0 } catch { VM-Write-Log-Exception $_ } diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 1a7c6a4b6..a9ecbf7aa 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -19,8 +19,8 @@ - - + + From e0c8ffeebf5e71697ec5c890d095a46f79348a33 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 11:36:59 +0200 Subject: [PATCH 004/330] Use array instead of hash in libraries.python3.vm There is no reason to use a hash and the code looks a bit nicer as we don't have to access the keys. --- packages/libraries.python3.vm/tools/chocolateyinstall.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index f16bda1f1..a5e35f4d5 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { # https://github.com/mandiant/stringsifter/issues/29 Invoke-Expression "py -3.9 -m pip install pip==20.1 >> $outputFile" - $failures = @{} + $failures = @() $modules = $modulesXml.modules.module foreach ($module in $modules) { Write-Host "[+] Attempting to install Python3 module: $($module.name)" @@ -28,12 +28,12 @@ try { Write-Host "`t[+] Installed Python 3.9 module: $($module.name)" -ForegroundColor Green } else { Write-Host "`t[!] Failed to install Python 3.9 module: $($module.name)" -ForegroundColor Red - $failures[$module.Name] = $true + $failures += $module.Name } } - if ($failures.Keys.Count -gt 0) { - foreach ($module in $failures.Keys) { + if ($failures.Count -gt 0) { + foreach ($module in $failures) { VM-Write-Log "ERROR" "Failed to install Python 3.9 module: $module" } $outputFile = $outputFile.replace('lib\', 'lib-bad\') From 6ae42f9f6dd298d1a3fbbb5ce0a51de80d245133 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 16:55:24 +0200 Subject: [PATCH 005/330] common: Do not repeat right click registry key Assign key registry path to variable to avoid duplication making the code easier to read and modify. --- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 429b2122b..26eab5bdf 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20221220 + 0.0.0.20230522 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 8165990d5..55a29044a 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -691,6 +691,7 @@ function VM-Add-To-Right-Click-Menu { } else { $key = "directory" } + $key_path = "HKCR:\$key\shell\$menuKey" # Check and map "HKCR" to correct drive if (-NOT (Test-Path -path 'HKCR:')) { @@ -698,16 +699,16 @@ function VM-Add-To-Right-Click-Menu { } # Add right-click menu display name - if (-NOT (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey")) { - New-Item -Path "HKCR:\$key\shell\$menuKey" | Out-Null + if (-NOT (Test-Path -LiteralPath $key_path)) { + New-Item -Path $key_path | Out-Null } - Set-ItemProperty -LiteralPath "HKCR:\$key\shell\$menuKey" -Name '(Default)' -Value "$menuLabel" -Type String + Set-ItemProperty -LiteralPath $key_path -Name '(Default)' -Value "$menuLabel" -Type String # Add command to run when executed from right-click menu - if(-NOT (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey\command")) { - New-Item -Path "HKCR:\$key\shell\$menuKey\command" | Out-Null + if(-NOT (Test-Path -LiteralPath "$key_path\command")) { + New-Item -Path "$key_path\command" | Out-Null } - Set-ItemProperty -LiteralPath "HKCR:\$key\shell\$menuKey\command" -Name '(Default)' -Value $command -Type String + Set-ItemProperty -LiteralPath "$key_path\command" -Name '(Default)' -Value $command -Type String } catch { VM-Write-Log "ERROR" "Failed to add $menuKey to right-click menu" } @@ -729,6 +730,7 @@ function VM-Remove-From-Right-Click-Menu { } else { $key = "directory" } + $key_path = "HKCR:\$key\shell\$menuKey" # Check and map "HKCR" to correct drive if (-NOT (Test-Path -path 'HKCR:')) { @@ -736,8 +738,8 @@ function VM-Remove-From-Right-Click-Menu { } # Remove right-click menu settings from registry - if (Test-Path -LiteralPath "HKCR:\$key\shell\$menuKey") { - Remove-Item -LiteralPath "HKCR:\$key\shell\$menuKey" -Recurse + if (Test-Path -LiteralPath $key_path) { + Remove-Item -LiteralPath $key_path -Recurse } } catch { VM-Write-Log "ERROR" "Failed to remove $menuKey from right-click menu" From 941d435de6b482282f365e7a26c7c96b218c35fe Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 17:00:09 +0200 Subject: [PATCH 006/330] common: Add icon to VM-Add-To-Right-Click-Menu Allow to provide an icon in the `VM-Add-To-Right-Click-Menu` helper. --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 26eab5bdf..ec4b8278d 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230522 + 0.0.0.20230523 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 55a29044a..b62e4c936 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -682,7 +682,9 @@ function VM-Add-To-Right-Click-Menu { [string] $command, [Parameter(Mandatory=$true, Position=3)] [ValidateSet("file", "directory")] - [string] $type + [string] $type, + [Parameter(Mandatory=$false, Position=4)] + [string] $menuIcon ) try { # Determine if file or directory should show item in right-click menu @@ -703,6 +705,9 @@ function VM-Add-To-Right-Click-Menu { New-Item -Path $key_path | Out-Null } Set-ItemProperty -LiteralPath $key_path -Name '(Default)' -Value "$menuLabel" -Type String + if ($menuIcon) { + Set-ItemProperty -LiteralPath $key_path -Name 'Icon' -Value "$menuIcon" -Type String + } # Add command to run when executed from right-click menu if(-NOT (Test-Path -LiteralPath "$key_path\command")) { From ce156e8929550c2287b4992476fb7bdac9ed3ed3 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 17:02:21 +0200 Subject: [PATCH 007/330] die: Add icon to right click menu Add DIE executable icon to the right click menu. --- packages/die.vm/die.vm.nuspec | 2 +- packages/die.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/die.vm/die.vm.nuspec b/packages/die.vm/die.vm.nuspec index 6f46f64cb..5bcf50981 100644 --- a/packages/die.vm/die.vm.nuspec +++ b/packages/die.vm/die.vm.nuspec @@ -2,7 +2,7 @@ die.vm - 3.07 + 3.07.20230523 Hellsp@wn, horsicq Detect It Easy, or abbreviated "DIE" is a program for determining types of files. diff --git a/packages/die.vm/tools/chocolateyinstall.ps1 b/packages/die.vm/tools/chocolateyinstall.ps1 index cd601802a..241322292 100644 --- a/packages/die.vm/tools/chocolateyinstall.ps1 +++ b/packages/die.vm/tools/chocolateyinstall.ps1 @@ -11,7 +11,7 @@ try { $zipSha256_64 = '3450169643be76484ac4bd5e1473f6f4745d9825c8a07255a3925a4a6e8bad7e' $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "file" + VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "file" "$executablePath" } catch { VM-Write-Log-Exception $_ } From 9c04f1585c4e343361d6877986284de5410d4b19 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 17:05:41 +0200 Subject: [PATCH 008/330] hashmyfiles: Add icon to right click menu Add HashMyFiles executable icon to the right click menu. --- packages/hashmyfiles.vm/hashmyfiles.vm.nuspec | 2 +- packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec index fabe554b4..95362d75c 100644 --- a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec +++ b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec @@ -2,7 +2,7 @@ hashmyfiles.vm - 0.0.0.20220113 + 0.0.0.20230523 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. Nir Sofer diff --git a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 index dc10cc13d..af8255e40 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,8 @@ try { $zipUrl_64 = "https://www.nirsoft.net/utils/hashmyfiles-x64.zip" $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipUrl_64 $zipUrl_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "file" - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "directory" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "directory" "$executablePath" } catch { VM-Write-Log-Exception $_ } From 842638998c963d7f6c19914c2165492a28df1305 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 09:53:44 +0000 Subject: [PATCH 009/330] Add de4dot-cex.vm Closes https://github.com/mandiant/VM-Packages/issues/341. --- packages/de4dot-cex.vm/de4dot-cex.vm.nuspec | 12 ++++++++++++ packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/de4dot-cex.vm/de4dot-cex.vm.nuspec create mode 100644 packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec new file mode 100644 index 000000000..b5ec8c18e --- /dev/null +++ b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec @@ -0,0 +1,12 @@ + + + + de4dot-cex.vm + 4.0.0 + ViRb3 + A de4dot fork with full support for vanilla ConfuserEx + + + + + diff --git a/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0e4b09c4d --- /dev/null +++ b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'de4dot' +$category = 'dotNet' + +$zipUrl = 'https://github.com/ViRb3/de4dot-cex/releases/download/v4.0.0/de4dot-cex.zip' +$zipSha256 = 'C726CBD18B894CA63B7F6A565C6C86EF512B96E68119C6502CDF64A51F6A1C78' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d3b942019 --- /dev/null +++ b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'de4dot' +$category = 'dotNet' + +VM-Uninstall $toolName $category From d61fafba6143ac1f26da9c8e1f7d1950d1b55214 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 09:54:44 +0000 Subject: [PATCH 010/330] Add ilspy.vm Closes https://github.com/mandiant/VM-Packages/issues/345. --- packages/ilspy.vm/ilspy.vm.nuspec | 13 +++++++++++++ packages/ilspy.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ packages/ilspy.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/ilspy.vm/ilspy.vm.nuspec create mode 100644 packages/ilspy.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/ilspy.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec new file mode 100644 index 000000000..c1c3b17e1 --- /dev/null +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -0,0 +1,13 @@ + + + + ilspy.vm + 8.0 + SharpDevelop Team + The open-source .NET assembly browser and decompiler. + + + + + + diff --git a/packages/ilspy.vm/tools/chocolateyinstall.ps1 b/packages/ilspy.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6850b8234 --- /dev/null +++ b/packages/ilspy.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ILSpy' + $category = 'dotNet' + $shimPath = 'bin\ilspy.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/ilspy.vm/tools/chocolateyuninstall.ps1 b/packages/ilspy.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9322e67c4 --- /dev/null +++ b/packages/ilspy.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ILSpy' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category From 3749223fb05f67df3be5bda7bca947ebd457b65c Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 23 May 2023 17:14:05 +0200 Subject: [PATCH 011/330] explorersuite: Add CFF explorer to right menu Add CFF explorer to the right menu for all files. --- packages/explorersuite.vm/explorersuite.vm.nuspec | 2 +- packages/explorersuite.vm/tools/chocolateyinstall.ps1 | 9 +++++++-- packages/explorersuite.vm/tools/chocolateyuninstall.ps1 | 4 +++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/explorersuite.vm/explorersuite.vm.nuspec b/packages/explorersuite.vm/explorersuite.vm.nuspec index 6228958d0..8f45c40bf 100644 --- a/packages/explorersuite.vm/explorersuite.vm.nuspec +++ b/packages/explorersuite.vm/explorersuite.vm.nuspec @@ -2,7 +2,7 @@ explorersuite.vm - 0.0.0.20221115 + 0.0.0.20230523 Erik Pistelli A suite of tools including CFF Explorer and a process viewer. diff --git a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 index a4d6ebd00..184b07a60 100644 --- a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 @@ -26,7 +26,12 @@ try { VM-Assert-Path $shortcut } - Install-BinFile -Name 'CFFExplorer' -Path (Join-Path $toolDir 'CFF Explorer.exe') + $cffExplorerExecutablePath = Join-Path $toolDir 'CFF Explorer.exe' -Resolve + Install-BinFile -Name 'CFFExplorer' -Path $cffExplorerExecutablePath + # "Open with CFF Explorer" is added to the registry for several extensions, + # add it for all extension with same key to avoid duplication. + # Use same label and no icon to make it look the same for all extensions. + VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" "file" } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} diff --git a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 index c36d56a4c..4e01b7402 100644 --- a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 @@ -7,4 +7,6 @@ foreach ($subtoolName in $subtoolNames) { VM-Remove-Tool-Shortcut $subtoolName $category } -VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" \ No newline at end of file +VM-Remove-From-Right-Click-Menu 'CFF explorer' "file" + +VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" From 7cb64eca35d889582605463b2413640647a267e6 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 24 May 2023 16:46:00 +0200 Subject: [PATCH 012/330] hxd: Add HxD to right menu Add HxD to the right menu for all files. --- packages/hxd.vm/hxd.vm.nuspec | 2 +- packages/hxd.vm/tools/chocolateyinstall.ps1 | 2 ++ packages/hxd.vm/tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/hxd.vm/hxd.vm.nuspec b/packages/hxd.vm/hxd.vm.nuspec index 30379c813..1ff947409 100644 --- a/packages/hxd.vm/hxd.vm.nuspec +++ b/packages/hxd.vm/hxd.vm.nuspec @@ -2,7 +2,7 @@ hxd.vm - 2.5.0.20230425 + 2.5.0.20230524 Maël Hörz Freeware hex editor diff --git a/packages/hxd.vm/tools/chocolateyinstall.ps1 b/packages/hxd.vm/tools/chocolateyinstall.ps1 index 18d91df35..0a6615f76 100644 --- a/packages/hxd.vm/tools/chocolateyinstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyinstall.ps1 @@ -12,6 +12,8 @@ try { VM-Assert-Path $shortcut Install-BinFile -Name $toolName -Path $executablePath + + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "file" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hxd.vm/tools/chocolateyuninstall.ps1 b/packages/hxd.vm/tools/chocolateyuninstall.ps1 index 18bf47a42..3e5de4ab8 100644 --- a/packages/hxd.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'HxD' $category = 'Hex Editors' VM-Remove-Tool-Shortcut $toolName $category +VM-Remove-From-Right-Click-Menu $toolName "file" Uninstall-BinFile -Name $toolName - From 4ff1b61e2e9b6429250a7abd183e673850c1c0a5 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 24 May 2023 17:02:39 +0200 Subject: [PATCH 013/330] hashmyfiles: Fix right click menu command The previous command opened HashMyFiles but without the file/directory. --- packages/hashmyfiles.vm/hashmyfiles.vm.nuspec | 2 +- packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec index 95362d75c..9e27aab0c 100644 --- a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec +++ b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec @@ -2,7 +2,7 @@ hashmyfiles.vm - 0.0.0.20230523 + 0.0.0.20230524 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. Nir Sofer diff --git a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 index af8255e40..b86edf750 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,8 @@ try { $zipUrl_64 = "https://www.nirsoft.net/utils/hashmyfiles-x64.zip" $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipUrl_64 $zipUrl_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "file" "$executablePath" - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" `"%1`"" "directory" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "directory" "$executablePath" } catch { VM-Write-Log-Exception $_ } From b8ebd8785720b4778a58e6769deebaf0fe808246 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 22:11:19 +0000 Subject: [PATCH 014/330] Update bloodhound.vm to 4.3.1 --- packages/bloodhound.vm/bloodhound.vm.nuspec | 2 +- packages/bloodhound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/bloodhound.vm/bloodhound.vm.nuspec b/packages/bloodhound.vm/bloodhound.vm.nuspec index 3b80a4282..769105f7f 100644 --- a/packages/bloodhound.vm/bloodhound.vm.nuspec +++ b/packages/bloodhound.vm/bloodhound.vm.nuspec @@ -2,7 +2,7 @@ bloodhound.vm - 4.3.0 + 4.3.1 BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Andrew Robbins, Rohan Vazarkar, Will Schroeder diff --git a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 index 8ece661bb..c0bafb20c 100644 --- a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 +++ b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound' $category = 'Information Gathering' -$zipUrl = "https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.0/BloodHound-win32-ia32.zip" -$zipSha256 = "88e13a123b49e19188a4d51b83b060fd5fe0d6b4cdd96e6557792d229d339f64" +$zipUrl = "https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-win32-ia32.zip" +$zipSha256 = "8d2a5cc827299d47424631882399067acf41d040c5b2aacf95092aec22d90c97" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 2caca3c1e9b6017dc1f21d6e2915a48d6398493e Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 22:19:12 +0000 Subject: [PATCH 015/330] Update sysinternals.vm to 2023.5.24 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index 851040a58..d2267d52d 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.4.12 + 2023.5.24 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From f6574a8838e29abb1b7e5d22c64c3ee68ac6b94f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 25 May 2023 11:02:24 +0200 Subject: [PATCH 016/330] Ensure template follows version documentation If the dependency/tool's version uses the 4th segment, update the package's version to use the current date (YYYYMMDD) in the 4th segment. --- scripts/utils/create_package_template.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py index 45f53d243..6dc1317d7 100755 --- a/scripts/utils/create_package_template.py +++ b/scripts/utils/create_package_template.py @@ -3,6 +3,7 @@ import logging import argparse import textwrap +import time # Set up logger logging.basicConfig( @@ -18,6 +19,15 @@ with open(f"{root_path}/categories.txt") as file: CATEGORIES = [line.rstrip() for line in file] +# If the dependency/tool's version uses the 4th segment, update the package's +# version to use the current date (YYYYMMDD) in the 4th segment +def package_version(dependency_version): + version_segments = dependency_version.split(".") + if len(version_segments) < 4: + return dependency_version + version_segments[3] = time.strftime("%Y%m%d") + return ".".join(version_segments[:4]) + UNINSTALL_TEMPLATE_NAME = "chocolateyuninstall.ps1" INSTALL_TEMPLATE_NAME = "chocolateyinstall.ps1" @@ -42,7 +52,7 @@ """ Needs the following format strings: - pkg_name="...", version="...", authors="...", description="...", dependency="..." + pkg_name="...", version="...", authors="...", description="...", dependency="...", dependency_version="..." """ NUSPEC_TEMPLATE_METAPACKAGE = r""" @@ -53,7 +63,7 @@ {description} - + @@ -281,10 +291,11 @@ def create_template( f.write( nuspec_template.format( pkg_name=pkg_name, - version=version or "0.0.0", + version=package_version(version) or "0.0.0", authors=authors, description=description, dependency=dependency, + dependency_version = version, ) ) From 8a1335cdc1044f86e90a00b3ebf786996bc80db2 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 22 May 2023 12:03:49 +0200 Subject: [PATCH 017/330] visualstudio.vm: Add Visual Studio Community 2022 Add package for Visual Studio Community that install the community package visualstudio2022community adding the following common components: - Visual Studio core editor - Desktop development with C++ - .NET desktop development I am not sure if there is a better way to install visualstudio2022community with parameters than using `choco install` in the install script. The community package chocolatey-visualstudio.extension 1.11 includes a `-DefaultParameterValues` parameter that would be a better solution (as it would allow to change the parameters when installing the package), but only a preview is available at the moment. A stable release of a package is not allowed to have on a prerelease dependency. Install the nasm assembler as dependency. --- .../tools/chocolateyinstall.ps1 | 21 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 9 ++++++++ packages/visualstudio.vm/visualstudio.nuspec | 15 +++++++++++++ 3 files changed, 45 insertions(+) create mode 100755 packages/visualstudio.vm/tools/chocolateyinstall.ps1 create mode 100755 packages/visualstudio.vm/tools/chocolateyuninstall.ps1 create mode 100755 packages/visualstudio.vm/visualstudio.nuspec diff --git a/packages/visualstudio.vm/tools/chocolateyinstall.ps1 b/packages/visualstudio.vm/tools/chocolateyinstall.ps1 new file mode 100755 index 000000000..97e346fcd --- /dev/null +++ b/packages/visualstudio.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,21 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'VisualStudio' + $category = 'Utilities' + + # Install with choco instead as dependency to provide params to add common components + # The community package chocolatey-visualstudio.extension 1.11 includes a -DefaultParameterValues parameter + # that would be a better solution (as it would allow to change the parameters when installing the package), + # but only a preview is available at the moment. + choco install visualstudio2022community --params "--add Microsoft.VisualStudio.Component.CoreEditor --add Microsoft.VisualStudio.Workload.NativeDesktop --add Microsoft.VisualStudio.Workload.ManagedDesktop --includeRecommended" + + $executablePath = Join-Path ${Env:ProgramFiles} "Microsoft Visual Studio\2022\Community\Common7\IDE\devenv.exe" -Resolve + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 b/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 new file mode 100755 index 000000000..1ea237d17 --- /dev/null +++ b/packages/visualstudio.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'VisualStudio' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category + +choco uninstall visualstudio2022community --removedependencies diff --git a/packages/visualstudio.vm/visualstudio.nuspec b/packages/visualstudio.vm/visualstudio.nuspec new file mode 100755 index 000000000..90463b9f2 --- /dev/null +++ b/packages/visualstudio.vm/visualstudio.nuspec @@ -0,0 +1,15 @@ + + + + visualstudio.vm + 0.0.0.20230525 + IDE. + Microsoft + + + + + + + From f4be50ec7bdd23a6a33aac23320a1c8b0f3dda44 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 25 May 2023 15:55:05 +0200 Subject: [PATCH 018/330] windbg.vm: Add WinDbg It seems WinDbg is now distributed as an .appinstaller (which uses a .msixbundl) and we need to install it using Add-AppxPackage. At least I didn't found an easy way to install it directly using choco helper functions. --- .../windbg.vm/tools/chocolateyinstall.ps1 | 21 +++++++++++++++++++ .../windbg.vm/tools/chocolateyuninstall.ps1 | 9 ++++++++ packages/windbg.vm/windbg.vm.nuspec | 13 ++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 packages/windbg.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/windbg.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/windbg.vm/windbg.vm.nuspec diff --git a/packages/windbg.vm/tools/chocolateyinstall.ps1 b/packages/windbg.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e4aa27ad5 --- /dev/null +++ b/packages/windbg.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,21 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'WinDbg' + $category = 'Debuggers' + + # It seems WinDbg is now distributed as an .appinstaller and we need to install it using Add-AppxPackage + Add-AppxPackage -AppInstallerFile 'https://windbg.download.prss.microsoft.com/dbazure/prod/1-0-0/windbg.appinstaller' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + # Use `start` to close the open console + $executableArgs = "/C start WinDbgX.exe" + $executableDir = Join-Path ${Env:UserProfile} "Desktop" + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -RunAsAdmin +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/windbg.vm/tools/chocolateyuninstall.ps1 b/packages/windbg.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..eee1d07cf --- /dev/null +++ b/packages/windbg.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WinDbg' +$category = 'Debuggers' + +VM-Remove-Tool-Shortcut $toolName $category + +Get-AppxPackage *WinDbg* | Remove-AppxPackage diff --git a/packages/windbg.vm/windbg.vm.nuspec b/packages/windbg.vm/windbg.vm.nuspec new file mode 100644 index 000000000..cef8d9838 --- /dev/null +++ b/packages/windbg.vm/windbg.vm.nuspec @@ -0,0 +1,13 @@ + + + + windbg.vm + 0.0.0 + Microsoft + WinDbg is a debugger that can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory. + + + + + + From d94e12c0bda170288f67537ff956f5bfaa96656f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 25 May 2023 18:47:32 +0200 Subject: [PATCH 019/330] nasm.vm: Move nasm to its own package Create nasm.vm package instead of making it part of Visual Studio. Update Visual Studio version to match tool version. --- packages/nasm.vm/nasm.vm.nuspec | 13 +++++++++ packages/nasm.vm/tools/chocolateyinstall.ps1 | 27 +++++++++++++++++++ .../nasm.vm/tools/chocolateyuninstall.ps1 | 8 ++++++ packages/visualstudio.vm/visualstudio.nuspec | 5 +--- 4 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 packages/nasm.vm/nasm.vm.nuspec create mode 100644 packages/nasm.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/nasm.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/nasm.vm/nasm.vm.nuspec b/packages/nasm.vm/nasm.vm.nuspec new file mode 100644 index 000000000..59702bc7c --- /dev/null +++ b/packages/nasm.vm/nasm.vm.nuspec @@ -0,0 +1,13 @@ + + + + nasm.vm + 2.16.01 + NASM Authors + Netwide Assembler + + + + + + diff --git a/packages/nasm.vm/tools/chocolateyinstall.ps1 b/packages/nasm.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..452ce199c --- /dev/null +++ b/packages/nasm.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'nasm' + $category = 'Utilities' + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + if (Test-Path $desktopShortcut) { + Remove-Item $desktopShortcut -Force -ea 0 + } + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executableDir = Join-Path ${Env:ProgramFiles} 'NASM' -Resolve + $batPath = Join-Path $executableDir 'nasmpath.bat' -Resolve + $iconPath = Join-Path $executableDir 'nasm.ico' -Resolve + # Create shortcut in a similar way than the deleted Desktop shortcut + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $batPath -WorkingDirectory $executableDir -IconLocation $iconPath + VM-Assert-Path $shortcut + + $executablePath = Join-Path $executableDir 'nasm.exe' -Resolve + Install-BinFile -Name $toolName -Path $executablePath +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/nasm.vm/tools/chocolateyuninstall.ps1 b/packages/nasm.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..df1681c33 --- /dev/null +++ b/packages/nasm.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'nasm' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category +Uninstall-BinFile -Name $toolName diff --git a/packages/visualstudio.vm/visualstudio.nuspec b/packages/visualstudio.vm/visualstudio.nuspec index 90463b9f2..348c79261 100755 --- a/packages/visualstudio.vm/visualstudio.nuspec +++ b/packages/visualstudio.vm/visualstudio.nuspec @@ -2,14 +2,11 @@ visualstudio.vm - 0.0.0.20230525 + 17.6.1 IDE. Microsoft - - From 71c39e13b582078bc8faf1172b0e6a6d3a9ba81f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 26 May 2023 03:14:48 +0000 Subject: [PATCH 020/330] Add codetrack.vm Closes https://github.com/mandiant/VM-Packages/issues/364. --- packages/codetrack.vm/codetrack.vm.nuspec | 13 +++++++++++++ .../codetrack.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../codetrack.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/codetrack.vm/codetrack.vm.nuspec create mode 100644 packages/codetrack.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/codetrack.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/codetrack.vm/codetrack.vm.nuspec b/packages/codetrack.vm/codetrack.vm.nuspec new file mode 100644 index 000000000..7f5b28184 --- /dev/null +++ b/packages/codetrack.vm/codetrack.vm.nuspec @@ -0,0 +1,13 @@ + + + + codetrack.vm + 1.0.3.20230526 + CodeTrack + A free .NET Performance Profile and Execution Analyzer + + + + + + diff --git a/packages/codetrack.vm/tools/chocolateyinstall.ps1 b/packages/codetrack.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..96d3f798b --- /dev/null +++ b/packages/codetrack.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'CodeTrack' + $category = 'dotNet' + $shimPath = '\bin\codetrack.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/codetrack.vm/tools/chocolateyuninstall.ps1 b/packages/codetrack.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e1c7fa977 --- /dev/null +++ b/packages/codetrack.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CodeTrack' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category From baaab9a8a626ca78e529b80d42e827652f461c0d Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 26 May 2023 08:39:23 +0200 Subject: [PATCH 021/330] floss.vm: Rename folder + nuspec Rename folder and nuspec from flare-floss.vm to floss.vm to use the package name (floss.vm) for consistency. --- .../floss.vm.nuspec} | 0 .../tools/chocolateyinstall.ps1 | 0 .../tools/chocolateyuninstall.ps1 | 0 .../{flare-floss.vm => floss.vm}/tools/icon.ico | Bin .../tools/icon_white.ico | Bin 5 files changed, 0 insertions(+), 0 deletions(-) rename packages/{flare-floss.vm/flare-floss.vm.nuspec => floss.vm/floss.vm.nuspec} (100%) rename packages/{flare-floss.vm => floss.vm}/tools/chocolateyinstall.ps1 (100%) rename packages/{flare-floss.vm => floss.vm}/tools/chocolateyuninstall.ps1 (100%) rename packages/{flare-floss.vm => floss.vm}/tools/icon.ico (100%) rename packages/{flare-floss.vm => floss.vm}/tools/icon_white.ico (100%) diff --git a/packages/flare-floss.vm/flare-floss.vm.nuspec b/packages/floss.vm/floss.vm.nuspec similarity index 100% rename from packages/flare-floss.vm/flare-floss.vm.nuspec rename to packages/floss.vm/floss.vm.nuspec diff --git a/packages/flare-floss.vm/tools/chocolateyinstall.ps1 b/packages/floss.vm/tools/chocolateyinstall.ps1 similarity index 100% rename from packages/flare-floss.vm/tools/chocolateyinstall.ps1 rename to packages/floss.vm/tools/chocolateyinstall.ps1 diff --git a/packages/flare-floss.vm/tools/chocolateyuninstall.ps1 b/packages/floss.vm/tools/chocolateyuninstall.ps1 similarity index 100% rename from packages/flare-floss.vm/tools/chocolateyuninstall.ps1 rename to packages/floss.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/flare-floss.vm/tools/icon.ico b/packages/floss.vm/tools/icon.ico similarity index 100% rename from packages/flare-floss.vm/tools/icon.ico rename to packages/floss.vm/tools/icon.ico diff --git a/packages/flare-floss.vm/tools/icon_white.ico b/packages/floss.vm/tools/icon_white.ico similarity index 100% rename from packages/flare-floss.vm/tools/icon_white.ico rename to packages/floss.vm/tools/icon_white.ico From 20c84c695f064392096d4397022f1cd3f3fe4fc8 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 26 May 2023 10:42:54 +0200 Subject: [PATCH 022/330] common.vm: Add VM-Install-Shortcut Unify how shortcuts are created by introducing a `VM-Install-Shortcut` helper function in common and use it in the other helper functions. This package should be used in packages that install the shortcut directly as well. --- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 91 ++++++++++--------- 2 files changed, 51 insertions(+), 42 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index ec4b8278d..118d5baff 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230523 + 0.0.0.20230526 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index b62e4c936..56b36748e 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -265,6 +265,44 @@ function VM-Install-Raw-GitHub-Repo { } } +function VM-Install-Shortcut{ + [CmdletBinding()] + Param + ( + [Parameter(Mandatory=$true, Position=0)] + [string] $toolName, + [Parameter(Mandatory=$true, Position=1)] + [string] $category, + [Parameter(Mandatory=$true, Position=2)] + [string] $executablePath, + [Parameter(Mandatory=$false)] + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [switch] $runAsAdmin=$false, + [Parameter(Mandatory=$false)] + [string] $executableDir, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" + ) + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + + if ($consoleApp) { + if (!$executableDir) { + $executableDir = Join-Path ${Env:UserProfile} "Desktop" + } + VM-Assert-Path $executableDir + + $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve + # Change to executable dir, print command to execute, and execute command + $executableArgs = "/K `"cd `"$executableDir`" && echo $executableDir^> $executablePath $arguments && `"$executablePath`" $arguments`"" + Install-ChocolateyShortcut -ShortcutFilePath $shortcut -TargetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath -RunAsAdmin $runAsAdmin + } else { + Install-ChocolateyShortcut -ShortcutFilePath $shortcut -TargetPath $executablePath -RunAsAdmin $runAsAdmin + } + VM-Assert-Path $shortcut +} + # This functions returns $executablePath and $toolDir (outputed by Install-ChocolateyZipPackage) function VM-Install-From-Zip { [CmdletBinding()] @@ -285,11 +323,12 @@ function VM-Install-From-Zip { [Parameter(Mandatory=$false)] [bool] $consoleApp=$false, [Parameter(Mandatory=$false)] - [bool] $innerFolder=$false # subfolder in zip with the app files + [bool] $innerFolder=$false, # subfolder in zip with the app files + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category # Remove files from previous zips for upgrade VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} @@ -333,18 +372,7 @@ function VM-Install-From-Zip { } $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" - $executableDir = Join-Path ${Env:UserProfile} "Desktop" - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath return $executablePath } catch { @@ -370,11 +398,12 @@ function VM-Install-Single-Exe { [Parameter(Mandatory=$false)] [string] $exeSha256_64, [Parameter(Mandatory=$false)] - [bool] $consoleApp=$false + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category # Get the file extension from the URL $ext = (Split-Path -Path $exeUrl -Leaf).Split(".")[-1] @@ -394,18 +423,7 @@ function VM-Install-Single-Exe { Get-ChocolateyWebFile @packageArgs VM-Assert-Path $executablePath - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve - $executableDir = Join-Path ${Env:UserProfile} "Desktop" -Resolve - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath return $executablePath } catch { @@ -536,7 +554,9 @@ function VM-Install-With-Installer { [Parameter(Mandatory=$false)] [array] $validExitCodes= @(0, 3010, 1605, 1614, 1641), [Parameter(Mandatory=$false)] - [bool] $consoleApp=$false + [bool] $consoleApp=$false, + [Parameter(Mandatory=$false)] + [string] $arguments = "--help" ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName @@ -589,18 +609,7 @@ function VM-Install-With-Installer { Install-ChocolateyInstallPackage @packageArgs VM-Assert-Path $executablePath - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category - $shortcut = Join-Path $shortcutDir "$toolName.lnk" - if ($consoleApp) { - $executableCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" - $executableDir = Join-Path ${Env:UserProfile} "Desktop" - $executableArgs = "/K `"cd `"$executableDir`" && `"$executablePath`" --help`"" - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executableCmd -Arguments $executableArgs -WorkingDirectory $executableDir -IconLocation $executablePath - } else { - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath - } - VM-Assert-Path $shortcut - + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath } catch { VM-Write-Log-Exception $_ From e443ef4302f3739316a0346a8709cee66e075087 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 26 May 2023 10:43:43 +0200 Subject: [PATCH 023/330] dnspyex.vm: Fix shortcut Shortcut executes dnspyex closing cmd after execution. dnspyex needs to be installed as a console app. Use the new VM-Install-Shortcut helper for that. --- packages/dnspyex.vm/dnspyex.vm.nuspec | 2 +- packages/dnspyex.vm/tools/chocolateyinstall.ps1 | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec index c67d1fa81..34bfc8b0c 100644 --- a/packages/dnspyex.vm/dnspyex.vm.nuspec +++ b/packages/dnspyex.vm/dnspyex.vm.nuspec @@ -2,7 +2,7 @@ dnspyex.vm - 6.3.0 + 6.3.0.20230526 0xd4d, ElektroKill dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 index 3f151dece..cd0e5a8b3 100644 --- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 @@ -6,11 +6,8 @@ try { $category = 'dotNet' $shimPath = 'bin\dnSpy.Console.exe' - $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category - $shortcut = Join-Path $shortcutDir "$toolName.lnk" $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve - Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin - VM-Assert-Path $shortcut + VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true -arguments $null } catch { VM-Write-Log-Exception $_ } From a1e345871b7b2de7423e6ebacd4a59141e01c162 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 26 May 2023 11:13:28 +0200 Subject: [PATCH 024/330] rundotnetdll.vm: Fix shortcut RunDotNetDll does not have a `--help` parameter and the output is confusing. --- packages/rundotnetdll.vm/rundotnetdll.vm.nuspec | 2 +- packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec b/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec index 54e90f050..5c3cf29a2 100644 --- a/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec +++ b/packages/rundotnetdll.vm/rundotnetdll.vm.nuspec @@ -2,7 +2,7 @@ rundotnetdll.vm - 2.2 + 2.2.0.20230526 A simple utility to list all methods of a given .NET Assembly and to invoke them. Antonio Parata diff --git a/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 b/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 index 475b39394..f32794c23 100644 --- a/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 +++ b/packages/rundotnetdll.vm/tools/chocolateyinstall.ps1 @@ -7,5 +7,5 @@ $category = 'dotNet' $zipUrl = 'https://github.com/enkomio/RunDotNetDll/releases/download/2.2/RunDotNetDll.zip' $zipSha256 = '27B922861DD27C8DC484524EB7B3AE8F2FB6CA44C1C7086D9ED529A7B4E7CC1D' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $null From bccf530048e7e08d85bab108ee093abb20013e6e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 26 May 2023 11:36:05 +0200 Subject: [PATCH 025/330] de4dot-cex.vm: Fix shortcut & add de4dot-x64 - Shortcut executes de4dot closing cmd after execution. de4dot needs to be installed as a console app. Use the new VM-Install-Shortcut helper for that. - Add shortcut for de4dot-x64. --- packages/de4dot-cex.vm/de4dot-cex.vm.nuspec | 2 +- .../de4dot-cex.vm/tools/chocolateyinstall.ps1 | 18 +++++++++++++----- .../tools/chocolateyuninstall.ps1 | 1 + 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec index b5ec8c18e..b1acfaa0e 100644 --- a/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec +++ b/packages/de4dot-cex.vm/de4dot-cex.vm.nuspec @@ -2,7 +2,7 @@ de4dot-cex.vm - 4.0.0 + 4.0.0.20230526 ViRb3 A de4dot fork with full support for vanilla ConfuserEx diff --git a/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 index 0e4b09c4d..3ae70fa45 100644 --- a/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 +++ b/packages/de4dot-cex.vm/tools/chocolateyinstall.ps1 @@ -1,10 +1,18 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'de4dot' -$category = 'dotNet' +try { + $toolName = 'de4dot' + $category = 'dotNet' -$zipUrl = 'https://github.com/ViRb3/de4dot-cex/releases/download/v4.0.0/de4dot-cex.zip' -$zipSha256 = 'C726CBD18B894CA63B7F6A565C6C86EF512B96E68119C6502CDF64A51F6A1C78' + $zipUrl = 'https://github.com/ViRb3/de4dot-cex/releases/download/v4.0.0/de4dot-cex.zip' + $zipSha256 = 'C726CBD18B894CA63B7F6A565C6C86EF512B96E68119C6502CDF64A51F6A1C78' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 + VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true + + # Add link for de4dot-x64.exe + $executablePath = Join-Path ${Env:RAW_TOOLS_DIR} "de4dot\$toolName-x64.exe" -Resolve + VM-Install-Shortcut "$toolName-x64" $category $executablePath -consoleApp $true +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 index d3b942019..58558b818 100644 --- a/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 +++ b/packages/de4dot-cex.vm/tools/chocolateyuninstall.ps1 @@ -5,3 +5,4 @@ $toolName = 'de4dot' $category = 'dotNet' VM-Uninstall $toolName $category +VM-Remove-Tool-Shortcut "$toolName-x64" $category From 52d849f6739386431ae23c2f247f32920eea6503 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 29 May 2023 23:27:14 +0000 Subject: [PATCH 026/330] Add situational-awareness-bofs.vm Closes https://github.com/mandiant/VM-Packages/issues/371. --- .../situational-awareness-bofs.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec create mode 100644 packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec b/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec new file mode 100644 index 000000000..dcdb1ad19 --- /dev/null +++ b/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec @@ -0,0 +1,12 @@ + + + + situational-awareness-bofs.vm + 0.0.0.20230529 + trustedsec + Provides a set of basic situational awareness commands implemented in a Beacon Object File (BOF). This allows you to perform some checks on a host before you begin executing commands that may be more invasive. + + + + + diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..aef2f76c8 --- /dev/null +++ b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Situational Awareness BOF' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip' +$zipSha256 = 'e3673d7e41ad6d36ca7d6d44821f68238aae9968e062acb6d96fc7663c87bbdb' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..23df50916 --- /dev/null +++ b/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Situational Awareness BOF' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From 710ffbfa8362bdfd7eb3902c0ccb33d57d8c8966 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 29 May 2023 16:37:49 -0700 Subject: [PATCH 027/330] fixed lint.py regex per PR #328 --- scripts/test/lint.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 20c8ea52f..cdc397bd0 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -334,7 +334,7 @@ def check(self, path): # utf-8-sig ignores BOM file_content = open(path, "r", encoding="utf-8-sig").read() - match = re.search("\$category = ['\"](?P[\w ]+)['\"]", file_content) + match = re.search("\$category = ['\"](?P[\w &]+)['\"]", file_content) if not match or match.group("category") not in self.CATEGORIES: return True return False From 07713f321ea3211ad33e17781e08e74284e39cd3 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 29 May 2023 16:58:16 -0700 Subject: [PATCH 028/330] Update lint.py --- scripts/test/lint.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 20c8ea52f..cdc397bd0 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -334,7 +334,7 @@ def check(self, path): # utf-8-sig ignores BOM file_content = open(path, "r", encoding="utf-8-sig").read() - match = re.search("\$category = ['\"](?P[\w ]+)['\"]", file_content) + match = re.search("\$category = ['\"](?P[\w &]+)['\"]", file_content) if not match or match.group("category") not in self.CATEGORIES: return True return False From d67d0c01acd20ff2bc1e3b7ab8afcd82225214a5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 30 May 2023 00:23:13 +0000 Subject: [PATCH 029/330] Add unhook-bof.vm Closes https://github.com/mandiant/VM-Packages/issues/374. --- packages/unhook-bof.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ packages/unhook-bof.vm/unhook-bof.vm.nuspec | 12 ++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/unhook-bof.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/unhook-bof.vm/unhook-bof.vm.nuspec diff --git a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c61d7840b --- /dev/null +++ b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Unhook BOF' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/refs/heads/master.zip' +$zipSha256 = '5015772371b536e076a3fe0a29de2a166295c59ba6d2d33014ee3ffff502ba4c' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e668b59fc --- /dev/null +++ b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Unhook BOF' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/unhook-bof.vm/unhook-bof.vm.nuspec b/packages/unhook-bof.vm/unhook-bof.vm.nuspec new file mode 100644 index 000000000..b82fc330f --- /dev/null +++ b/packages/unhook-bof.vm/unhook-bof.vm.nuspec @@ -0,0 +1,12 @@ + + + + unhook-bof.vm + 0.0.0.20230530 + rsmudge, physics-sec + This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research. + + + + + From d040416cf3bed3c15446140d292fc61b1092eac0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 30 May 2023 00:30:26 +0000 Subject: [PATCH 030/330] Add stracciatella.vm Closes https://github.com/mandiant/VM-Packages/issues/376. --- packages/stracciatella.vm/stracciatella.vm.nuspec | 12 ++++++++++++ .../stracciatella.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../stracciatella.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/stracciatella.vm/stracciatella.vm.nuspec create mode 100644 packages/stracciatella.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/stracciatella.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/stracciatella.vm/stracciatella.vm.nuspec b/packages/stracciatella.vm/stracciatella.vm.nuspec new file mode 100644 index 000000000..fc946e401 --- /dev/null +++ b/packages/stracciatella.vm/stracciatella.vm.nuspec @@ -0,0 +1,12 @@ + + + + stracciatella.vm + 0.7 + mgeeky + Powershell runspace from within C# (aka SharpPick technique) with AMSI, ETW and Script Block Logging disabled. + + + + + diff --git a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..42cc25a46 --- /dev/null +++ b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Stracciatella' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/refs/heads/master.zip' +$zipSha256 = 'db6f32b336dc02aa1dd0577a10348c1ce5558d144f889e63cacff8a9612df2a3' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fcf7730f3 --- /dev/null +++ b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Stracciatella' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From 922e48950034333298bf648c5ca98483ed768f3c Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 29 May 2023 17:33:55 -0700 Subject: [PATCH 031/330] updated download url --- .../situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 index aef2f76c8..2a1e07211 100644 --- a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 +++ b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' $category = 'Command & Control' -$zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip' -$zipSha256 = 'e3673d7e41ad6d36ca7d6d44821f68238aae9968e062acb6d96fc7663c87bbdb' +$zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/82235696478ec49fc10bc09a11483d75dddd0a45.zip' +$zipSha256 = '4f32d34529e6f7b6b287bd61a768c1e56345de8e563da7d4b15661552d8a5037' VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 From 4a61d1d305a5f56beb50a0082a88eb4e9429159a Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 29 May 2023 17:35:03 -0700 Subject: [PATCH 032/330] Updated download url and hash --- packages/unhook-bof.vm/tools/chocolateyinstall.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 index c61d7840b..08737f651 100644 --- a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Unhook BOF' $category = 'Command & Control' -$zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/refs/heads/master.zip' -$zipSha256 = '5015772371b536e076a3fe0a29de2a166295c59ba6d2d33014ee3ffff502ba4c' +$zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/fa3c8d8a397719c5f2310334e6549bea541b209c.zip' +$zipSha256 = '086f7ded18af7b397be78f63a7b4879bb1a6722f4b192d0139a02863332089ef' VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 From 01da2f11b8439214597e9f2bb607c2ef1e52a780 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 29 May 2023 17:36:11 -0700 Subject: [PATCH 033/330] update download url and hash --- packages/stracciatella.vm/tools/chocolateyinstall.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 index 42cc25a46..212f457c4 100644 --- a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 +++ b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Stracciatella' $category = 'Command & Control' -$zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/refs/heads/master.zip' -$zipSha256 = 'db6f32b336dc02aa1dd0577a10348c1ce5558d144f889e63cacff8a9612df2a3' +$zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/acc83e21951049ab4998ecd18f5e4fa01e1527da.zip' +$zipSha256 = 'd9299fca780945becf9907b052112e7149fb2a2d51e28f0e73e8326455f47a82' VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 From d866fc48cd136e5726b0ddfb9544d60be15d8d3f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 30 May 2023 00:41:42 +0000 Subject: [PATCH 034/330] Add nanodump.vm Closes https://github.com/mandiant/VM-Packages/issues/378. --- packages/nanodump.vm/nanodump.vm.nuspec | 12 ++++++++++++ packages/nanodump.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/nanodump.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/nanodump.vm/nanodump.vm.nuspec create mode 100644 packages/nanodump.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/nanodump.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/nanodump.vm/nanodump.vm.nuspec b/packages/nanodump.vm/nanodump.vm.nuspec new file mode 100644 index 000000000..177196ce6 --- /dev/null +++ b/packages/nanodump.vm/nanodump.vm.nuspec @@ -0,0 +1,12 @@ + + + + nanodump.vm + 0.0.0.20230530 + fortra + A Beacon Object File that creates a minidump of the LSASS process. + + + + + diff --git a/packages/nanodump.vm/tools/chocolateyinstall.ps1 b/packages/nanodump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..98b81b284 --- /dev/null +++ b/packages/nanodump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NanoDump' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/fortra/nanodump/archive/c211c5f72b2438afb09d0eb917fe32150be91344.zip' +$zipSha256 = '461a16ae517aebb65adc37a0da8f8c04fa4836da35a69239dc2f90f8098b5da0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3c02079f5 --- /dev/null +++ b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NanoDump' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From ae0a496dff4b0e05c643348f16c3d761c58299d0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 30 May 2023 00:47:20 +0000 Subject: [PATCH 035/330] Add remote-ops-bof.vm Closes https://github.com/mandiant/VM-Packages/issues/380. --- packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec | 12 ++++++++++++ .../remote-ops-bof.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../remote-ops-bof.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec create mode 100644 packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec b/packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec new file mode 100644 index 000000000..8d48f1d30 --- /dev/null +++ b/packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec @@ -0,0 +1,12 @@ + + + + remote-ops-bof.vm + 0.0.0.20230530 + trustedsec + Addition to Situational Awareness BOFs intended for single task Windows primitives such as creating a task, stopping a service, etc. + + + + + diff --git a/packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 b/packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3e009b3db --- /dev/null +++ b/packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Remote Operations BOF' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/trustedsec/CS-Remote-OPs-BOF/archive/a7ef2b8551568778c2603a15ea83220188009a79.zip' +$zipSha256 = '61bf693272484d9f9ea25871ea57489cb24248c014782cacad1c1bb80e90962b' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 b/packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..248078867 --- /dev/null +++ b/packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Remote Operations BOF' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From 639511ce9ce9ed2cb09d45fb8eed2554db5d2583 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 30 May 2023 00:50:07 +0000 Subject: [PATCH 036/330] Add outflank-c2-collection.vm Closes https://github.com/mandiant/VM-Packages/issues/382. --- .../outflank-c2-collection.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec create mode 100644 packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec b/packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec new file mode 100644 index 000000000..a8ce5f780 --- /dev/null +++ b/packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec @@ -0,0 +1,12 @@ + + + + outflank-c2-collection.vm + 0.0.0.20230530 + outflank + Contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. + + + + + diff --git a/packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 b/packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c34ec49da --- /dev/null +++ b/packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Outflank C2 Tool Collection' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/outflanknl/C2-Tool-Collection/archive/f02df22a206ee329bc582a8427d1aa1e54309d9a.zip' +$zipSha256 = '825e3372f6caf540ecbc20f31af6f4b9e711bd6ce64fb09d7d151cf4224de3d8' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 b/packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5c70d0b09 --- /dev/null +++ b/packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Outflank C2 Tool Collection' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From ad3a40b9d3270a455dcb0bd8c4e5121138be7122 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 31 May 2023 22:11:01 +0000 Subject: [PATCH 037/330] Update cyberchef.vm to 10.4.0.20230531 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 7aadc8713..d7aba5dea 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.4.0.20230517 + 10.4.0.20230531 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + From a3761cd153f64f990235bccd66cf78d245e7f6a3 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 31 May 2023 22:11:40 +0000 Subject: [PATCH 038/330] Update nasm.vm to 2.16.01.20230531 --- packages/nasm.vm/nasm.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/nasm.vm/nasm.vm.nuspec b/packages/nasm.vm/nasm.vm.nuspec index 59702bc7c..478a174bf 100644 --- a/packages/nasm.vm/nasm.vm.nuspec +++ b/packages/nasm.vm/nasm.vm.nuspec @@ -2,12 +2,12 @@ nasm.vm - 2.16.01 + 2.16.01.20230531 NASM Authors Netwide Assembler - + From 52efb330394f1a21aabec47a487b711caf7dd944 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 31 May 2023 22:21:40 +0000 Subject: [PATCH 039/330] Update wireshark.vm to 4.0.6 --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index d8fe3322a..d670df8ab 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.5 + 4.0.6 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From ced9e8ca6963aeff0ce5e10c58a9906e6b2a1f2a Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:16:22 -0700 Subject: [PATCH 040/330] Update chocolateyinstall.ps1 --- packages/unhook-bof.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 index 08737f651..deddb7329 100644 --- a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Unhook BOF' -$category = 'Command & Control' +$category = 'Evasion' $zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/fa3c8d8a397719c5f2310334e6549bea541b209c.zip' $zipSha256 = '086f7ded18af7b397be78f63a7b4879bb1a6722f4b192d0139a02863332089ef' From c12bb8750a500d41f9225593d7e46213b037263b Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:16:45 -0700 Subject: [PATCH 041/330] Update chocolateyuninstall.ps1 --- packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 index e668b59fc..551c07c7b 100644 --- a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 +++ b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Unhook BOF' -$category = 'Command & Control' +$category = 'Evasion' VM-Uninstall $toolName $category From f36f620f61ec0ab9220b67f6c69a68dd0f27a53e Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:19:50 -0700 Subject: [PATCH 042/330] updated category --- .../situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 index 2a1e07211..c7445302f 100644 --- a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 +++ b/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Command & Control' +$category = 'Information Gathering' $zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/82235696478ec49fc10bc09a11483d75dddd0a45.zip' $zipSha256 = '4f32d34529e6f7b6b287bd61a768c1e56345de8e563da7d4b15661552d8a5037' From 2d049470706a4b4d7389e9f1145bd0f998bbefc6 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:20:10 -0700 Subject: [PATCH 043/330] updated category --- .../situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 index 23df50916..7eedba5e7 100644 --- a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 +++ b/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Command & Control' +$category = 'Information Gathering' VM-Uninstall $toolName $category From 956d619289280be0bbbfd5d1661c9a630bb73722 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:24:20 -0700 Subject: [PATCH 044/330] updated category --- packages/stracciatella.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 index 212f457c4..1c0efd30f 100644 --- a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 +++ b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Stracciatella' -$category = 'Command & Control' +$category = 'Evasion' $zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/acc83e21951049ab4998ecd18f5e4fa01e1527da.zip' $zipSha256 = 'd9299fca780945becf9907b052112e7149fb2a2d51e28f0e73e8326455f47a82' From bdbdbf96e901e2b8bb9141903919f231c0bc436f Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:24:35 -0700 Subject: [PATCH 045/330] updated category --- packages/stracciatella.vm/tools/chocolateyuninstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 index fcf7730f3..138433530 100644 --- a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 +++ b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Stracciatella' -$category = 'Command & Control' +$category = 'Evasion' VM-Uninstall $toolName $category From 46a96e2c881d185c604a6dee232299e451f3c013 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:25:49 -0700 Subject: [PATCH 046/330] updated category --- packages/nanodump.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/nanodump.vm/tools/chocolateyinstall.ps1 b/packages/nanodump.vm/tools/chocolateyinstall.ps1 index 98b81b284..cbc3a2873 100644 --- a/packages/nanodump.vm/tools/chocolateyinstall.ps1 +++ b/packages/nanodump.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'NanoDump' -$category = 'Command & Control' +$category = 'Password Attacks' $zipUrl = 'https://github.com/fortra/nanodump/archive/c211c5f72b2438afb09d0eb917fe32150be91344.zip' $zipSha256 = '461a16ae517aebb65adc37a0da8f8c04fa4836da35a69239dc2f90f8098b5da0' From 0282a75cec3f9e0c855c5193c37c5c68d64ecb66 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:26:06 -0700 Subject: [PATCH 047/330] updated category --- packages/nanodump.vm/tools/chocolateyuninstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 index 3c02079f5..a08771691 100644 --- a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 +++ b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'NanoDump' -$category = 'Command & Control' +$category = 'Password Attacks' VM-Uninstall $toolName $category From 7f52439a57dc3d4bef182cd5a6bbef30ca0c1a48 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:27:20 -0700 Subject: [PATCH 048/330] fixed bofs to bof --- .../situational-awareness-bofs.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec b/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec index dcdb1ad19..09702e289 100644 --- a/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec +++ b/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec @@ -1,7 +1,7 @@ - situational-awareness-bofs.vm + situational-awareness-bof.vm 0.0.0.20230529 trustedsec Provides a set of basic situational awareness commands implemented in a Beacon Object File (BOF). This allows you to perform some checks on a host before you begin executing commands that may be more invasive. From 79126b219e24eee7a8cd1f49cce0e5ffa94f437d Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:30:46 -0700 Subject: [PATCH 049/330] fixed package name --- .../situational-awareness-bofs.vm.nuspec | 0 .../tools/chocolateyinstall.ps1 | 0 .../tools/chocolateyuninstall.ps1 | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename packages/{situational-awareness-bofs.vm => situational-awareness-bof.vm}/situational-awareness-bofs.vm.nuspec (100%) rename packages/{situational-awareness-bofs.vm => situational-awareness-bof.vm}/tools/chocolateyinstall.ps1 (100%) rename packages/{situational-awareness-bofs.vm => situational-awareness-bof.vm}/tools/chocolateyuninstall.ps1 (100%) diff --git a/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec b/packages/situational-awareness-bof.vm/situational-awareness-bofs.vm.nuspec similarity index 100% rename from packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec rename to packages/situational-awareness-bof.vm/situational-awareness-bofs.vm.nuspec diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 similarity index 100% rename from packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 rename to packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 similarity index 100% rename from packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 rename to packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 From 09c813c1dbf29d9c3f8a2c3dcb248c31191c23bc Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:33:11 -0700 Subject: [PATCH 050/330] fixed package name and category --- .../tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- .../trustedsec-remote-ops-bof.vm.nuspec} | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename packages/{remote-ops-bof.vm => trustedsec-remote-ops-bof.vm}/tools/chocolateyinstall.ps1 (91%) rename packages/{remote-ops-bof.vm => trustedsec-remote-ops-bof.vm}/tools/chocolateyuninstall.ps1 (81%) rename packages/{remote-ops-bof.vm/remote-ops-bof.vm.nuspec => trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec} (91%) diff --git a/packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 similarity index 91% rename from packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 rename to packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 index 3e009b3db..92a8893e0 100644 --- a/packages/remote-ops-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Remote Operations BOF' -$category = 'Command & Control' +$category = 'Information Gathering' $zipUrl = 'https://github.com/trustedsec/CS-Remote-OPs-BOF/archive/a7ef2b8551568778c2603a15ea83220188009a79.zip' $zipSha256 = '61bf693272484d9f9ea25871ea57489cb24248c014782cacad1c1bb80e90962b' diff --git a/packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 similarity index 81% rename from packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 rename to packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 index 248078867..9272c9d08 100644 --- a/packages/remote-ops-bof.vm/tools/chocolateyuninstall.ps1 +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Remote Operations BOF' -$category = 'Command & Control' +$category = 'Information Gathering' VM-Uninstall $toolName $category diff --git a/packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec similarity index 91% rename from packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec rename to packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec index 8d48f1d30..15dad8f48 100644 --- a/packages/remote-ops-bof.vm/remote-ops-bof.vm.nuspec +++ b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec @@ -1,7 +1,7 @@ - remote-ops-bof.vm + truestedsec-remote-ops-bof.vm 0.0.0.20230530 trustedsec Addition to Situational Awareness BOFs intended for single task Windows primitives such as creating a task, stopping a service, etc. From e4cd8f4b5dd55ac0db25daf1c37296e230b83d4e Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 21:35:12 -0700 Subject: [PATCH 051/330] changed package name and category --- .../outflank-c2-tool-collection.vm.nuspec} | 0 .../tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename packages/{outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec => outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec} (100%) rename packages/{outflank-c2-collection.vm => outflank-c2-tool-collection.vm}/tools/chocolateyinstall.ps1 (91%) rename packages/{outflank-c2-collection.vm => outflank-c2-tool-collection.vm}/tools/chocolateyuninstall.ps1 (82%) diff --git a/packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec similarity index 100% rename from packages/outflank-c2-collection.vm/outflank-c2-collection.vm.nuspec rename to packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec diff --git a/packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 similarity index 91% rename from packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 rename to packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 index c34ec49da..6895d0ca2 100644 --- a/packages/outflank-c2-collection.vm/tools/chocolateyinstall.ps1 +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Outflank C2 Tool Collection' -$category = 'Command & Control' +$category = 'Information Gathering' $zipUrl = 'https://github.com/outflanknl/C2-Tool-Collection/archive/f02df22a206ee329bc582a8427d1aa1e54309d9a.zip' $zipSha256 = '825e3372f6caf540ecbc20f31af6f4b9e711bd6ce64fb09d7d151cf4224de3d8' diff --git a/packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 similarity index 82% rename from packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 rename to packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 index 5c70d0b09..f4df48d38 100644 --- a/packages/outflank-c2-collection.vm/tools/chocolateyuninstall.ps1 +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Outflank C2 Tool Collection' -$category = 'Command & Control' +$category = 'Information Gathering' VM-Uninstall $toolName $category From bdde71dc557f22d37c29ca48308f9d04f72e17a0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 04:43:33 +0000 Subject: [PATCH 052/330] Add certify.vm Closes https://github.com/mandiant/VM-Packages/issues/385. --- packages/certify.vm/certify.vm.nuspec | 12 ++++++++++++ packages/certify.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/certify.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/certify.vm/certify.vm.nuspec create mode 100644 packages/certify.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/certify.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/certify.vm/certify.vm.nuspec b/packages/certify.vm/certify.vm.nuspec new file mode 100644 index 000000000..1c49ecb7f --- /dev/null +++ b/packages/certify.vm/certify.vm.nuspec @@ -0,0 +1,12 @@ + + + + certify.vm + 1.1.0 + HarmJ0y, leechristensen + Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). + + + + + diff --git a/packages/certify.vm/tools/chocolateyinstall.ps1 b/packages/certify.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..057da67df --- /dev/null +++ b/packages/certify.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Certify' +$category = 'Active Directory' + +$zipUrl = 'https://github.com/GhostPack/Certify/archive/fb297ad30476cfdba745b9062171cd7ac145a16d.zip' +$zipSha256 = '4827485203eb08271e953bbd5816e95bf8b0b897ae0937c798525afe7ed5b9e0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/certify.vm/tools/chocolateyuninstall.ps1 b/packages/certify.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..43ba836d8 --- /dev/null +++ b/packages/certify.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Certify' +$category = 'Active Directory' + +VM-Uninstall $toolName $category From 59bb3081c9ce1d1810710cc64017811709c6a93a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 05:07:34 +0000 Subject: [PATCH 053/330] Add streamdivert.vm Closes https://github.com/mandiant/VM-Packages/issues/389. --- packages/streamdivert.vm/streamdivert.vm.nuspec | 12 ++++++++++++ packages/streamdivert.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../streamdivert.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/streamdivert.vm/streamdivert.vm.nuspec create mode 100644 packages/streamdivert.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/streamdivert.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/streamdivert.vm/streamdivert.vm.nuspec b/packages/streamdivert.vm/streamdivert.vm.nuspec new file mode 100644 index 000000000..83a8baedb --- /dev/null +++ b/packages/streamdivert.vm/streamdivert.vm.nuspec @@ -0,0 +1,12 @@ + + + + streamdivert.vm + 1.1 + jellever + StreamDivert has the ability to relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another server. + + + + + diff --git a/packages/streamdivert.vm/tools/chocolateyinstall.ps1 b/packages/streamdivert.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..1504b5a72 --- /dev/null +++ b/packages/streamdivert.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'StreamDivert' +$category = 'Networking' + +$zipUrl = 'https://github.com/jellever/StreamDivert/releases/download/v1.1/StreamDivert.x64.zip' +$zipSha256 = '88df0ee37e817555fa24520a421f1c122a67349a20f8bbde0c027f3e6fdf54b1' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 b/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d5f690ba6 --- /dev/null +++ b/packages/streamdivert.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'StreamDivert' +$category = 'Networking' + +VM-Uninstall $toolName $category From eceb67b8c0f06fd569171e64bd4a3b3e4c0881e5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 05:26:01 +0000 Subject: [PATCH 054/330] Add whisker.vm Closes https://github.com/mandiant/VM-Packages/issues/391. --- packages/whisker.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/whisker.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ packages/whisker.vm/whisker.vm.nuspec | 12 ++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/whisker.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/whisker.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/whisker.vm/whisker.vm.nuspec diff --git a/packages/whisker.vm/tools/chocolateyinstall.ps1 b/packages/whisker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..fddce00d7 --- /dev/null +++ b/packages/whisker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Whisker' +$category = 'Active Directory' + +$zipUrl = 'https://github.com/eladshamir/Whisker/archive/0bc2a0acc4a92b49c69d873f7ac565340a5f3291.zip' +$zipSha256 = 'b181b639f2d18fb37e045d27cbe522e7b97aaa85c30dc0cb9bc75eaf6b939f9a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/whisker.vm/tools/chocolateyuninstall.ps1 b/packages/whisker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..a362d5b54 --- /dev/null +++ b/packages/whisker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Whisker' +$category = 'Active Directory' + +VM-Uninstall $toolName $category diff --git a/packages/whisker.vm/whisker.vm.nuspec b/packages/whisker.vm/whisker.vm.nuspec new file mode 100644 index 000000000..730b6dfab --- /dev/null +++ b/packages/whisker.vm/whisker.vm.nuspec @@ -0,0 +1,12 @@ + + + + whisker.vm + 0.0.0.20230602 + Elad Shamir + Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. + + + + + From d1dc47cbd1c7f7a42eb4519d034e3d12e21ac5c8 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 05:36:38 +0000 Subject: [PATCH 055/330] Add confuserex.vm Closes https://github.com/mandiant/VM-Packages/issues/393. --- packages/confuserex.vm/confuserex.vm.nuspec | 13 +++++++++++++ .../confuserex.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../confuserex.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/confuserex.vm/confuserex.vm.nuspec create mode 100644 packages/confuserex.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/confuserex.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/confuserex.vm/confuserex.vm.nuspec b/packages/confuserex.vm/confuserex.vm.nuspec new file mode 100644 index 000000000..8cdbc5202 --- /dev/null +++ b/packages/confuserex.vm/confuserex.vm.nuspec @@ -0,0 +1,13 @@ + + + + confuserex.vm + 1.6.0 + mkaring + ConfuserEx is a open-source protector for .NET applications. It is the successor of Confuser project. + + + + + + diff --git a/packages/confuserex.vm/tools/chocolateyinstall.ps1 b/packages/confuserex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..599115e9c --- /dev/null +++ b/packages/confuserex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ConfuserEx' + $category = 'Evasion' + $shimPath = '%PROGRAMDATA%\chocolatey\bin\ConfuserEx.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/confuserex.vm/tools/chocolateyuninstall.ps1 b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..aaf1ae341 --- /dev/null +++ b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ConfuserEx' +$category = 'Evasion' + +VM-Remove-Tool-Shortcut $toolName $category From 856d6a6a3b8d4c31163e3e3e4759fc24045b1952 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 1 Jun 2023 22:44:21 -0700 Subject: [PATCH 056/330] fixed shim path --- packages/confuserex.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/confuserex.vm/tools/chocolateyinstall.ps1 b/packages/confuserex.vm/tools/chocolateyinstall.ps1 index 599115e9c..56c9dd385 100644 --- a/packages/confuserex.vm/tools/chocolateyinstall.ps1 +++ b/packages/confuserex.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking try { $toolName = 'ConfuserEx' $category = 'Evasion' - $shimPath = '%PROGRAMDATA%\chocolatey\bin\ConfuserEx.exe' + $shimPath = 'bin\ConfuserEx.exe' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category $shortcut = Join-Path $shortcutDir "$toolName.lnk" From f5c5d2d66d0c69a4d7a7125c16ee3db4dda97870 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:03:40 -0700 Subject: [PATCH 057/330] Update outflank-c2-tool-collection.vm.nuspec --- .../outflank-c2-tool-collection.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec index a8ce5f780..78ffea986 100644 --- a/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec +++ b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec @@ -1,7 +1,7 @@ - outflank-c2-collection.vm + outflank-c2-tool-collection.vm 0.0.0.20230530 outflank Contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. From 50f2fa585bc8938ca68235525081b1ac581008c4 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:07:01 -0700 Subject: [PATCH 058/330] fixed name and category --- .../situational-awareness-bof.vm.nuspec} | 0 .../tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename packages/{situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec => situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec} (100%) rename packages/{situational-awareness-bofs.vm => situational-awareness-bof.vm}/tools/chocolateyinstall.ps1 (91%) rename packages/{situational-awareness-bofs.vm => situational-awareness-bof.vm}/tools/chocolateyuninstall.ps1 (81%) diff --git a/packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec b/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec similarity index 100% rename from packages/situational-awareness-bofs.vm/situational-awareness-bofs.vm.nuspec rename to packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 similarity index 91% rename from packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 rename to packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 index aef2f76c8..3113fd26d 100644 --- a/packages/situational-awareness-bofs.vm/tools/chocolateyinstall.ps1 +++ b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Command & Control' +$category = 'Information Gathering' $zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip' $zipSha256 = 'e3673d7e41ad6d36ca7d6d44821f68238aae9968e062acb6d96fc7663c87bbdb' diff --git a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 similarity index 81% rename from packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 rename to packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 index 23df50916..7eedba5e7 100644 --- a/packages/situational-awareness-bofs.vm/tools/chocolateyuninstall.ps1 +++ b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Command & Control' +$category = 'Information Gathering' VM-Uninstall $toolName $category From cfca3212ab67bbada3bdf3112ce9936358cbc8c2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 18:19:05 +0000 Subject: [PATCH 059/330] Add dotnettojscript.vm Closes https://github.com/mandiant/VM-Packages/issues/395. --- .../dotnettojscript.vm/dotnettojscript.vm.nuspec | 12 ++++++++++++ .../dotnettojscript.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../dotnettojscript.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/dotnettojscript.vm/dotnettojscript.vm.nuspec create mode 100644 packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec new file mode 100644 index 000000000..505e850be --- /dev/null +++ b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec @@ -0,0 +1,12 @@ + + + + dotnettojscript.vm + 0.0.0.20230602 + James Forshaw + A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class. + + + + + diff --git a/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..1ab5fb51c --- /dev/null +++ b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotNetToJScript' +$category = 'Evasion' + +$zipUrl = 'https://github.com/tyranid/DotNetToJScript/archive/4dbe155912186f9574cb1889386540ba0e80c316.zip' +$zipSha256 = '12566bdfced108fafba97548c59c07be55988beb1c1e970e62bf40ddaebc4a0a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..ef73ca3ba --- /dev/null +++ b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotNetToJScript' +$category = 'Evasion' + +VM-Uninstall $toolName $category From ea93e7a6cbd92a1197268617e324799e215bbdbc Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 18:23:14 +0000 Subject: [PATCH 060/330] Add gadgettojscript.vm Closes https://github.com/mandiant/VM-Packages/issues/397. --- .../gadgettojscript.vm/gadgettojscript.vm.nuspec | 12 ++++++++++++ .../gadgettojscript.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../gadgettojscript.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/gadgettojscript.vm/gadgettojscript.vm.nuspec create mode 100644 packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec new file mode 100644 index 000000000..4593217c8 --- /dev/null +++ b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec @@ -0,0 +1,12 @@ + + + + gadgettojscript.vm + 2.0 + med0x2e + A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts. + + + + + diff --git a/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bcd5ae960 --- /dev/null +++ b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GadgetToJScript' +$category = 'Evasion' + +$zipUrl = 'https://github.com/med0x2e/GadgetToJScript/archive/98f50984015c29eecb11c6c4ddc3c2cc3a6669da.zip' +$zipSha256 = '093451115744beec90e7de4efc61857361b56d16a3a31d78182a8c7ef675938b' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..aa752ee70 --- /dev/null +++ b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GadgetToJScript' +$category = 'Evasion' + +VM-Uninstall $toolName $category From 7f0a9fa8c54b8447a98a5fcfd2cd5eb33d62fb5a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 18:43:30 +0000 Subject: [PATCH 061/330] Add sharpup.vm Closes https://github.com/mandiant/VM-Packages/issues/399. --- packages/sharpup.vm/sharpup.vm.nuspec | 12 ++++++++++++ packages/sharpup.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpup.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpup.vm/sharpup.vm.nuspec create mode 100644 packages/sharpup.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpup.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpup.vm/sharpup.vm.nuspec b/packages/sharpup.vm/sharpup.vm.nuspec new file mode 100644 index 000000000..1802dbdfe --- /dev/null +++ b/packages/sharpup.vm/sharpup.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpup.vm + 0.0.0.20230602 + harmj0y + SharpUp is a C# port of various PowerUp functionality for auditing potential privilege escalation paths. + + + + + diff --git a/packages/sharpup.vm/tools/chocolateyinstall.ps1 b/packages/sharpup.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..462d8ab07 --- /dev/null +++ b/packages/sharpup.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpUp' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/GhostPack/SharpUp/archive/7e172961002125417a0f8a8447de0cb579f7d0e8.zip' +$zipSha256 = '6bf0c25dcd322f3f058d474f827ab3b772cbd7e8ad1a0010a0b8fda3d2a0a761' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpup.vm/tools/chocolateyuninstall.ps1 b/packages/sharpup.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..916c541df --- /dev/null +++ b/packages/sharpup.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpUp' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From bfe4763203080d024c6587bb3dddf11852a0407d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 20:16:17 +0000 Subject: [PATCH 062/330] Add spoolsample.vm Closes https://github.com/mandiant/VM-Packages/issues/401. --- packages/spoolsample.vm/spoolsample.vm.nuspec | 12 ++++++++++++ packages/spoolsample.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../spoolsample.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/spoolsample.vm/spoolsample.vm.nuspec create mode 100644 packages/spoolsample.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/spoolsample.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/spoolsample.vm/spoolsample.vm.nuspec b/packages/spoolsample.vm/spoolsample.vm.nuspec new file mode 100644 index 000000000..508324c6f --- /dev/null +++ b/packages/spoolsample.vm/spoolsample.vm.nuspec @@ -0,0 +1,12 @@ + + + + spoolsample.vm + 0.0.0.20230602 + tifkin_, harmj0y, enigma0x3 + PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. + + + + + diff --git a/packages/spoolsample.vm/tools/chocolateyinstall.ps1 b/packages/spoolsample.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..dac0b5460 --- /dev/null +++ b/packages/spoolsample.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SpoolSample' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/leechristensen/SpoolSample/archive/688971e69cbe9240ea84bdd38f732dd9817110f8.zip' +$zipSha256 = '1e5f54b9317ac053fe51e373b3e3b830573e2d14612bf4a038750a6c6284fb3d' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 b/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4c4531c41 --- /dev/null +++ b/packages/spoolsample.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SpoolSample' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From ab716cec8bca5328133150b733f7f2539e20defc Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 20:18:52 +0000 Subject: [PATCH 063/330] Add sharpview.vm Closes https://github.com/mandiant/VM-Packages/issues/403. --- packages/sharpview.vm/sharpview.vm.nuspec | 12 ++++++++++++ packages/sharpview.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpview.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpview.vm/sharpview.vm.nuspec create mode 100644 packages/sharpview.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpview.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpview.vm/sharpview.vm.nuspec b/packages/sharpview.vm/sharpview.vm.nuspec new file mode 100644 index 000000000..4a83450ba --- /dev/null +++ b/packages/sharpview.vm/sharpview.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpview.vm + 0.0.0.20230602 + tevora + .NET port of PowerView used for information gathering within Active Directory + + + + + diff --git a/packages/sharpview.vm/tools/chocolateyinstall.ps1 b/packages/sharpview.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d8118c15c --- /dev/null +++ b/packages/sharpview.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpView' +$category = 'Information Gathering' + +$zipUrl = 'https://github.com/tevora-threat/SharpView/archive/b60456286b41bb055ee7bc2a14d645410cca9b74.zip' +$zipSha256 = '1e5f54b9317ac053fe51e373b3e3b830573e2d14612bf4a038750a6c6284fb3d' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpview.vm/tools/chocolateyuninstall.ps1 b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d89b12729 --- /dev/null +++ b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpView' +$category = 'Information Gathering' + +VM-Uninstall $toolName $category From b15cec1a747d298fa8e7d4962db14d93f9d5af98 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 2 Jun 2023 20:23:44 +0000 Subject: [PATCH 064/330] Add seatbelt.vm Closes https://github.com/mandiant/VM-Packages/issues/405. --- packages/seatbelt.vm/seatbelt.vm.nuspec | 12 ++++++++++++ packages/seatbelt.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/seatbelt.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/seatbelt.vm/seatbelt.vm.nuspec create mode 100644 packages/seatbelt.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/seatbelt.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/seatbelt.vm/seatbelt.vm.nuspec b/packages/seatbelt.vm/seatbelt.vm.nuspec new file mode 100644 index 000000000..7a2b4ed30 --- /dev/null +++ b/packages/seatbelt.vm/seatbelt.vm.nuspec @@ -0,0 +1,12 @@ + + + + seatbelt.vm + 1.2.0 + harmj0y, tifkin_ + Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. + + + + + diff --git a/packages/seatbelt.vm/tools/chocolateyinstall.ps1 b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..066e73af7 --- /dev/null +++ b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SeatBelt' +$category = 'Information Gathering' + +$zipUrl = 'https://github.com/GhostPack/Seatbelt/archive/96bd958cf45e3d877d842ce20906e1aa5fdc91c8.zip' +$zipSha256 = '05f6da0d0b77adfae105f2030862882fc8790cf47d98ec053762b9ac99250184' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..561a786c7 --- /dev/null +++ b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SeatBelt' +$category = 'Information Gathering' + +VM-Uninstall $toolName $category From f4d1ff84a70f88b982b19b0f9dd92df7e3b79380 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Fri, 2 Jun 2023 13:30:41 -0700 Subject: [PATCH 065/330] Update hash --- packages/sharpview.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sharpview.vm/tools/chocolateyinstall.ps1 b/packages/sharpview.vm/tools/chocolateyinstall.ps1 index d8118c15c..fb9413164 100644 --- a/packages/sharpview.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharpview.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'SharpView' $category = 'Information Gathering' $zipUrl = 'https://github.com/tevora-threat/SharpView/archive/b60456286b41bb055ee7bc2a14d645410cca9b74.zip' -$zipSha256 = '1e5f54b9317ac053fe51e373b3e3b830573e2d14612bf4a038750a6c6284fb3d' +$zipSha256 = 'b5b2dd91fe22f56fb846d849052fc3205f177cbd067069e6d829e38eea0aca49' VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 From 11eb43344c96e6bdcbb48c95ad25bc7a15d26fae Mon Sep 17 00:00:00 2001 From: vm-packages Date: Sat, 3 Jun 2023 00:04:23 +0000 Subject: [PATCH 066/330] Add sharphound.vm Closes https://github.com/mandiant/VM-Packages/issues/407. --- packages/sharphound.vm/sharphound.vm.nuspec | 12 ++++++++++++ packages/sharphound.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharphound.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharphound.vm/sharphound.vm.nuspec create mode 100644 packages/sharphound.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharphound.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharphound.vm/sharphound.vm.nuspec b/packages/sharphound.vm/sharphound.vm.nuspec new file mode 100644 index 000000000..c46d91f44 --- /dev/null +++ b/packages/sharphound.vm/sharphound.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharphound.vm + 1.1.1 + specterops + SharpHound is an Active Directory ingester tool for BloodHound. + + + + + diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..21049902e --- /dev/null +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpHound' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.1/SharpHound-v1.1.1.zip' +$zipSha256 = '224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 diff --git a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8d9d65c01 --- /dev/null +++ b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpHound' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From c884b9a36cc7e1f3ee1a19ec3d269c0a4d4611d3 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Sat, 3 Jun 2023 17:48:23 +0000 Subject: [PATCH 067/330] Add routesixtysink.vm Closes https://github.com/mandiant/VM-Packages/issues/410. --- packages/routesixtysink.vm/routesixtysink.vm.nuspec | 12 ++++++++++++ .../routesixtysink.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../routesixtysink.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/routesixtysink.vm/routesixtysink.vm.nuspec create mode 100644 packages/routesixtysink.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/routesixtysink.vm/routesixtysink.vm.nuspec b/packages/routesixtysink.vm/routesixtysink.vm.nuspec new file mode 100644 index 000000000..aa167d230 --- /dev/null +++ b/packages/routesixtysink.vm/routesixtysink.vm.nuspec @@ -0,0 +1,12 @@ + + + + routesixtysink.vm + 0.0.0.20230603 + Dillon Franke, Michael Maturi + Route Sixty-Sink is an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. + + + + + diff --git a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..830b5538f --- /dev/null +++ b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'RouteSixtySink' +$category = 'Web Application' + +$zipUrl = 'https://github.com/mandiant/route-sixty-sink/archive/59195003c84d75fabf6cc573c233dfb60d631f8a.zip' +$zipSha256 = '860df7a6f8b8b135e27e731d1cc11a61837a390fc7da46652f82920040802f15' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..62b15c33b --- /dev/null +++ b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'RouteSixtySink' +$category = 'Web Application' + +VM-Uninstall $toolName $category From 79c08f597f95230dae84d822dcc02c2842688fb4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 5 Jun 2023 15:10:49 +0200 Subject: [PATCH 068/330] dnspyex.vm: Fix dnSpy Install dnSpyEx directly instead of using the community package as it does not install both 64 and 32 versions. Add shortcuts for both GUI applications (in addition to the console app that was already created). --- packages/dnspyex.vm/dnspyex.vm.nuspec | 3 +-- .../dnspyex.vm/tools/chocolateyinstall.ps1 | 18 ++++++++++++++---- .../dnspyex.vm/tools/chocolateyuninstall.ps1 | 12 ++++++++++-- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec index 34bfc8b0c..d9d5fee3f 100644 --- a/packages/dnspyex.vm/dnspyex.vm.nuspec +++ b/packages/dnspyex.vm/dnspyex.vm.nuspec @@ -2,12 +2,11 @@ dnspyex.vm - 6.3.0.20230526 + 6.3.0.20230605 0xd4d, ElektroKill dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. - diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 index cd0e5a8b3..c02650748 100644 --- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 @@ -2,12 +2,22 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking try { - $toolName = 'dnSpyEx' + $toolName = 'dnSpy' $category = 'dotNet' - $shimPath = 'bin\dnSpy.Console.exe' - $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve - VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true -arguments $null + $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.3.0/dnSpy-netframework.zip" + $zipSha256 = "122df37b8668eb38be1c139cb244185824ff0f2ab4b4c81862a8397c6c2e7f1f" + $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0] + + $toolNameX86 = "$toolName-x86" + $executablePathX86 = Join-Path $toolDir "$toolNameX86.exe" -Resolve + VM-Install-Shortcut $toolNameX86 $category $executablePathX86 + Install-BinFile -Name $toolNameX86 -Path $executablePathX86 + + $toolNameConsole = "$toolName.Console" + $executablePathConsole = Join-Path $toolDir "$toolNameConsole.exe" -Resolve + VM-Install-Shortcut $toolNameConsole $category $executablePathConsole -consoleApp $true -arguments $null + Install-BinFile -Name $toolNameConsole -Path $executablePathConsole } catch { VM-Write-Log-Exception $_ } diff --git a/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 b/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 index 603675ac6..783985d3c 100644 --- a/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyuninstall.ps1 @@ -1,7 +1,15 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'dnSpyEx' +$toolName = 'dnSpy' $category = 'dotNet' -VM-Remove-Tool-Shortcut $toolName $category +VM-Uninstall $toolName $category + +$toolNameX86 = "$toolName-x86" +VM-Remove-Tool-Shortcut $toolNameX86 $category +Uninstall-BinFile -Name $toolNameX86 + +$toolNameConsole = "$toolName.Console" +VM-Remove-Tool-Shortcut $toolNameConsole $category +Uninstall-BinFile -Name $toolNameConsole From 1718ff3b7cd77d486712e2acbc7def6435d8ffa2 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 5 Jun 2023 15:27:19 +0200 Subject: [PATCH 069/330] innoextract.vm: Add innoextract --- packages/innoextract.vm/innoextract.vm.nuspec | 12 ++++++++++++ packages/innoextract.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../innoextract.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/innoextract.vm/innoextract.vm.nuspec create mode 100644 packages/innoextract.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/innoextract.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/innoextract.vm/innoextract.vm.nuspec b/packages/innoextract.vm/innoextract.vm.nuspec new file mode 100644 index 000000000..df7bcbcf9 --- /dev/null +++ b/packages/innoextract.vm/innoextract.vm.nuspec @@ -0,0 +1,12 @@ + + + + innoextract.vm + 1.9 + Daniel Scharrer + A tool to extract Inno Setup installers. + + + + + diff --git a/packages/innoextract.vm/tools/chocolateyinstall.ps1 b/packages/innoextract.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..139415a55 --- /dev/null +++ b/packages/innoextract.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innoextract' +$category = 'Utilities' + +$zipUrl = 'https://constexpr.org/innoextract/files/innoextract-1.9/innoextract-1.9-windows.zip' +$zipSha256 = '6989342c9b026a00a72a38f23b62a8e6a22cc5de69805cf47d68ac2fec993065' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/innoextract.vm/tools/chocolateyuninstall.ps1 b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..c8fc6faa4 --- /dev/null +++ b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innoextract' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 2a9660fc9b4f0ff0069a0ec2bcae3f848f0059d9 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 5 Jun 2023 16:59:05 +0200 Subject: [PATCH 070/330] innounp.vm: Add innounp --- packages/innounp.vm/innounp.vm.nuspec | 12 ++++++++++++ packages/innounp.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/innounp.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/innounp.vm/innounp.vm.nuspec create mode 100644 packages/innounp.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/innounp.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/innounp.vm/innounp.vm.nuspec b/packages/innounp.vm/innounp.vm.nuspec new file mode 100644 index 000000000..338842ddf --- /dev/null +++ b/packages/innounp.vm/innounp.vm.nuspec @@ -0,0 +1,12 @@ + + + + innounp.vm + 0.50 + QuickeneR, Ariman + Unpacker for Inno Setup installers. + + + + + diff --git a/packages/innounp.vm/tools/chocolateyinstall.ps1 b/packages/innounp.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..88c41e1bb --- /dev/null +++ b/packages/innounp.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innounp' +$category = 'Utilities' + +$exeUrl = 'https://github.com/WhatTheBlock/innounp/releases/download/v0.50/innounp.exe' +$exeSha256 = '9b72ad9f93d167652a0e2bf3921abdfd3e6747c5e718461a2e58b9dfacd31f4c' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/innounp.vm/tools/chocolateyuninstall.ps1 b/packages/innounp.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..805972b92 --- /dev/null +++ b/packages/innounp.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'innounp' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 08cd68b01aa0f8cb918bc043956417b15aa19bc3 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 5 Jun 2023 12:47:06 -0700 Subject: [PATCH 071/330] Update chocolateyinstall.ps1 --- packages/sharphound.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 index 21049902e..f484fe5ce 100644 --- a/packages/sharphound.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' -$category = 'Exploitation' +$category = 'Information Gathering' $zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.1/SharpHound-v1.1.1.zip' $zipSha256 = '224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b' From aa60322956c8cb8dae0b331ff70ab127b03e02ec Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 5 Jun 2023 12:47:17 -0700 Subject: [PATCH 072/330] Update chocolateyuninstall.ps1 --- packages/sharphound.vm/tools/chocolateyuninstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 index 8d9d65c01..638187e54 100644 --- a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' -$category = 'Exploitation' +$category = 'Information Gathering' VM-Uninstall $toolName $category From 3b10afe69467d8904c0d3d45e50727fbd31735b0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 6 Jun 2023 09:17:19 +0000 Subject: [PATCH 073/330] Update azurehound.vm to 2.0.4 --- packages/azurehound.vm/azurehound.vm.nuspec | 2 +- packages/azurehound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 0b328ccf7..02eda7086 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.0.3 + 2.0.4 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index 0459b337a..ae84ca951 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' $category = 'Cloud' -$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.3/azurehound-windows-amd64.zip' -$zipSha256 = 'c75860ece74b95e60f94aec5fd02e78b9579846bc1c35413d37a8344ef081834' +$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.4/azurehound-windows-amd64.zip' +$zipSha256 = 'd1748d7bac190f14dc4a95cb872870ee0ebf57e6bdc000bb011fb4d92b0f500d' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From 2ca739034b0add54b1f1ae3b8e5863d7aabdff50 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 6 Jun 2023 09:18:51 +0000 Subject: [PATCH 074/330] Update cyberchef.vm to 10.4.0.20230606 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index d7aba5dea..87c5487ca 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.4.0.20230531 + 10.4.0.20230606 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + From 8f0a39ca7655effb87300e0382265b4196a4874a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 6 Jun 2023 09:19:25 +0000 Subject: [PATCH 075/330] Update floss.vm to 2.3.0 --- packages/floss.vm/floss.vm.nuspec | 2 +- packages/floss.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/floss.vm/floss.vm.nuspec b/packages/floss.vm/floss.vm.nuspec index 9ef552cd9..febb53e25 100755 --- a/packages/floss.vm/floss.vm.nuspec +++ b/packages/floss.vm/floss.vm.nuspec @@ -2,7 +2,7 @@ floss.vm - 2.2.0 + 2.3.0 FLOSS uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries. @williballenthin, @mr-tz diff --git a/packages/floss.vm/tools/chocolateyinstall.ps1 b/packages/floss.vm/tools/chocolateyinstall.ps1 index 3fa374681..ab2f222fe 100755 --- a/packages/floss.vm/tools/chocolateyinstall.ps1 +++ b/packages/floss.vm/tools/chocolateyinstall.ps1 @@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'FLOSS' $category = 'Utilities' -$zipUrl = "https://github.com/mandiant/flare-floss/releases/download/v2.2.0/floss-v2.2.0-windows.zip" -$zipSha256 = "edc206110a62bba4c27ff245d93e66d237c74c27f98ae05b9478151fbaed8aee" +$zipUrl = "https://github.com/mandiant/flare-floss/releases/download/v2.3.0/floss-v2.3.0-windows.zip" +$zipSha256 = "30afca951815545e68c76feae0675127fe742e5b3b16f75ba751aef3985ab053" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true From 38c5922d9547ecadf4381e172148aea6b35f161e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 6 Jun 2023 11:20:34 +0200 Subject: [PATCH 076/330] pestudio.vm: Update to fix broken hash pestudio has been updated breaking the hash. --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index e98e91c7f..0b8136145 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.51 + 9.52 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index cbc776fd9..36ee7b208 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'pestudio' $category = 'PE' $zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio.zip' -$zipSha256 = '338DEF87BBAEBAC4D18B8A4B74A8445E3F8FE21E741F92701F705A9749250818' +$zipSha256 = 'b2018f1ec8df54f2b4c1df659a13cfa8b5b41fa5da18b24c9793c44289420c0a' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 2635dd7d1980be8297249238455c4b0d5700fcd7 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 6 Jun 2023 15:45:58 +0000 Subject: [PATCH 077/330] Add dll-to-exe.vm Closes https://github.com/mandiant/VM-Packages/issues/426. --- packages/dll-to-exe.vm/dll-to-exe.vm.nuspec | 12 ++++++++++++ packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/dll-to-exe.vm/dll-to-exe.vm.nuspec create mode 100644 packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec b/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec new file mode 100644 index 000000000..d5ceeec97 --- /dev/null +++ b/packages/dll-to-exe.vm/dll-to-exe.vm.nuspec @@ -0,0 +1,12 @@ + + + + dll-to-exe.vm + 1.1 + hasherezade + Converts a DLL into a ready-to-use EXE + + + + + diff --git a/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..9168dda79 --- /dev/null +++ b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dll_to_exe' +$category = 'PE' + +$exeUrl = 'https://github.com/hasherezade/dll_to_exe/releases/download/v1.1/dll_to_exe.exe' +$exeSha256 = '930c29f3f36443d6e3ecf3fa2e9c39251f0e66a1e1c0e290ed8c1cf0cc7789f8' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 diff --git a/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 b/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0849bae40 --- /dev/null +++ b/packages/dll-to-exe.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dll_to_exe' +$category = 'PE' + +VM-Uninstall $toolName $category From 482602725e5ec8c7ad892c405b409a13432cbaa0 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 6 Jun 2023 18:06:38 +0200 Subject: [PATCH 078/330] dll-to-exe.vm: Install as console app Related: https://github.com/mandiant/VM-Packages/issues/415 --- packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 index 9168dda79..6edb1737b 100644 --- a/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 +++ b/packages/dll-to-exe.vm/tools/chocolateyinstall.ps1 @@ -7,4 +7,4 @@ $category = 'PE' $exeUrl = 'https://github.com/hasherezade/dll_to_exe/releases/download/v1.1/dll_to_exe.exe' $exeSha256 = '930c29f3f36443d6e3ecf3fa2e9c39251f0e66a1e1c0e290ed8c1cf0cc7789f8' -VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From 2e748360b51d72d92dac023d8cb689ec14c2fa87 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 6 Jun 2023 12:13:54 +0200 Subject: [PATCH 079/330] idr.vm: Add IDR Add the Interactive Delphi Reconstructor (IDR): https://github.com/crypto2011/IDR This tool is distributed in an unusual way: > IDR dont require any installations, just copy idr.exe, dis.dll, > icons.dll, idr.ico and *.bin files to IDR home directory. Message > "Cannot Initialize Disasm" means that file dis.dll is absent. !!! > Knowledge bases for various Delphi versions can be found at: > https://drive.google.com/drive/folders/1IBsO1_O9xGHkPPV9Pnqkq2uoFmuak5C7?usp=sharing Because of this, we can't use the helper functions. Downloading files from Google Drive doesn't seem to work always, continue if downloading any knowledge base fails. --- packages/idr.vm/idr.vm.nuspec | 12 +++ packages/idr.vm/tools/chocolateyinstall.ps1 | 79 +++++++++++++++++++ packages/idr.vm/tools/chocolateyuninstall.ps1 | 7 ++ 3 files changed, 98 insertions(+) create mode 100644 packages/idr.vm/idr.vm.nuspec create mode 100644 packages/idr.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/idr.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/idr.vm/idr.vm.nuspec b/packages/idr.vm/idr.vm.nuspec new file mode 100644 index 000000000..d68e3fa8d --- /dev/null +++ b/packages/idr.vm/idr.vm.nuspec @@ -0,0 +1,12 @@ + + + + idr.vm + 0.0.0.20230606 + crypto + Interactive Delphi Reconstructor + + + + + diff --git a/packages/idr.vm/tools/chocolateyinstall.ps1 b/packages/idr.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..88b64a48d --- /dev/null +++ b/packages/idr.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,79 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # The way of distributing this tool is unusual, so we can't use the helper functions + $toolName = 'idr' + $category = 'Delphi' + + $zipUrl = 'https://github.com/crypto2011/IDR/archive/a404dda53283788330ec5548515536d51c5724a4.zip' + $zipSha256 = '7cf9d3909011c0eaac48d51dd52553dfedd6959373cecf21739feebd08ea7ab1' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + + # Create a temp directory to download zip + $tempDownloadDir = Join-Path ${Env:chocolateyPackageFolder} "temp_$([guid]::NewGuid())" + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $tempDownloadDir + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs | Out-Null + VM-Assert-Path $tempDownloadDir + + # Get the unzipped directory + $unzippedDir = (Get-ChildItem -Directory $tempDownloadDir | Where-Object {$_.PSIsContainer} | Select-Object -f 1).FullName + + # Create tool directory and copy needed files to it + New-Item -Path $toolDir -ItemType Directory -Force | Out-Null + Move-Item "$unzippedDir\bin\idr.exe" $toolDir -Force + Move-Item "$unzippedDir\bin\dis.dll" $toolDir -Force + Move-Item "$unzippedDir\bin\Icons.dll" $toolDir -Force + Move-Item "$unzippedDir\*.bin" $toolDir -Force + + # Attempt to remove temporary directory + Remove-Item $tempDownloadDir -Recurse -Force -ea 0 + + $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath + + # Download knowledge bases, continue if failure as Google Drive may not work for all or them + $ErrorActionPreference = 'Continue' + $bases = @(@{url="https://drive.google.com/u/0/uc?id=1LDXNcyMShVrtb12ie_8w4RnxWiae4VDt&export=download"; sha256 = "a7218634770de83c4461065d73135709b6381020708a9146905d3b4e3cd01d43"}, # kb2014 + @{url="https://drive.google.com/u/0/uc?id=1czqvxZ15KlLXVKxWvjsSUIte_P4iqb6l&export=download"; sha256 = "54da759a2a62e857af287116ff29032a7a937ec5b771f5db48fe31febb764859"}, # kb2013 + @{url="https://drive.google.com/u/0/uc?id=1NbMPUGSCF7NpoIeu6vOuP0-JB9U6ND7Y&export=download"; sha256 = "b242ebad6a7a8894ad9d3469874b5514ee2f37a79c73b262b6142dde404aebb6"}, # kb2012 + @{url="https://drive.google.com/u/0/uc?id=1ekuPj49n6yTM_vTizdaiDt7WbOkge8Qd&export=download"; sha256 = "7e3d7e4445f49d2e2a7cb67243c344bdb9bfaf06c7ba6a01094fb47736102b54"}, # kb2011 + @{url="https://drive.google.com/u/0/uc?id=1OKEwms_zUsMJxGJGCDVkGfBhLV_lUPgy&export=download"; sha256 = "95800f4ead2c1bcb71017dbcdff0046d41f6e6e19cebcb594e0010f7e7e5de90"}, # kb2010 + @{url="https://drive.google.com/u/0/uc?id=16PREPxK6gJINAFC7TvS4k6qtXiZ71aEr&export=download"; sha256 = "0fcf0195f9aecee75be23af760eb3da6971a3a796f579ebdbe8735ba2788739e"}, # kb2009 + @{url="https://drive.google.com/u/0/uc?id=1q3bGNWyvmFTS1RUOzTZUIgwLKYJKsvJZ&export=download"; sha256 = "ff4ffc528f8773320e47fc4d8cc96a5caed810e75d8eb94936efcf880dd86bb3"}, # kb2007 + @{url="https://drive.google.com/u/0/uc?id=1dy1_sSnrWyXy-jwfTlL7ObXk7dHJLfcZ&export=download"; sha256 = "16a7b97f727c14343bf93fb095c275c6e3915c47025b2e1e904a4273b2d676d8"}, # kb2006 + @{url="https://drive.google.com/u/0/uc?id=1pVfkrTC3Cb3e_FxdF5uiATvHmIo93mPO&export=download"; sha256 = "025f07f121c32dc23e552a80fc2f8a2382e04f0b35c86f22185aad7d7694ff2b"}, # kb2005 + @{url="https://drive.google.com/u/0/uc?id=1bvkbANJW9GH9MgCslBBmwPPgiSiDcqVd&export=download"; sha256 = "1913e7964da828496e1a37f562c9e1dbe7cde049b4306185ccc5d28d450c865b"}, # kb7 + @{url="https://drive.google.com/u/0/uc?id=1QshJJ0QI9q4BPrD2nbQhrauiI3tLV7AB&export=download"; sha256 = "62cc81a522afa5334ee1507a4167247cc0a7d452ca8d36bbe2e2d973af5098c6"}, # kb6 + @{url="https://drive.google.com/u/0/uc?id=11eV8O6JME_Hz1UeW-PE8nYE9hVtsRJIb&export=download"; sha256 = "d49dea3261d75c177b61e3942ecfe61396aa05d363eb8ed93d01ca795620c5a5"}, # kb5 + @{url="https://drive.google.com/u/0/uc?id=132cKFOvCJQDp5Bewuf5uIh41s0ab5zaT&export=download"; sha256 = "9c2ab31261946082d47f859687b0e62415803f5c50516d9a80ef9bf8291bb1f4"}, # kb4 + @{url="https://drive.google.com/u/0/uc?id=1gui9JmWa7MaEWUZnMcE1DTg_K3qgFoCO&export=download"; sha256 = "1df45abfb839300b1ec555ca77a841caa4b9d83727e0f2c18f3b42ca0fe82ef9"}, # kb3 + @{url="https://drive.google.com/u/0/uc?id=1Y2jlfb1Lqu21K4QofSyE3APFvZM6ijH3&export=download"; sha256 = "afbdeb2dc8ac38e9ef69c6b22542bbbd50287256b3eb497e5294440b95c15e7b"}) # kb2 + foreach ($base in $bases) { + try { + $packageArgs = @{ + packageName = "${Env:ChocolateyPackageName}.$($base.Substring(0,6))" + unzipLocation = $toolDir + url = $base.url + checksum = $base.sha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs | Out-Null + } catch { + Write-Host "`t[!] Failed to download knowledge base from $($base.url)" -ForegroundColor Red + } + } + exit 0 +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/idr.vm/tools/chocolateyuninstall.ps1 b/packages/idr.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4677a2edb --- /dev/null +++ b/packages/idr.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'idr' +$category = 'Delphi' + +VM-Uninstall $toolName $category From cd32367509d8c84cc4e027385eb4e3f3e11fb5cb Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 7 Jun 2023 08:08:57 +0200 Subject: [PATCH 080/330] Chocolatey 2: Do not used removed shims and args Some of our packages do not work with Chocolatey 2. --- .github/workflows/ci.yml | 2 +- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 4 ++-- packages/flarevm.installer.vm/flarevm.installer.vm.nuspec | 2 +- packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36285bd70..ca23b7dd8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,5 +54,5 @@ jobs: Set-Location built_pkgs foreach ($package in $built_pkgs) { - cpush -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package + choco push -s "https://www.myget.org/F/vm-packages/api/v2" -k ${{ secrets.MYGET_TOKEN }} $package } diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 118d5baff..7a12d7c22 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230526 + 0.0.0.20230606 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 56b36748e..33a487bda 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -840,8 +840,8 @@ Common Environment Variables $diskInfo = Get-CimInstance -ClassName Win32_LogicalDisk | Out-String $psInfo = $PSVersionTable.PSVersion $psInfoClr = $PSVersionTable.CLRVersion - $chocoInfo = chocolatey --version - $installedPackages = chocolatey list -l -r -all + $chocoInfo = choco --version + $installedPackages = choco list -r $boxstarerInfo = $installedPackages | Select-String -Pattern "Boxstarter" | Out-String $installedPackages = $installedPackages | Out-String diff --git a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec index 71e3b5038..a94aca931 100644 --- a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec +++ b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec @@ -2,7 +2,7 @@ flarevm.installer.vm - 0.0.0.20221201 + 0.0.0.20230606 FLARE VM Installer FLARE Generic installer for Mandiant's custom virtual machines. Originally created by FLARE for FLARE VM, a malware analysis environment. diff --git a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 index 6985d2fcd..e733b7b2e 100644 --- a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 @@ -3,8 +3,8 @@ $global:VerbosePreference = "SilentlyContinue" Import-Module vm.common -Force -DisableNameChecking function Get-InstalledPackages { - if (Get-Command clist -ErrorAction:SilentlyContinue) { - chocolatey list -l -r -all | ForEach-Object { + if (Get-Command choco -ErrorAction:SilentlyContinue) { + choco list -r | ForEach-Object { $Name, $Version = $_ -split '\|' New-Object -TypeName psobject -Property @{ 'Name' = $Name @@ -60,7 +60,7 @@ try { } } - $installedPackages = chocolatey list -l -r -all | Out-String + $installedPackages = choco list -r | Out-String VM-Write-Log "INFO" "Packages installed:`n$installedPackages" # Write each failed package to failure file From 54f00cd7947ca50997c819645825af6347d0fb1c Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:16:33 +0000 Subject: [PATCH 081/330] Update cyberchef.vm to 10.4.0.20230614 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 87c5487ca..e7a370194 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.4.0.20230606 + 10.4.0.20230614 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + From 8c47a77c00e017d079f61b1f45c93b0dc43d25f5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:17:09 +0000 Subject: [PATCH 082/330] Update dnspyex.vm to 6.4.0 --- packages/dnspyex.vm/dnspyex.vm.nuspec | 2 +- packages/dnspyex.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec index d9d5fee3f..859e16e1a 100644 --- a/packages/dnspyex.vm/dnspyex.vm.nuspec +++ b/packages/dnspyex.vm/dnspyex.vm.nuspec @@ -2,7 +2,7 @@ dnspyex.vm - 6.3.0.20230605 + 6.4.0 0xd4d, ElektroKill dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 index c02650748..369ab3b07 100644 --- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'dnSpy' $category = 'dotNet' - $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.3.0/dnSpy-netframework.zip" - $zipSha256 = "122df37b8668eb38be1c139cb244185824ff0f2ab4b4c81862a8397c6c2e7f1f" + $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.0/dnSpy-netframework.zip" + $zipSha256 = "103233b20688839046221bd1d0bd145c820e6a145e39a2c6c63a1ca360f230b8" $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0] $toolNameX86 = "$toolName-x86" From 98297b2ad1436d2e327a764ab8f64e4d0f905e13 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:17:38 +0000 Subject: [PATCH 083/330] Update exiftool.vm to 12.63.0 --- packages/exiftool.vm/exiftool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 884d43444..391731a86 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.62 + 12.63.0 Phil Harvey A tool for reeding and writing file metadata - + From 5b077cccea80b925e931a308e52887b4af89b8bf Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:21:24 +0000 Subject: [PATCH 084/330] Update ilspy.vm to 8.0.0 --- packages/ilspy.vm/ilspy.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec index c1c3b17e1..3657b7d6d 100644 --- a/packages/ilspy.vm/ilspy.vm.nuspec +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -2,12 +2,12 @@ ilspy.vm - 8.0 + 8.0.0 SharpDevelop Team The open-source .NET assembly browser and decompiler. - + From cd949932263a7c2ce455d5d1bc6fdf71bae788c2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:21:53 +0000 Subject: [PATCH 085/330] Update nasm.vm to 2.16.1 --- packages/nasm.vm/nasm.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/nasm.vm/nasm.vm.nuspec b/packages/nasm.vm/nasm.vm.nuspec index 478a174bf..bc7223af5 100644 --- a/packages/nasm.vm/nasm.vm.nuspec +++ b/packages/nasm.vm/nasm.vm.nuspec @@ -2,12 +2,12 @@ nasm.vm - 2.16.01.20230531 + 2.16.1 NASM Authors Netwide Assembler - + From 0faa1745ce538b913ac4ffee2ba5960f53b8cde5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:23:38 +0000 Subject: [PATCH 086/330] Update nmap.vm to 7.93.20230418.20230614 --- packages/nmap.vm/nmap.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/nmap.vm/nmap.vm.nuspec b/packages/nmap.vm/nmap.vm.nuspec index 89a90dd6d..352bef9e0 100644 --- a/packages/nmap.vm/nmap.vm.nuspec +++ b/packages/nmap.vm/nmap.vm.nuspec @@ -2,13 +2,13 @@ nmap.vm - 7.93.20230418.20230517 + 7.93.20230418.20230614 Fyodor, Nmap Project Port scanning utility and nc replacement with extended features - + From cbf066b05f5d4926b746755e6468a8fab8e7c3d7 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:26:20 +0000 Subject: [PATCH 087/330] Update npcap.vm to 1.72.20230614 --- packages/npcap.vm/npcap.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/npcap.vm/npcap.vm.nuspec b/packages/npcap.vm/npcap.vm.nuspec index b54eac7f8..b88e7b962 100644 --- a/packages/npcap.vm/npcap.vm.nuspec +++ b/packages/npcap.vm/npcap.vm.nuspec @@ -2,12 +2,12 @@ npcap.vm - 1.72 + 1.72.20230614 Nmap Project Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver. - + From 674c009843dcf8f68197f46b4d64e75296494211 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:30:44 +0000 Subject: [PATCH 088/330] Update putty.vm to 0.78.0 --- packages/putty.vm/putty.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/putty.vm/putty.vm.nuspec b/packages/putty.vm/putty.vm.nuspec index 5d4f24e7e..e179e60b6 100644 --- a/packages/putty.vm/putty.vm.nuspec +++ b/packages/putty.vm/putty.vm.nuspec @@ -2,12 +2,12 @@ putty.vm - 0.78 + 0.78.0 Simon Tatham PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. - + From 2b5c192a485c81b413620a151f9d4c9bf9149c85 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:30:51 +0000 Subject: [PATCH 089/330] Update python3.vm to 3.11.4 --- packages/python3.vm/python3.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/python3.vm/python3.vm.nuspec b/packages/python3.vm/python3.vm.nuspec index a1df8a2e7..761610705 100644 --- a/packages/python3.vm/python3.vm.nuspec +++ b/packages/python3.vm/python3.vm.nuspec @@ -2,12 +2,12 @@ python3.vm - 3.11.3 + 3.11.4 Metapackage to install Python3 Python Software Foundation - + From 8e2e47442601ddf808b14a6aa9916d10142f2b00 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:32:49 +0000 Subject: [PATCH 090/330] Update sysinternals.vm to 2023.6.7 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index d2267d52d..3176d1c4f 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.5.24 + 2023.6.7 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From 48b5d3a549df35847b91f79dc87889d91e65d2f5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:43:30 +0000 Subject: [PATCH 091/330] Update vcbuildtools.vm to 0.0.0.20230614 --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 61b64cab0..59f31db05 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20230426 + 0.0.0.20230614 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From 49cd8bc934b40ffd6291d489dcc6991f28c0c240 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 14 Jun 2023 07:46:03 +0000 Subject: [PATCH 092/330] Update yara.vm to 4.3.2 --- packages/yara.vm/yara.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/yara.vm/yara.vm.nuspec b/packages/yara.vm/yara.vm.nuspec index 8a42fef8c..85527efeb 100644 --- a/packages/yara.vm/yara.vm.nuspec +++ b/packages/yara.vm/yara.vm.nuspec @@ -2,12 +2,12 @@ yara.vm - 4.3.1 + 4.3.2 Victor M. Alvarez, others The pattern matching swiss knife - + From 8b1f403d580ca85842096417091649610e0b98c4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 14 Jun 2023 20:28:56 +0200 Subject: [PATCH 093/330] ci: Add consoleApp argument to issue template Add consoleApp argument to issue template to allow us to create common package types without any manual modification. --- .github/ISSUE_TEMPLATE/new_package.yml | 20 ++++++++++++++++---- scripts/utils/create_package_template.py | 14 ++++++++++---- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index ad7608398..3d6fc3cd0 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -32,16 +32,28 @@ body: label: Package type description: | This is needed to know how to send the automatic PR. - ZIP_EXE - An executable tool distributed in a ZIP file - SINGLE_EXE - An executable tool distributed via direct/raw download - SINGLE_PS1 - A PowerShell script distributed via direct/raw download - GITHUB_REPO - Download a GitHub repository based on a specific commit hash + `ZIP_EXE` - An executable tool distributed in a ZIP file + `SINGLE_EXE` - An executable tool distributed via direct/raw download + `SINGLE_PS1` - A PowerShell script distributed via direct/raw download + `GITHUB_REPO` - Download a GitHub repository based on a specific commit hash options: - ZIP_EXE - SINGLE_EXE - SINGLE_PS1 - GITHUB_REPO - OTHER/UNKNOWN + - type: dropdown + id: console_app + validations: + required: true + attributes: + label: Is the tool a console application? + description: | + The tool is a console application, the shortcut should run it with `cmd /K $toolPath --help` to be able to see the output. + Only supported by package types `ZIP_EXE` and `SINGLE_EXE`. + options: + - 'false' + - 'true' - type: input id: version attributes: diff --git a/scripts/utils/create_package_template.py b/scripts/utils/create_package_template.py index 6dc1317d7..31c2c48b4 100755 --- a/scripts/utils/create_package_template.py +++ b/scripts/utils/create_package_template.py @@ -71,7 +71,7 @@ def package_version(dependency_version): """ Needs the following format strings: - tool_name="...", category="...", target_url="...", target_hash="..." + tool_name="...", category="...", target_url="...", target_hash="...", console_app="..." """ ZIP_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking @@ -82,7 +82,7 @@ def package_version(dependency_version): $zipUrl = '{target_url}' $zipSha256 = '{target_hash}' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp ${console_app} """ """ @@ -125,7 +125,7 @@ def package_version(dependency_version): """ Needs the following format strings: - tool_name="...", category="...", target_url="...", target_hash="..." + tool_name="...", category="...", target_url="...", target_hash="...", console_app="..." """ SINGLE_EXE_TEMPLATE = r"""$ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking @@ -136,7 +136,7 @@ def package_version(dependency_version): $exeUrl = '{target_url}' $exeSha256 = '{target_hash}' -VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp ${console_app} """ """ @@ -209,6 +209,7 @@ def create_zip_exe_template(packages_path, **kwargs): category=kwargs.get("category"), target_url=kwargs.get("target_url"), target_hash=kwargs.get("target_hash"), + console_app=kwargs.get("console_app"), ) @@ -241,6 +242,7 @@ def create_single_exe_template(packages_path, **kwargs): category=kwargs.get("category"), target_url=kwargs.get("target_url"), target_hash=kwargs.get("target_hash"), + console_app=kwargs.get("console_app"), ) @@ -274,6 +276,7 @@ def create_template( target_hash="", shim_path="", dependency="", + console_app="", ): pkg_path = os.path.join(packages_path, f"{pkg_name}.vm") try: @@ -307,6 +310,7 @@ def create_template( target_url=target_url, target_hash=target_hash, shim_path=shim_path, + console_app=console_app, ) ) @@ -352,6 +356,7 @@ def get_script_directory(): "category", "target_url", "target_hash", + "console_app", ], }, "SINGLE_PS1": { @@ -467,6 +472,7 @@ def main(argv=None): parser.add_argument("--target_url", type=str, default="", help="URL to target file (zip or executable)") parser.add_argument("--target_hash", type=str, default="", help="SHA256 hash of target file (zip or executable)") parser.add_argument("--shim_path", type=str, default="", help="Metapackage shim path") + parser.add_argument("--console_app", type=str, default="false", choices=["false", "true"], help="The tool is a console application, the shortcut should run it with `cmd /K $toolPath --help` to be able to see the output.") args = parser.parse_args(args=argv) if args.type is None: From 12874ea27d64baa08f5b386f84e2662fe2c41d10 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 15 Jun 2023 07:48:09 +0000 Subject: [PATCH 094/330] Add GoResym.vm Closes https://github.com/mandiant/VM-Packages/issues/434. --- packages/goresym.vm/goresym.vm.nuspec | 12 ++++++++++++ packages/goresym.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/goresym.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/goresym.vm/goresym.vm.nuspec create mode 100644 packages/goresym.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/goresym.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/goresym.vm/goresym.vm.nuspec b/packages/goresym.vm/goresym.vm.nuspec new file mode 100644 index 000000000..27df62062 --- /dev/null +++ b/packages/goresym.vm/goresym.vm.nuspec @@ -0,0 +1,12 @@ + + + + goresym.vm + 2.4 + stevemk14ebr + Go symbol recovery tool + + + + + diff --git a/packages/goresym.vm/tools/chocolateyinstall.ps1 b/packages/goresym.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ce68dbb69 --- /dev/null +++ b/packages/goresym.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoReSym' +$category = 'Utilities' + +$zipUrl = 'https://github.com/mandiant/GoReSym/releases/download/v2.4/GoReSym-windows.zip' +$zipSha256 = '6d253e98fce443b5c818e0ae0c0f0a4e3587e0f0f7baf150383ead242e01babd' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/goresym.vm/tools/chocolateyuninstall.ps1 b/packages/goresym.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..f0c4d1e33 --- /dev/null +++ b/packages/goresym.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoReSym' +$category = 'Utilities' + +VM-Uninstall $toolName $category From e372e5896727f1773948e6a21481c9e7e4eec0a6 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 5 Jun 2023 17:37:35 +0200 Subject: [PATCH 095/330] ida.diaphora.vm: Add diaphora Note diaphora is a bit different than the existent packages, as doesn't contain an executable, but a Python script that needs to be run from IDA. We just unzip the tool files to the Tools directory. Adjust the helper `VM-Install-From-Zip` to support this case. I think we shouldn't add diaphora as default package for flare-vm, but I would like to install it myself. --- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 13 +++++++++---- packages/ida.diaphora.vm/ida.diaphora.vm.nuspec | 12 ++++++++++++ .../ida.diaphora.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 5 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 packages/ida.diaphora.vm/ida.diaphora.vm.nuspec create mode 100644 packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 7a12d7c22..ae032deb8 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230606 + 0.0.0.20230615 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 33a487bda..224d35953 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -323,9 +323,13 @@ function VM-Install-From-Zip { [Parameter(Mandatory=$false)] [bool] $consoleApp=$false, [Parameter(Mandatory=$false)] - [bool] $innerFolder=$false, # subfolder in zip with the app files + [bool] $innerFolder=$false, # Subfolder in zip with the app files [Parameter(Mandatory=$false)] - [string] $arguments = "--help" + [string] $arguments = "--help", + [Parameter(Mandatory=$false)] + [string] $executableName, # Executable name, needed if different from "$toolName.exe" + [Parameter(Mandatory=$false)] + [switch] $withoutBinFile # Tool should not be installed as a bin file ) try { $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName @@ -371,9 +375,10 @@ function VM-Install-From-Zip { } } - $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + if (-Not $executableName) { $executableName = "$toolName.exe" } + $executablePath = Join-Path $toolDir $executableName -Resolve VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments - Install-BinFile -Name $toolName -Path $executablePath + if (-Not $withoutBinFile) { Install-BinFile -Name $toolName -Path $executablePath } return $executablePath } catch { VM-Write-Log-Exception $_ diff --git a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec new file mode 100644 index 000000000..19a26eca0 --- /dev/null +++ b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec @@ -0,0 +1,12 @@ + + + + ida.diaphora.vm + 2.1.0 + joxeankoret + Diaphora is a program diffing tool that works as an IDA plugin. + + + + + diff --git a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b876d7508 --- /dev/null +++ b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'diaphora' + $category = 'Utilities' + $executableName = "diaphora.py" + + $zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/2.1.0.zip' + $zipSha256 = 'bd946942081b46991e8ee5a2788088110e0eef7649791c661ed41566d4dd2993' + + # Diaphora needs to be executed from IDA, do not install bin file + VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..43f920eb4 --- /dev/null +++ b/packages/ida.diaphora.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'diaphora' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 70f81f75fdc3a03d10e67803005de47f062a2f93 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 14:53:21 +0000 Subject: [PATCH 096/330] Add net-reactor-slayer.vm Closes https://github.com/mandiant/VM-Packages/issues/342. --- .../net-reactor-slayer.vm.nuspec | 13 +++++++++++++ .../tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec create mode 100644 packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec new file mode 100644 index 000000000..b6d00f4e7 --- /dev/null +++ b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec @@ -0,0 +1,13 @@ + + + + net-reactor-slayer.vm + 6.4.0.20230524 + SychicBoy + NETReactorSlayer is an open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor. + + + + + + diff --git a/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 b/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ca1ad73ec --- /dev/null +++ b/packages/net-reactor-slayer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'NETReactorSlayer' + $category = 'dotNet' + $shimPath = 'bin\NETReactorSlayer.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 b/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..7c1afe58e --- /dev/null +++ b/packages/net-reactor-slayer.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'NETReactorSlayer' +$category = 'dotNet' + +VM-Remove-Tool-Shortcut $toolName $category From 51532460914990de2628bd1a4052108d87e8d264 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 16 Jun 2023 14:55:01 +0200 Subject: [PATCH 097/330] ida.diaphora.vm: Fix common.vm version requirement - Require common.vm version >= 0.0.0.20230615, as this package uses new arguments of `VM-Install-From-Zip` and installation fails in previous versions. - Remove unneeded try-catch. --- .../ida.diaphora.vm/ida.diaphora.vm.nuspec | 5 +++-- .../tools/chocolateyinstall.ps1 | 18 +++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec index 19a26eca0..a5aa397d1 100644 --- a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec +++ b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec @@ -2,11 +2,12 @@ ida.diaphora.vm - 2.1.0 + 2.1.0.20230617 joxeankoret Diaphora is a program diffing tool that works as an IDA plugin. - + + diff --git a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 index b876d7508..647f0170c 100644 --- a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 +++ b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 @@ -1,16 +1,12 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking -try { - $toolName = 'diaphora' - $category = 'Utilities' - $executableName = "diaphora.py" +$toolName = 'diaphora' +$category = 'Utilities' +$executableName = "diaphora.py" - $zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/2.1.0.zip' - $zipSha256 = 'bd946942081b46991e8ee5a2788088110e0eef7649791c661ed41566d4dd2993' +$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/2.1.0.zip' +$zipSha256 = 'bd946942081b46991e8ee5a2788088110e0eef7649791c661ed41566d4dd2993' - # Diaphora needs to be executed from IDA, do not install bin file - VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile -} catch { - VM-Write-Log-Exception $_ -} +# Diaphora needs to be executed from IDA, do not install bin file +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile From 4727b81488c6bdf19c043e6e025eaf90b5dfd2e4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 16 Jun 2023 15:53:04 +0200 Subject: [PATCH 098/330] malware-jail.vm: Add malware-jail Ignore warnings while installing dependencies with npm to avoid failing the package. --- .../malware-jail.vm/malware-jail.vm.nuspec | 13 ++++++++++ .../tools/chocolateyinstall.ps1 | 24 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 ++++++ 3 files changed, 44 insertions(+) create mode 100644 packages/malware-jail.vm/malware-jail.vm.nuspec create mode 100644 packages/malware-jail.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/malware-jail.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/malware-jail.vm/malware-jail.vm.nuspec b/packages/malware-jail.vm/malware-jail.vm.nuspec new file mode 100644 index 000000000..77ed434f6 --- /dev/null +++ b/packages/malware-jail.vm/malware-jail.vm.nuspec @@ -0,0 +1,13 @@ + + + + malware-jail.vm + 0.0.0.20230616 + Hynek Petrak + Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. + + + + + + diff --git a/packages/malware-jail.vm/tools/chocolateyinstall.ps1 b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0fcdd497a --- /dev/null +++ b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,24 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'malware-jail' + $category = 'Javascript' + + $zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/52d580bd76e0e0fc3ff2543758bb8fc45355c668.zip' + $zipSha256 = '24a9312635b95e4ccc41d5719a67f0db23cd577a648f33c7dab5d47c249531fd' + # Install dependencies with npm when running shortcut as we ignore errors below + $powershellCommand = "npm install; node jailme.js -h -b list" + + $toolDir = VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + +} catch { + VM-Write-Log-Exception $_ +} + +# Prevent the following warning from failing the package: "npm WARN deprecated request@2.79.0" +$ErrorActionPreference = 'Continue' +# Get absolute path as npm is not in path until Powershell is restarted +$npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve +# Install tool dependencies with npm +Set-Location $toolDir; & "$npmPath" install | Out-Null diff --git a/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 b/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3f5dedaf3 --- /dev/null +++ b/packages/malware-jail.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'malware-jail' +$category = 'Javascript' + +VM-Uninstall $toolName $category From d91d4e065f2188d21f97977753bb0f7ead9460e4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 16 Jun 2023 16:56:15 +0200 Subject: [PATCH 099/330] common.vm: Correct documentation The documentation was not accurate and was getting me confused. --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index ae032deb8..b8cf64c79 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230615 + 0.0.0.20230616 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 224d35953..66fc7e892 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -181,7 +181,7 @@ function VM-New-Install-Log { return $outputFile } -# This functions returns $executablePath and $toolDir (outputed by Install-ChocolateyZipPackage) +# This functions returns $toolDir function VM-Install-Raw-GitHub-Repo { [CmdletBinding()] Param @@ -303,7 +303,7 @@ function VM-Install-Shortcut{ VM-Assert-Path $shortcut } -# This functions returns $executablePath and $toolDir (outputed by Install-ChocolateyZipPackage) +# This functions returns $toolDir (outputed by Install-ChocolateyZipPackage) and $executablePath function VM-Install-From-Zip { [CmdletBinding()] Param From edb12e95859694752ade5c271f7e2b6599b98798 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 19 Jun 2023 11:47:51 +0200 Subject: [PATCH 100/330] malware-jail.vm: Update to last version The last version corrects a typo. --- packages/malware-jail.vm/tools/chocolateyinstall.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/malware-jail.vm/tools/chocolateyinstall.ps1 b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 index 0fcdd497a..78a02c187 100644 --- a/packages/malware-jail.vm/tools/chocolateyinstall.ps1 +++ b/packages/malware-jail.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'malware-jail' $category = 'Javascript' - $zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/52d580bd76e0e0fc3ff2543758bb8fc45355c668.zip' - $zipSha256 = '24a9312635b95e4ccc41d5719a67f0db23cd577a648f33c7dab5d47c249531fd' + $zipUrl = 'https://github.com/HynekPetrak/malware-jail/archive/ec370f1433652fdd346995f1d6f00b26368aa611.zip' + $zipSha256 = '027b59bdb5c0b8b20ae348269b320b924be34c4cb4ae708704290e67c23e8d4d' # Install dependencies with npm when running shortcut as we ignore errors below $powershellCommand = "npm install; node jailme.js -h -b list" From 7708891266de85aaf726255011e14f67c959e641 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 19 Jun 2023 11:48:33 +0200 Subject: [PATCH 101/330] malware-jail.vm: Use newer nodejs Allow to use newer nodejs to see if this fixes GH action error. --- packages/malware-jail.vm/malware-jail.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/malware-jail.vm/malware-jail.vm.nuspec b/packages/malware-jail.vm/malware-jail.vm.nuspec index 77ed434f6..bd98e4c9b 100644 --- a/packages/malware-jail.vm/malware-jail.vm.nuspec +++ b/packages/malware-jail.vm/malware-jail.vm.nuspec @@ -7,7 +7,7 @@ Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. - + From 44d14aaa0fe497cea58707a85640490c6da02c5a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 20 Jun 2023 16:29:00 +0000 Subject: [PATCH 102/330] Add sliver.vm Closes https://github.com/mandiant/VM-Packages/issues/442. --- packages/sliver.vm/sliver.vm.nuspec | 12 ++++++++++++ packages/sliver.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sliver.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sliver.vm/sliver.vm.nuspec create mode 100644 packages/sliver.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sliver.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sliver.vm/sliver.vm.nuspec b/packages/sliver.vm/sliver.vm.nuspec new file mode 100644 index 000000000..739cabf25 --- /dev/null +++ b/packages/sliver.vm/sliver.vm.nuspec @@ -0,0 +1,12 @@ + + + + sliver.vm + 1.5.39 + bishopfox + Sliver is an open source cross-platform adversary emulation/red team framework. + + + + + diff --git a/packages/sliver.vm/tools/chocolateyinstall.ps1 b/packages/sliver.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..afd0bfa76 --- /dev/null +++ b/packages/sliver.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Sliver' +$category = 'Command & Control' + +$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.39/sliver-client_windows.exe' +$exeSha256 = '8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sliver.vm/tools/chocolateyuninstall.ps1 b/packages/sliver.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..bd1f1f601 --- /dev/null +++ b/packages/sliver.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Sliver' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From cdabdcac072a6579a2f9a95a460926b8ff2ec07c Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 04:43:55 +0000 Subject: [PATCH 103/330] Add gowitness.vm Closes https://github.com/mandiant/VM-Packages/issues/446. --- packages/gowitness.vm/gowitness.vm.nuspec | 12 ++++++++++++ packages/gowitness.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/gowitness.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/gowitness.vm/gowitness.vm.nuspec create mode 100644 packages/gowitness.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/gowitness.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/gowitness.vm/gowitness.vm.nuspec b/packages/gowitness.vm/gowitness.vm.nuspec new file mode 100644 index 000000000..c3f781a49 --- /dev/null +++ b/packages/gowitness.vm/gowitness.vm.nuspec @@ -0,0 +1,12 @@ + + + + gowitness.vm + 2.5.0 + sensepost + Website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. + + + + + diff --git a/packages/gowitness.vm/tools/chocolateyinstall.ps1 b/packages/gowitness.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3af8b6c05 --- /dev/null +++ b/packages/gowitness.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoWitness' +$category = 'Information Gathering' + +$exeUrl = 'https://github.com/sensepost/gowitness/releases/download/2.5.0/gowitness-2.5.0-windows-amd64.exe' +$exeSha256 = '6b563d157e5b6a0ffd7a360d97a00d55ea579ca6c7146c88f65e1de820e14097' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/gowitness.vm/tools/chocolateyuninstall.ps1 b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e8e844a0d --- /dev/null +++ b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GoWitness' +$category = 'Information Gathering' + +VM-Uninstall $toolName $category From 8a39c3914759217b0119102978ce317271105dd1 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 04:54:38 +0000 Subject: [PATCH 104/330] Add sharpdpapi.vm Closes https://github.com/mandiant/VM-Packages/issues/448. --- packages/sharpdpapi.vm/sharpdpapi.vm.nuspec | 12 ++++++++++++ packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpdpapi.vm/sharpdpapi.vm.nuspec create mode 100644 packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec b/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec new file mode 100644 index 000000000..04b4255d7 --- /dev/null +++ b/packages/sharpdpapi.vm/sharpdpapi.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpdpapi.vm + 1.11.3 + harmj0y + SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project. + + + + + diff --git a/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 b/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6e339e373 --- /dev/null +++ b/packages/sharpdpapi.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDPAPI' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/GhostPack/SharpDPAPI/archive/02992ff2c5c48f38602b096367c6107857dae8e9.zip' +$zipSha256 = 'dd0bd7ceedf87a6952c1e6d8c1865f434f316b187c3f783fe176ad323e7b0f81' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 b/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..a6efa6580 --- /dev/null +++ b/packages/sharpdpapi.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDPAPI' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 38c2e3a22233a5b8c136388aa2d4273171b11be0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 22:11:59 +0000 Subject: [PATCH 105/330] Update cygwin.vm to 3.4.7 --- packages/cygwin.vm/cygwin.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index 9b964716d..ed5e2a334 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.6 + 3.4.7 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + From 466c5605f60b62c7bda737d7e7239b6110a5642d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 22:13:33 +0000 Subject: [PATCH 106/330] Update ghidra.vm to 10.3.1 --- packages/ghidra.vm/ghidra.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index 0e8c61f73..bb07d1495 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,12 +2,12 @@ ghidra.vm - 10.3 + 10.3.1 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - + From cccad81e1b7cbf02fde96393f3da677f282117ed Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 22:14:27 +0000 Subject: [PATCH 107/330] Update net-reactor-slayer.vm to 6.4.0.20230621 --- packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec index b6d00f4e7..c324abf69 100644 --- a/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec +++ b/packages/net-reactor-slayer.vm/net-reactor-slayer.vm.nuspec @@ -2,12 +2,12 @@ net-reactor-slayer.vm - 6.4.0.20230524 + 6.4.0.20230621 SychicBoy NETReactorSlayer is an open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor. - + From eecc96d21b108afdf6a35fbd17d31863cbc04c18 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 22:15:11 +0000 Subject: [PATCH 108/330] Update notepadplusplus.vm to 8.5.4 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index ec3a34af2..f69142460 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.3 + 8.5.4 Wrapper for Notepad++ Don Ho - + From fca2eb274fc0c4fd0b5a4db2f43724ceaba6c4da Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 21 Jun 2023 22:30:58 +0000 Subject: [PATCH 109/330] Update vcbuildtools.vm to 0.0.0.20230621 --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 59f31db05..1a73e221d 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20230614 + 0.0.0.20230621 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From 02d4857a0270ca986518a22163ab99e77642b6bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ana=20Mar=C3=ADa=20Mart=C3=ADnez=20G=C3=B3mez?= Date: Thu, 22 Jun 2023 14:00:13 +0200 Subject: [PATCH 110/330] Update number of packages in the README.md Since we moved the failures to the wiki, we are not updating the number of packages in the README. This label used to be updated with every daily run. Updating it manually till we decide how we want to update it. See https://github.com/mandiant/VM-Packages/issues/440 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 873928de3..a9e77d972 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Packages](https://img.shields.io/badge/packages-66-blue.svg)](packages) +[![Packages](https://img.shields.io/badge/packages->100-blue.svg)](packages) [![CI](https://github.com/mandiant/VM-packages/workflows/CI/badge.svg)](https://github.com/mandiant/VM-packages/actions?query=workflow%3ACI+branch%3Amain) [![Daily run](https://github.com/mandiant/VM-packages/workflows/daily/badge.svg)](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures) From 8726a5a0bced36c22e8212b245ad4f3f921c537f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 22 Jun 2023 16:19:08 +0000 Subject: [PATCH 111/330] Add upx.vm Closes https://github.com/mandiant/VM-Packages/issues/440. --- packages/upx.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/upx.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ packages/upx.vm/upx.vm.nuspec | 12 ++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/upx.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/upx.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/upx.vm/upx.vm.nuspec diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..45df43d94 --- /dev/null +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'upx' +$category = 'Utilities' + +$zipUrl = 'https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win64.zip' +$zipSha256 = '325c58ea2ed375afbd4eeac0b26f15f98db0d75dea701205ca10d8bf4d2fdc24' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/upx.vm/tools/chocolateyuninstall.ps1 b/packages/upx.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9684090d7 --- /dev/null +++ b/packages/upx.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'upx' +$category = 'Utilities' + +VM-Uninstall $toolName $category diff --git a/packages/upx.vm/upx.vm.nuspec b/packages/upx.vm/upx.vm.nuspec new file mode 100644 index 000000000..0f3c9c2e2 --- /dev/null +++ b/packages/upx.vm/upx.vm.nuspec @@ -0,0 +1,12 @@ + + + + upx.vm + 4.0.2 + markus-oberhumer + UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. + + + + + From 1a455514c0efacdaf878e92a39363aa5a2a8f438 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ana=20Mar=C3=ADa=20Mart=C3=ADnez=20G=C3=B3mez?= Date: Fri, 23 Jun 2023 15:59:16 +0200 Subject: [PATCH 112/330] upx.vm: Add innerFolder argument The zip contains a folder with the EXE and other needed files. --- packages/upx.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 index 45df43d94..fdd38b2f1 100644 --- a/packages/upx.vm/tools/chocolateyinstall.ps1 +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -7,4 +7,4 @@ $category = 'Utilities' $zipUrl = 'https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win64.zip' $zipSha256 = '325c58ea2ed375afbd4eeac0b26f15f98db0d75dea701205ca10d8bf4d2fdc24' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true From 3c1a8f29c6eeab9576e7c04d496342498a9b2361 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 26 Jun 2023 18:00:09 +0200 Subject: [PATCH 113/330] pma-labs.vm: Add PMA Labs Folder with the Practical Malware Analysis Labs from https://github.com/mikesiko/PracticalMalwareAnalysis-Labs. --- packages/pma-labs.vm/pma-labs.vm.nuspec | 12 ++++++++++++ packages/pma-labs.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/pma-labs.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/pma-labs.vm/pma-labs.vm.nuspec create mode 100644 packages/pma-labs.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/pma-labs.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/pma-labs.vm/pma-labs.vm.nuspec b/packages/pma-labs.vm/pma-labs.vm.nuspec new file mode 100644 index 000000000..4b5029b7e --- /dev/null +++ b/packages/pma-labs.vm/pma-labs.vm.nuspec @@ -0,0 +1,12 @@ + + + + pma-labs.vm + 0.0.0.20230626 + Michael Sikorski + Binaries for the book Practical Malware Analysis + + + + + diff --git a/packages/pma-labs.vm/tools/chocolateyinstall.ps1 b/packages/pma-labs.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0fe24ea98 --- /dev/null +++ b/packages/pma-labs.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PMA-labs' +$category = 'Utilities' + +$zipUrl = 'https://raw.githubusercontent.com/mikesiko/PracticalMalwareAnalysis-Labs/5f55de02a10748247f7511dafaaf18a37d332ff5/PracticalMalwareAnalysis-Labs.exe' +$zipSha256 = '704138bec89cf9e7f00fbce100dbc09cf133d16dc0203806392f0e153c43c68c' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName "Practical Malware Analysis Labs\BinaryCollection" -withoutBinFile diff --git a/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 b/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4130a8f97 --- /dev/null +++ b/packages/pma-labs.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PMA-labs' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 7e015d93c3f3277c5ce806a9c39b4b3601bc5c06 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 26 Jun 2023 12:56:30 -0700 Subject: [PATCH 114/330] fixed package list bug --- packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 index e733b7b2e..0257bdbbb 100644 --- a/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking function Get-InstalledPackages { if (Get-Command choco -ErrorAction:SilentlyContinue) { - choco list -r | ForEach-Object { + powershell.exe "choco list -r" | ForEach-Object { $Name, $Version = $_ -split '\|' New-Object -TypeName psobject -Property @{ 'Name' = $Name From 6b1ca1494e8d39d0626ccb9dd21d796b82570403 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 26 Jun 2023 20:27:16 +0000 Subject: [PATCH 115/330] Add juicy-potato.vm Closes https://github.com/mandiant/VM-Packages/issues/450. --- packages/juicy-potato.vm/juicy-potato.vm.nuspec | 12 ++++++++++++ packages/juicy-potato.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../juicy-potato.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/juicy-potato.vm/juicy-potato.vm.nuspec create mode 100644 packages/juicy-potato.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/juicy-potato.vm/juicy-potato.vm.nuspec b/packages/juicy-potato.vm/juicy-potato.vm.nuspec new file mode 100644 index 000000000..dd2ac4439 --- /dev/null +++ b/packages/juicy-potato.vm/juicy-potato.vm.nuspec @@ -0,0 +1,12 @@ + + + + juicy-potato.vm + 0.1 + ohpe + A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM + + + + + diff --git a/packages/juicy-potato.vm/tools/chocolateyinstall.ps1 b/packages/juicy-potato.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..7ef85e97f --- /dev/null +++ b/packages/juicy-potato.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'JuicyPotato' +$category = 'Exploitation' + +$exeUrl = 'https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe' +$exeSha256 = '0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 b/packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d6dafbe7e --- /dev/null +++ b/packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'JuicyPotato' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 88c0fbbd6faca458ca17db3ab018cf5a9d5451f2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 26 Jun 2023 20:27:17 +0000 Subject: [PATCH 116/330] Add seclists.vm Closes https://github.com/mandiant/VM-Packages/issues/451. --- packages/seclists.vm/seclists.vm.nuspec | 12 ++++++++++++ packages/seclists.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/seclists.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/seclists.vm/seclists.vm.nuspec create mode 100644 packages/seclists.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/seclists.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/seclists.vm/seclists.vm.nuspec b/packages/seclists.vm/seclists.vm.nuspec new file mode 100644 index 000000000..0305385ac --- /dev/null +++ b/packages/seclists.vm/seclists.vm.nuspec @@ -0,0 +1,12 @@ + + + + seclists.vm + 2023.2 + danielmiessler + SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. + + + + + diff --git a/packages/seclists.vm/tools/chocolateyinstall.ps1 b/packages/seclists.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..477395270 --- /dev/null +++ b/packages/seclists.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SecLists' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/danielmiessler/SecLists/archive/refs/tags/2023.2.zip' +$zipSha256 = 'ecb58f0a4a311b152c6debbd0d699a14e42ea9b6d1964ef8fc06151b26c435a8' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/seclists.vm/tools/chocolateyuninstall.ps1 b/packages/seclists.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0ece0c264 --- /dev/null +++ b/packages/seclists.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SecLists' +$category = 'Wordlists' + +VM-Uninstall $toolName $category From 4a616ccd0614f1f740d6f7f2ad339d2338a6f355 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 26 Jun 2023 20:27:21 +0000 Subject: [PATCH 117/330] Add sharpwmi.vm Closes https://github.com/mandiant/VM-Packages/issues/452. --- packages/sharpwmi.vm/sharpwmi.vm.nuspec | 12 ++++++++++++ packages/sharpwmi.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpwmi.vm/sharpwmi.vm.nuspec create mode 100644 packages/sharpwmi.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpwmi.vm/sharpwmi.vm.nuspec b/packages/sharpwmi.vm/sharpwmi.vm.nuspec new file mode 100644 index 000000000..a35df8e1c --- /dev/null +++ b/packages/sharpwmi.vm/sharpwmi.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpwmi.vm + 0.0.0.20230626 + HarmJ0y + SharpWMI is a C# implementation of various WMI functionality. + + + + + diff --git a/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..914eac5de --- /dev/null +++ b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpWMI' +$category = 'Information Gathering' + +$zipUrl = 'https://github.com/GhostPack/SharpWMI/archive/0600f57aeb4733ba6fec585388af2f1ac4483b58.zip' +$zipSha256 = '0dbdd04a8a62e16de40373ae416b732cd48fb642ac7b3ff243bb9580249058f5' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fe9bc5816 --- /dev/null +++ b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpWMI' +$category = 'Information Gathering' + +VM-Uninstall $toolName $category From ce157815664ab4aff43b6e34ac636b4f6f5f52de Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 26 Jun 2023 20:27:23 +0000 Subject: [PATCH 118/330] Add bloodhound-custom-queries.vm Closes https://github.com/mandiant/VM-Packages/issues/453. --- .../bloodhound-custom-queries.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec create mode 100644 packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec new file mode 100644 index 000000000..a4ade3b30 --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec @@ -0,0 +1,12 @@ + + + + bloodhound-custom-queries.vm + 0.0.0.20230626 + hausec + Custom Query list for the Bloodhound GUI based off my cheatsheet + + + + + diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..79cea829d --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BloodHound-Custom-Queries' +$category = 'Information Gathering' + +$zipUrl = 'https://github.com/hausec/Bloodhound-Custom-Queries/archive/7ef9099665aa82238bfd57d7a11c09cd4dd9381b.zip' +$zipSha256 = '78a71b9797506200b4c86bdad6799ba8c3519171353ce329dff5ff4fc703ddb0' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6b0c7b6d8 --- /dev/null +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BloodHound-Custom-Queries' +$category = 'Information Gathering' + +VM-Uninstall $toolName $category From 9b4424180221d1547b8ec5aa9fd60eaa0576b6ab Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 26 Jun 2023 13:46:01 -0700 Subject: [PATCH 119/330] updated package version --- packages/flarevm.installer.vm/flarevm.installer.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec index a94aca931..9aee17118 100644 --- a/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec +++ b/packages/flarevm.installer.vm/flarevm.installer.vm.nuspec @@ -2,7 +2,7 @@ flarevm.installer.vm - 0.0.0.20230606 + 0.0.0.20230626 FLARE VM Installer FLARE Generic installer for Mandiant's custom virtual machines. Originally created by FLARE for FLARE VM, a malware analysis environment. From 703c4190587ee97953fc25cbf5d14d4af6f71c1b Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 26 Jun 2023 17:27:01 +0200 Subject: [PATCH 120/330] upx.vm: Add 32 bit version UPX was added in #457 using the win64 version. There is also a win32 version, we can use both with the argument `zipUrl_64` of `VM-Install-From-Zip`. --- packages/upx.vm/tools/chocolateyinstall.ps1 | 8 +++++--- packages/upx.vm/upx.vm.nuspec | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 index fdd38b2f1..ad3818fa5 100644 --- a/packages/upx.vm/tools/chocolateyinstall.ps1 +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,9 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'upx' $category = 'Utilities' -$zipUrl = 'https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win64.zip' -$zipSha256 = '325c58ea2ed375afbd4eeac0b26f15f98db0d75dea701205ca10d8bf4d2fdc24' +$zipUrl = "https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win32.zip" +$zipSha256 = "3f5b59252b0b657143ab945ce10fa0e5c4a509f69588695e11757cb1fc1b7eb7" +$zipUrl_64 = 'https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win64.zip' +$zipSha256_64 = '325c58ea2ed375afbd4eeac0b26f15f98db0d75dea701205ca10d8bf4d2fdc24' -VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -innerFolder $true +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64 -consoleApp $true -innerFolder $true diff --git a/packages/upx.vm/upx.vm.nuspec b/packages/upx.vm/upx.vm.nuspec index 0f3c9c2e2..a4314fd4d 100644 --- a/packages/upx.vm/upx.vm.nuspec +++ b/packages/upx.vm/upx.vm.nuspec @@ -2,7 +2,7 @@ upx.vm - 4.0.2 + 4.0.2.20230626 markus-oberhumer UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. From f864544f98f7a61d31011309e6c9416ea50253d3 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 27 Jun 2023 08:10:41 +0200 Subject: [PATCH 121/330] idr.vm: Install bases from GitHub The knowledge bases were only available in Google Drive. But Google drive is not meant to be used in scripts and downloading the files from Google Drive doesn't seem to always work. The maintainer of IDR has added the files to the GitHub repository and we can now take them from the downloaded zip file. --- packages/idr.vm/idr.vm.nuspec | 2 +- packages/idr.vm/tools/chocolateyinstall.ps1 | 42 ++++----------------- 2 files changed, 8 insertions(+), 36 deletions(-) diff --git a/packages/idr.vm/idr.vm.nuspec b/packages/idr.vm/idr.vm.nuspec index d68e3fa8d..8d66cd093 100644 --- a/packages/idr.vm/idr.vm.nuspec +++ b/packages/idr.vm/idr.vm.nuspec @@ -2,7 +2,7 @@ idr.vm - 0.0.0.20230606 + 0.0.0.20230627 crypto Interactive Delphi Reconstructor diff --git a/packages/idr.vm/tools/chocolateyinstall.ps1 b/packages/idr.vm/tools/chocolateyinstall.ps1 index 88b64a48d..02dbb1df1 100644 --- a/packages/idr.vm/tools/chocolateyinstall.ps1 +++ b/packages/idr.vm/tools/chocolateyinstall.ps1 @@ -6,8 +6,8 @@ try { $toolName = 'idr' $category = 'Delphi' - $zipUrl = 'https://github.com/crypto2011/IDR/archive/a404dda53283788330ec5548515536d51c5724a4.zip' - $zipSha256 = '7cf9d3909011c0eaac48d51dd52553dfedd6959373cecf21739feebd08ea7ab1' + $zipUrl = 'https://github.com/crypto2011/IDR/archive/da98ef6871b75303bcf1a5acc692e38178c7833e.zip' + $zipSha256 = 'ea779489a868deb811e403398ec3c1b65484f60811f5fff95a0ae42563b68caf' $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName @@ -34,45 +34,17 @@ try { Move-Item "$unzippedDir\bin\dis.dll" $toolDir -Force Move-Item "$unzippedDir\bin\Icons.dll" $toolDir -Force Move-Item "$unzippedDir\*.bin" $toolDir -Force + # Copy all knowledge bases + $zippedBases = Get-ChildItem -Path $unzippedDir -Recurse -Filter "kb*.7z" | ForEach-Object { $_.FullName } + foreach ($zippedBase in $zippedBases) { + Get-ChocolateyUnzip -FileFullPath $zippedBase -Destination $toolDir + } # Attempt to remove temporary directory Remove-Item $tempDownloadDir -Recurse -Force -ea 0 $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath - - # Download knowledge bases, continue if failure as Google Drive may not work for all or them - $ErrorActionPreference = 'Continue' - $bases = @(@{url="https://drive.google.com/u/0/uc?id=1LDXNcyMShVrtb12ie_8w4RnxWiae4VDt&export=download"; sha256 = "a7218634770de83c4461065d73135709b6381020708a9146905d3b4e3cd01d43"}, # kb2014 - @{url="https://drive.google.com/u/0/uc?id=1czqvxZ15KlLXVKxWvjsSUIte_P4iqb6l&export=download"; sha256 = "54da759a2a62e857af287116ff29032a7a937ec5b771f5db48fe31febb764859"}, # kb2013 - @{url="https://drive.google.com/u/0/uc?id=1NbMPUGSCF7NpoIeu6vOuP0-JB9U6ND7Y&export=download"; sha256 = "b242ebad6a7a8894ad9d3469874b5514ee2f37a79c73b262b6142dde404aebb6"}, # kb2012 - @{url="https://drive.google.com/u/0/uc?id=1ekuPj49n6yTM_vTizdaiDt7WbOkge8Qd&export=download"; sha256 = "7e3d7e4445f49d2e2a7cb67243c344bdb9bfaf06c7ba6a01094fb47736102b54"}, # kb2011 - @{url="https://drive.google.com/u/0/uc?id=1OKEwms_zUsMJxGJGCDVkGfBhLV_lUPgy&export=download"; sha256 = "95800f4ead2c1bcb71017dbcdff0046d41f6e6e19cebcb594e0010f7e7e5de90"}, # kb2010 - @{url="https://drive.google.com/u/0/uc?id=16PREPxK6gJINAFC7TvS4k6qtXiZ71aEr&export=download"; sha256 = "0fcf0195f9aecee75be23af760eb3da6971a3a796f579ebdbe8735ba2788739e"}, # kb2009 - @{url="https://drive.google.com/u/0/uc?id=1q3bGNWyvmFTS1RUOzTZUIgwLKYJKsvJZ&export=download"; sha256 = "ff4ffc528f8773320e47fc4d8cc96a5caed810e75d8eb94936efcf880dd86bb3"}, # kb2007 - @{url="https://drive.google.com/u/0/uc?id=1dy1_sSnrWyXy-jwfTlL7ObXk7dHJLfcZ&export=download"; sha256 = "16a7b97f727c14343bf93fb095c275c6e3915c47025b2e1e904a4273b2d676d8"}, # kb2006 - @{url="https://drive.google.com/u/0/uc?id=1pVfkrTC3Cb3e_FxdF5uiATvHmIo93mPO&export=download"; sha256 = "025f07f121c32dc23e552a80fc2f8a2382e04f0b35c86f22185aad7d7694ff2b"}, # kb2005 - @{url="https://drive.google.com/u/0/uc?id=1bvkbANJW9GH9MgCslBBmwPPgiSiDcqVd&export=download"; sha256 = "1913e7964da828496e1a37f562c9e1dbe7cde049b4306185ccc5d28d450c865b"}, # kb7 - @{url="https://drive.google.com/u/0/uc?id=1QshJJ0QI9q4BPrD2nbQhrauiI3tLV7AB&export=download"; sha256 = "62cc81a522afa5334ee1507a4167247cc0a7d452ca8d36bbe2e2d973af5098c6"}, # kb6 - @{url="https://drive.google.com/u/0/uc?id=11eV8O6JME_Hz1UeW-PE8nYE9hVtsRJIb&export=download"; sha256 = "d49dea3261d75c177b61e3942ecfe61396aa05d363eb8ed93d01ca795620c5a5"}, # kb5 - @{url="https://drive.google.com/u/0/uc?id=132cKFOvCJQDp5Bewuf5uIh41s0ab5zaT&export=download"; sha256 = "9c2ab31261946082d47f859687b0e62415803f5c50516d9a80ef9bf8291bb1f4"}, # kb4 - @{url="https://drive.google.com/u/0/uc?id=1gui9JmWa7MaEWUZnMcE1DTg_K3qgFoCO&export=download"; sha256 = "1df45abfb839300b1ec555ca77a841caa4b9d83727e0f2c18f3b42ca0fe82ef9"}, # kb3 - @{url="https://drive.google.com/u/0/uc?id=1Y2jlfb1Lqu21K4QofSyE3APFvZM6ijH3&export=download"; sha256 = "afbdeb2dc8ac38e9ef69c6b22542bbbd50287256b3eb497e5294440b95c15e7b"}) # kb2 - foreach ($base in $bases) { - try { - $packageArgs = @{ - packageName = "${Env:ChocolateyPackageName}.$($base.Substring(0,6))" - unzipLocation = $toolDir - url = $base.url - checksum = $base.sha256 - checksumType = 'sha256' - } - Install-ChocolateyZipPackage @packageArgs | Out-Null - } catch { - Write-Host "`t[!] Failed to download knowledge base from $($base.url)" -ForegroundColor Red - } - } - exit 0 } catch { VM-Write-Log-Exception $_ } From 6314f3fa54c1ca7ca8cea1e0b4f9225a7bd2c1db Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 28 Jun 2023 19:44:53 +0000 Subject: [PATCH 122/330] Update cyberchef.vm to 10.4.0.20230628 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index e7a370194..74cb352ac 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.4.0.20230614 + 10.4.0.20230628 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + From a963f5cbef553f8ed173d3fb884deb6116b3b151 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 28 Jun 2023 19:45:29 +0000 Subject: [PATCH 123/330] Update exiftool.vm to 12.64.0 --- packages/exiftool.vm/exiftool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 391731a86..09eeb20e4 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.63.0 + 12.64.0 Phil Harvey A tool for reeding and writing file metadata - + From 790021905e2470200649abddd8a5a0469dffea21 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 28 Jun 2023 19:47:43 +0000 Subject: [PATCH 124/330] Update ilspy.vm to 8.0.0.20230628 --- packages/ilspy.vm/ilspy.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec index 3657b7d6d..27316b8f4 100644 --- a/packages/ilspy.vm/ilspy.vm.nuspec +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -2,12 +2,12 @@ ilspy.vm - 8.0.0 + 8.0.0.20230628 SharpDevelop Team The open-source .NET assembly browser and decompiler. - + From 10de9c608e3e150680e5a4dc931a1a255a3bf6f1 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 28 Jun 2023 19:54:48 +0000 Subject: [PATCH 125/330] Update sliver.vm to 1.5.40 --- packages/sliver.vm/sliver.vm.nuspec | 2 +- packages/sliver.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sliver.vm/sliver.vm.nuspec b/packages/sliver.vm/sliver.vm.nuspec index 739cabf25..6e9862887 100644 --- a/packages/sliver.vm/sliver.vm.nuspec +++ b/packages/sliver.vm/sliver.vm.nuspec @@ -2,7 +2,7 @@ sliver.vm - 1.5.39 + 1.5.40 bishopfox Sliver is an open source cross-platform adversary emulation/red team framework. diff --git a/packages/sliver.vm/tools/chocolateyinstall.ps1 b/packages/sliver.vm/tools/chocolateyinstall.ps1 index afd0bfa76..7f2fd0a22 100644 --- a/packages/sliver.vm/tools/chocolateyinstall.ps1 +++ b/packages/sliver.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Sliver' $category = 'Command & Control' -$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.39/sliver-client_windows.exe' -$exeSha256 = '8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12' +$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.40/sliver-client_windows.exe' +$exeSha256 = '48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From dcd107ccbbd691d78ef97b115594156414152a1d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 28 Jun 2023 19:56:27 +0000 Subject: [PATCH 126/330] Update sysinternals.vm to 2023.6.27 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index 3176d1c4f..e78005c91 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.6.7 + 2023.6.27 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From 70caaddaf0d7a406ce0637fd695a4e3643cc2701 Mon Sep 17 00:00:00 2001 From: svch0stz <8684257+svch0stz@users.noreply.github.com> Date: Thu, 29 Jun 2023 15:35:40 +1000 Subject: [PATCH 127/330] Update pstudio checksum --- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index 36ee7b208..3402f11e0 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'pestudio' $category = 'PE' $zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio.zip' -$zipSha256 = 'b2018f1ec8df54f2b4c1df659a13cfa8b5b41fa5da18b24c9793c44289420c0a' +$zipSha256 = 'ded56a58d7c5e06453f22a875d6a58ec0c07031e1c0873acc06b288a2d9658d8' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 28a9ccc4ed3e140e1abb69f1daf14a68005d86c9 Mon Sep 17 00:00:00 2001 From: svch0stz <8684257+svch0stz@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:59:10 +1000 Subject: [PATCH 128/330] Update pestudio.vm.nuspec --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index 0b8136145..14729cb20 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.52 + 9.53 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. From 2f1f2b711b55cf016fd7015c40111efb344d53d8 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 29 Jun 2023 11:59:27 +0200 Subject: [PATCH 129/330] pestudio: Use new link that includes version pestudio uses now a link that includes the version and will exist for two months, giving us time to update without breaking the package. --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index 14729cb20..dfa14ea81 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.53 + 9.53.0.20230629 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index 3402f11e0..f9ecd5853 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio.zip' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip' $zipSha256 = 'ded56a58d7c5e06453f22a875d6a58ec0c07031e1c0873acc06b288a2d9658d8' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 068d8cdd0cb186b890f5ed7f23db7e1ffd4c51eb Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 29 Jun 2023 13:49:25 +0200 Subject: [PATCH 130/330] update_packages: Update version URLs Try to update generic URLs by increasing the version sequentially. Now the script is able to update tools like pestudio, 010editor, and npcap. --- .github/workflows/update_package.yml | 2 +- scripts/utils/update_package.py | 123 ++++++++++++++++++++++----- 2 files changed, 104 insertions(+), 21 deletions(-) diff --git a/.github/workflows/update_package.yml b/.github/workflows/update_package.yml index df8f92a77..ea7bad916 100644 --- a/.github/workflows/update_package.yml +++ b/.github/workflows/update_package.yml @@ -27,7 +27,7 @@ jobs: $package = $packagePath.Name $newVersion = 0 # Test indepdendly every type of update and commit what works - foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL')) { + foreach ($UPDATE_TYPE in ('DEPENDENCIES', 'GITHUB_URL', 'VERSION_URL')) { $version = python scripts\utils\update_package.py $package --update_type $UPDATE_TYPE $updated = $? echo "$package $version" diff --git a/scripts/utils/update_package.py b/scripts/utils/update_package.py index dede2b034..1d74c111b 100755 --- a/scripts/utils/update_package.py +++ b/scripts/utils/update_package.py @@ -30,6 +30,7 @@ def replace_version(latest_version, nuspec_content): return latest_version, re.sub("[^<]+", f"{latest_version}", nuspec_content) +# Get latest version from GitHub releases def get_latest_version(org, project, version): response = requests.get(f"https://api.github.com/repos/{org}/{project}/releases/latest") if not response.ok: @@ -39,32 +40,52 @@ def get_latest_version(org, project, version): return latest_version +# Get url response's content hash (SHA256) def get_sha256(url): - return hashlib.sha256(requests.get(url).content).hexdigest() + response = requests.get(url) + if not response.ok: + return None + return hashlib.sha256(response.content).hexdigest() +# Get first three segments of version (which can be preceded by `v`) +# For example: +# v1.2.3 -> 1.2.3 +# 1.2.3-p353 -> 1.2.3 +# 1.2.3.4 -> 1.2.3 +# v1.2 -> 1.2 +# 1 -> 1 def format_version(version): - # Get first three segments of version (which can be preceded by `v`) - # For example: - # v1.2.3 -> 1.2.3 - # 1.2.3-p353 -> 1.2.3 - # 1.2.3.4 -> 1.2.3 - # v1.2 -> 1.2 - # 1 -> 1 match = re.match("v?(?P\d+(.\d+){0,2})", version) if not match: raise ValueError(f"wrong version: {version}") return match.group("version") -def update_github_url(package): - chocolateyinstall_path = f"packages/{package}/tools/chocolateyinstall.ps1" +# Replace version in the package's nuspec file +def update_nuspec_version(package, latest_version): + nuspec_path = f"packages/{package}/{package}.nuspec" + with open(nuspec_path, "r") as file: + content = file.read() + latest_version, content = replace_version(latest_version, content) + with open(nuspec_path, "w") as file: + file.write(content) + + +# read the chocolateyinstall.ps1 package file +def get_install_script(package): + install_script_path = f"packages/{package}/tools/chocolateyinstall.ps1" try: - file = open(chocolateyinstall_path, "r") + file = open(install_script_path, "r") except FileNotFoundError: # chocolateyinstall.ps1 may not exist for metapackages - return None - content = file.read() + return (None, None) + return (install_script_path, file.read()) + + +# Update package using GitHub releases +def update_github_url(package): + install_script_path, content = get_install_script(package) # Use findall as some packages have two urls (for 32 and 64 bits), we need to update both # Match urls like https://github.com/mandiant/capa/releases/download/v4.0.1/capa-v4.0.1-windows.zip matches = re.findall( @@ -93,15 +114,71 @@ def update_github_url(package): content = content.replace(sha256, latest_sha256).replace(sha256.upper(), latest_sha256) content = content.replace(version, latest_version) - with open(chocolateyinstall_path, "w") as file: + with open(install_script_path, "w") as file: file.write(content) - nuspec_path = f"packages/{package}/{package}.nuspec" - with open(nuspec_path, "r") as file: - content = file.read() - latest_version, content = replace_version(latest_version, content) - with open(nuspec_path, "w") as file: + update_nuspec_version(package, latest_version) + + return latest_version + + +def get_increased_version(url, version): + version_list_original = version.split(".") + # Try all possible increased versions, for example for 12.0.1 + # ['12.0.1.1', '13', '13.0', '13.0.0', '13.0.0.0', '12.1', '12.1.0', '12.0.2'] + # New possible segment + versions = [ version + ".1"] + for i in range(len(version_list_original)): + version_list = version_list_original.copy() + version_list[i] = str(int(version_list[i]) + 1) + version_i = ".".join(version_list[:i+1]) + versions.append(version_i) + # Try max of 4 segments + for j in range(i, 3-i): + version_i += ".0" + versions.append(version_i) + for latest_version in versions: + latest_url = url.replace(version, latest_version) + latest_sha256 = get_sha256(latest_url) + if latest_sha256: + return (latest_version, latest_sha256) + return (None, None) + + +# Update package which uses a generic url that includes the version +def update_version_url(package): + install_script_path, content = get_install_script(package) + # Use findall as some packages have two urls (for 32 and 64 bits), we need to update both + # Match urls like: + # - https://download.sweetscape.com/010EditorWin32Installer12.0.1.exe + # - https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip + matches = re.findall("[\"'](https{0,1}://.+?[A-Za-z\-_]((?:\d{1,4}\.){1,3}\d{1,4})[\w\.\-]+)[\"']", content) + + # It doesn't include a download url with the version + if not matches: + return None + + latest_version = None + for url, version in matches: + latest_version_match, latest_sha256 = get_increased_version(url, version) + # No newer version available + if (not latest_version_match) or (latest_version_match == version): + return None + # The version of the 32 and 64 bit downloads need to be the same, we only have one nuspec + if latest_version and latest_version_match != latest_version: + return None + latest_version = latest_version_match + latest_url = url.replace(version, latest_version) + sha256 = get_sha256(url) + # Hash can be uppercase or downcase + content = content.replace(sha256, latest_sha256).replace(sha256.upper(), latest_sha256) + + content = content.replace(version, latest_version) + with open(install_script_path, "w") as file: file.write(content) + + update_nuspec_version(package, latest_version) + return latest_version @@ -146,7 +223,8 @@ def update_dependencies(package): class UpdateType(IntEnum): DEPENDENCIES = 1 GITHUB_URL = 2 - ALL = DEPENDENCIES | GITHUB_URL + VERSION_URL = 4 + ALL = DEPENDENCIES | GITHUB_URL | VERSION_URL def __str__(self): return self.name @@ -176,6 +254,11 @@ def from_str(string): if latest_version2: latest_version = latest_version2 + if args.update_type & UpdateType.VERSION_URL: + latest_version2 = update_version_url(args.package_name) + if latest_version2: + latest_version = latest_version2 + if not latest_version: exit(1) print(latest_version) From a70e51554cb291c6492215ee7de9f2cbafcc9c84 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 29 Jun 2023 16:24:54 +0200 Subject: [PATCH 131/330] update_packages: Fix bug in GH release update The file in the new release may not exit. Consider we are not able to get the hash, to avoid failing the script. --- scripts/utils/update_package.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/utils/update_package.py b/scripts/utils/update_package.py index 1d74c111b..72e025d4b 100755 --- a/scripts/utils/update_package.py +++ b/scripts/utils/update_package.py @@ -111,6 +111,8 @@ def update_github_url(package): sha256 = get_sha256(url) latest_sha256 = get_sha256(latest_url) # Hash can be uppercase or downcase + if not latest_sha256: + return None content = content.replace(sha256, latest_sha256).replace(sha256.upper(), latest_sha256) content = content.replace(version, latest_version) From cb8c088c912d5f5988031a3bfc7b7ef074d60243 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 30 Jun 2023 08:44:44 +0200 Subject: [PATCH 132/330] update_package: Show failing changes Show the changes that failed to install while updating packages to debug errors easily. --- .github/workflows/update_package.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update_package.yml b/.github/workflows/update_package.yml index ea7bad916..656cff2bd 100644 --- a/.github/workflows/update_package.yml +++ b/.github/workflows/update_package.yml @@ -41,6 +41,7 @@ jobs: $newVersion = $version } else { echo "$package $version FAILED" + git diff } } # Clean changes and built packages From 47709b5d10d4fe446d8a5822f7e85f80f15c8369 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 16 May 2023 16:03:45 +0200 Subject: [PATCH 133/330] Remove python3.vm This packages only install the dependency, then we can remove this package and use the dependency instead. In fact, we are already using the dependency directly in libraries.python3.vm Closes https://github.com/mandiant/VM-Packages/issues/301 --- packages/python3.vm/python3.vm.nuspec | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 packages/python3.vm/python3.vm.nuspec diff --git a/packages/python3.vm/python3.vm.nuspec b/packages/python3.vm/python3.vm.nuspec deleted file mode 100644 index 761610705..000000000 --- a/packages/python3.vm/python3.vm.nuspec +++ /dev/null @@ -1,13 +0,0 @@ - - - - python3.vm - 3.11.4 - Metapackage to install Python3 - Python Software Foundation - - - - - - From 06b7df29a4e53b059041eb4b22843558099ba137 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 16 May 2023 16:07:41 +0200 Subject: [PATCH 134/330] Remove libraries.python2.vm I think it is time to completely get rid of Python 2. Having only one libraries.python package saves as some work as we don't have to try to keep them in sync. This has been discussed in https://github.com/mandiant/VM-Packages/issues/308 --- .../libraries.python2.vm.nuspec | 17 ------- .../tools/chocolateyinstall.ps1 | 45 ------------------- .../tools/chocolateyuninstall.ps1 | 39 ---------------- .../libraries.python2.vm/tools/modules.xml | 21 --------- 4 files changed, 122 deletions(-) delete mode 100644 packages/libraries.python2.vm/libraries.python2.vm.nuspec delete mode 100644 packages/libraries.python2.vm/tools/chocolateyinstall.ps1 delete mode 100644 packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 delete mode 100644 packages/libraries.python2.vm/tools/modules.xml diff --git a/packages/libraries.python2.vm/libraries.python2.vm.nuspec b/packages/libraries.python2.vm/libraries.python2.vm.nuspec deleted file mode 100644 index fa1e82d24..000000000 --- a/packages/libraries.python2.vm/libraries.python2.vm.nuspec +++ /dev/null @@ -1,17 +0,0 @@ - - - - libraries.python2.vm - 0.0.0.20221203 - Metapackage to install common Python2 libraries - Mandiant, Microsoft, Python Software Foundation - - - - - - - - - - diff --git a/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 deleted file mode 100644 index b3f4c667f..000000000 --- a/packages/libraries.python2.vm/tools/chocolateyinstall.ps1 +++ /dev/null @@ -1,45 +0,0 @@ -$ErrorActionPreference = 'Continue' -Import-Module vm.common -Force -DisableNameChecking - -try { - $toolDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" - $modulesPath = Join-Path $toolDir "modules.xml" -Resolve - $modulesXml = [xml](Get-Content $modulesPath) - - # Create output file to log python module installation details - $outputFile = VM-New-Install-Log $toolDir - - # Upgrade pip - Invoke-Expression "py -2 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" - - $failures = @{} - $modules = $modulesXml.modules.module - foreach ($module in $modules) { - Write-Host "[+] Attempting to install Python2 module: $($module.name)" - $intallValue = $module.name - if ($module.url) { - $intallValue = $module.url - } - - Invoke-Expression "py -2 -m pip install $intallValue 2>&1 >> $outputFile" - - if ($LastExitCode -eq 0) { - Write-Host "`t[+] Installed Python2 module: $($module.name)" -ForegroundColor Green - } else { - Write-Host "`t[!] Failed to install Python2 module: $($module.name)" -ForegroundColor Red - $failures[$module.Name] = $true - } - } - - if ($failures.Keys.Count -gt 0) { - foreach ($module in $failures.Keys) { - VM-Write-Log "ERROR" "Failed to install Python2 module: $module" - } - $outputFile = $outputFile.replace('lib\', 'lib-bad\') - VM-Write-Log "ERROR" "Check $outputFile for more information" - exit 1 - } -} catch { - VM-Write-Log-Exception $_ -} - diff --git a/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 b/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 deleted file mode 100644 index 83aa2ba7f..000000000 --- a/packages/libraries.python2.vm/tools/chocolateyuninstall.ps1 +++ /dev/null @@ -1,39 +0,0 @@ -$ErrorActionPreference = 'Continue' -Import-Module vm.common -Force -DisableNameChecking - -try { - $toolDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" - $modulesPath = Join-Path $toolDir "modules.xml" -Resolve - $modulesXml = [xml](Get-Content $modulesPath) - - # Create output file to log python module uninstallation details - $outputFile = VM-New-Install-Log $toolDir - - # Upgrade pip - Invoke-Expression "py -2 -m pip install -qq --no-cache-dir --upgrade pip 2>&1 >> $outputFile" - - $success = $true - $modules = $modulesXml.modules.module - foreach ($module in $modules) { - VM-Write-Log "INFO" "Attempting to uninstall Python2 module: $($module.name)" - - Invoke-Expression "py -2 -m pip uninstall -y $($module.name) 2>&1 >> $outputFile" - - if ($LastExitCode -eq 0) { - VM-Write-Log "INFO" "Uninstalled Python2 module: $($module.name)" - } else { - VM-Write-Log "ERROR" "Failed to uninstall Python2 module: $($module.name)" - $success = $false - } - } - - if ($success -eq $false) { - VM-Write-Log "ERROR" "Failed to uninstall at least one Python2 module" - $outputFile = $outputFile.replace('lib\', 'lib-bad\') - VM-Write-Log "ERROR" "Check $outputFile for more information" - VM-Write-Log "ERROR" "Please manually uninstall the remaining Python2 modules via:`n`tpy -2 -m pip uninstall -y " - } -} catch { - VM-Write-Log-Exception $_ -} - diff --git a/packages/libraries.python2.vm/tools/modules.xml b/packages/libraries.python2.vm/tools/modules.xml deleted file mode 100644 index b0412db5a..000000000 --- a/packages/libraries.python2.vm/tools/modules.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file From 555dcb8f34b8c7c911824aeac3a96ce1d3ddaaaa Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 3 Jul 2023 11:10:08 +0000 Subject: [PATCH 135/330] Update 010editor.vm to 13.0 --- packages/010editor.vm/010editor.vm.nuspec | 2 +- packages/010editor.vm/tools/chocolateyinstall.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/010editor.vm/010editor.vm.nuspec b/packages/010editor.vm/010editor.vm.nuspec index 30f500c4f..67c92590d 100644 --- a/packages/010editor.vm/010editor.vm.nuspec +++ b/packages/010editor.vm/010editor.vm.nuspec @@ -2,7 +2,7 @@ 010editor.vm - 12.0.1 + 13.0 Professional text and hex editor with Binary Templates technology. SweetScape diff --git a/packages/010editor.vm/tools/chocolateyinstall.ps1 b/packages/010editor.vm/tools/chocolateyinstall.ps1 index c97acc6f0..eb5d45090 100644 --- a/packages/010editor.vm/tools/chocolateyinstall.ps1 +++ b/packages/010editor.vm/tools/chocolateyinstall.ps1 @@ -5,10 +5,10 @@ try { $toolName = '010Editor' $category = 'Hex Editors' - $url = 'https://download.sweetscape.com/010EditorWin32Installer12.0.1.exe' - $checksum = '7790f48716c728e45989375d2b4d2deaa611d39c40e93ba470651bdc44305434' - $url64 = 'https://download.sweetscape.com/010EditorWin64Installer12.0.1.exe' - $checksum64 = '65c2999e430e026a5906b9a7064f8d9a56e798284309efde7140a515237b9dae' + $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.exe' + $checksum = '97b45a5ccb41455073d493c2bb47ca2f37d96a124925c9b688932fedd6e68e4c' + $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.exe' + $checksum64 = '058731424c9b79cfce85ee00ef99b1e4d567a1cf8f7108b0fe78df74c8ea42b6' $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} From dc2a54248d273d63259c2d6a48480c307f1f20ff Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 3 Jul 2023 12:47:09 +0000 Subject: [PATCH 136/330] Update notepadpp.plugin.compare.vm to 2.0.2 --- .../notepadpp.plugin.compare.vm.nuspec | 2 +- .../tools/chocolateyinstall.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec b/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec index 85171b729..ddff370ac 100644 --- a/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec +++ b/packages/notepadpp.plugin.compare.vm/notepadpp.plugin.compare.vm.nuspec @@ -2,7 +2,7 @@ notepadpp.plugin.compare.vm - 2.0.1.20211225 + 2.0.2 ComparePlus plugin for Notepad++ Pavel Nedev diff --git a/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 b/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 index bf9a5a6a0..125cc0da7 100644 --- a/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 +++ b/packages/notepadpp.plugin.compare.vm/tools/chocolateyinstall.ps1 @@ -7,10 +7,10 @@ try { $toolDir = New-Item (Join-Path $pluginsDir $toolName) -itemtype directory VM-Assert-Path $toolDir - $zipUrl= "https://github.com/pnedev/compare-plugin/releases/download/v2.0.1/ComparePlugin_v2.0.1_x86.zip" - $zipSha256 ="07972c1c7e3012a46ac6ef133a6500ca851bddc9c83471df2f118519a0241ed5" - $zipUrl_64 = "https://github.com/pnedev/compare-plugin/releases/download/v2.0.1/ComparePlugin_v2.0.1_X64.zip" - $zipSha256_64 ="77dedf98ea2280528d726c0053db2001e90da7588e14ee01a98933f121bb15cb" + $zipUrl= "https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_x86.zip" + $zipSha256 ="ea2f4cd6627c1b902f700a43b03b38f725e67136c8ce00ac3620ecc03417332a" + $zipUrl_64 = "https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_X64.zip" + $zipSha256_64 ="4151fbc9778047991cf4b900363d846bda5b0d1783e5fed9eb77e4c8253ba315" # Remove files from previous zips for upgrade VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} From cfa89a590306bad3cb83053d43f6d779ce008411 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 3 Jul 2023 15:58:03 +0200 Subject: [PATCH 137/330] visualstudio: Correct nuspec name Rename visualstudio.nuspec to visualstudio.vm.nuspec for consistency and because it is what our automation expects. --- .../{visualstudio.nuspec => visualstudio.vm.nuspec} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename packages/visualstudio.vm/{visualstudio.nuspec => visualstudio.vm.nuspec} (89%) diff --git a/packages/visualstudio.vm/visualstudio.nuspec b/packages/visualstudio.vm/visualstudio.vm.nuspec similarity index 89% rename from packages/visualstudio.vm/visualstudio.nuspec rename to packages/visualstudio.vm/visualstudio.vm.nuspec index 348c79261..f8b60d6ba 100755 --- a/packages/visualstudio.vm/visualstudio.nuspec +++ b/packages/visualstudio.vm/visualstudio.vm.nuspec @@ -2,7 +2,7 @@ visualstudio.vm - 17.6.1 + 17.6.1.20230703 IDE. Microsoft From 31287715489e8a66a0a4b7e4c2d501a7b9cfa699 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 5 Jul 2023 22:10:41 +0000 Subject: [PATCH 138/330] Update 010editor.vm to 13.0.1 --- packages/010editor.vm/010editor.vm.nuspec | 2 +- packages/010editor.vm/tools/chocolateyinstall.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/010editor.vm/010editor.vm.nuspec b/packages/010editor.vm/010editor.vm.nuspec index 67c92590d..1da84eaa4 100644 --- a/packages/010editor.vm/010editor.vm.nuspec +++ b/packages/010editor.vm/010editor.vm.nuspec @@ -2,7 +2,7 @@ 010editor.vm - 13.0 + 13.0.1 Professional text and hex editor with Binary Templates technology. SweetScape diff --git a/packages/010editor.vm/tools/chocolateyinstall.ps1 b/packages/010editor.vm/tools/chocolateyinstall.ps1 index eb5d45090..824e062af 100644 --- a/packages/010editor.vm/tools/chocolateyinstall.ps1 +++ b/packages/010editor.vm/tools/chocolateyinstall.ps1 @@ -5,10 +5,10 @@ try { $toolName = '010Editor' $category = 'Hex Editors' - $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.exe' - $checksum = '97b45a5ccb41455073d493c2bb47ca2f37d96a124925c9b688932fedd6e68e4c' - $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.exe' - $checksum64 = '058731424c9b79cfce85ee00ef99b1e4d567a1cf8f7108b0fe78df74c8ea42b6' + $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.1.exe' + $checksum = '832f548a0a8850d353e3fc67d7c65301883f07f035131aa77d3144653a4c40e5' + $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.1.exe' + $checksum64 = '4c55d604397db9789b0eb39042707cbcf0bd36d5b43910f47462955b2b53332f' $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} From bdea2fcfe7813470ce13fff310babb4acf5004e8 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 10 Jul 2023 10:59:51 +0200 Subject: [PATCH 139/330] update_package: Add GH tag archives We are currently not updating GitHub tag archives (the tag source code) that we use in some packages like `ida.diaphora.vm`. --- scripts/utils/update_package.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/utils/update_package.py b/scripts/utils/update_package.py index 72e025d4b..07c49a017 100755 --- a/scripts/utils/update_package.py +++ b/scripts/utils/update_package.py @@ -92,6 +92,11 @@ def update_github_url(package): "[\"'](?Phttps://github.com/(?P[^/]+)/(?P[^/]+)/releases/download/(?P[^/]+)/[^\"']+)[\"']", content, ) + # Match also urls like https://github.com/joxeankoret/diaphora/archive/refs/tags/3.0.zip + matches += re.findall( + "[\"'](?Phttps://github.com/(?P[^/]+)/(?P[^/]+)/archive/refs/tags/(?P[^/]+).zip)[\"']", + content, + ) # It is not a GitHub release if not matches: From 1b50f51d24147b2c12d6a01c7f2184f7cc69b63a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 10 Jul 2023 13:10:27 +0000 Subject: [PATCH 140/330] Update 010editor.vm to 13.0.2 --- packages/010editor.vm/010editor.vm.nuspec | 2 +- packages/010editor.vm/tools/chocolateyinstall.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/010editor.vm/010editor.vm.nuspec b/packages/010editor.vm/010editor.vm.nuspec index 1da84eaa4..3e42d27ed 100644 --- a/packages/010editor.vm/010editor.vm.nuspec +++ b/packages/010editor.vm/010editor.vm.nuspec @@ -2,7 +2,7 @@ 010editor.vm - 13.0.1 + 13.0.2 Professional text and hex editor with Binary Templates technology. SweetScape diff --git a/packages/010editor.vm/tools/chocolateyinstall.ps1 b/packages/010editor.vm/tools/chocolateyinstall.ps1 index 824e062af..58cd559f8 100644 --- a/packages/010editor.vm/tools/chocolateyinstall.ps1 +++ b/packages/010editor.vm/tools/chocolateyinstall.ps1 @@ -5,10 +5,10 @@ try { $toolName = '010Editor' $category = 'Hex Editors' - $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.1.exe' - $checksum = '832f548a0a8850d353e3fc67d7c65301883f07f035131aa77d3144653a4c40e5' - $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.1.exe' - $checksum64 = '4c55d604397db9789b0eb39042707cbcf0bd36d5b43910f47462955b2b53332f' + $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.2.exe' + $checksum = '30f21ab0d744b37951b7406aee84d7e2f236d4e2d1e7dcf50d750638408461b2' + $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.2.exe' + $checksum64 = 'c85695071e530d1bc86d116fe8f674d1089ae222659055bafab650280427a1ee' $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} From 0b9960c90ef830a9292378b4def4f0dca7e1d38f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 10 Jul 2023 13:12:06 +0000 Subject: [PATCH 141/330] Update ida.diaphora.vm to 3.0 --- packages/ida.diaphora.vm/ida.diaphora.vm.nuspec | 2 +- packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec index a5aa397d1..ef34c94d7 100644 --- a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec +++ b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec @@ -2,7 +2,7 @@ ida.diaphora.vm - 2.1.0.20230617 + 3.0 joxeankoret Diaphora is a program diffing tool that works as an IDA plugin. diff --git a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 index 647f0170c..35e29c667 100644 --- a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 +++ b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ $toolName = 'diaphora' $category = 'Utilities' $executableName = "diaphora.py" -$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/2.1.0.zip' -$zipSha256 = 'bd946942081b46991e8ee5a2788088110e0eef7649791c661ed41566d4dd2993' +$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/3.0.zip' +$zipSha256 = '3d4a1bcaea155fbadecc823d59004580aae04edc0e98a96860df550bd4c08a40' # Diaphora needs to be executed from IDA, do not install bin file VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile From 122c476e5ab78ea2a222347d1c1424417cbb5f88 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:39:03 -0700 Subject: [PATCH 142/330] added new commando categories --- categories.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/categories.txt b/categories.txt index 77c6c0711..d337cb8d4 100644 --- a/categories.txt +++ b/categories.txt @@ -26,3 +26,9 @@ Password Attacks Vulnerability Analysis Web Application Wordlists +Payload Development +Reconnaissance +Persistence +Privilege Escalation +Credential Access +Lateral Movement From 77abe0446b40520eaacdfa6086f5cf137a847827 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 12:06:05 -0700 Subject: [PATCH 143/330] added new commando packages --- .github/ISSUE_TEMPLATE/new_metapackage.yml | 6 ++++++ .github/ISSUE_TEMPLATE/new_package.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/new_metapackage.yml b/.github/ISSUE_TEMPLATE/new_metapackage.yml index f0692c4bd..c57fda3d7 100644 --- a/.github/ISSUE_TEMPLATE/new_metapackage.yml +++ b/.github/ISSUE_TEMPLATE/new_metapackage.yml @@ -78,6 +78,12 @@ body: - Vulnerability Analysis - Web Application - Wordlists + - Payload Development + - Reconnaissance + - Persistence + - Privilege Escalation + - Credential Access + - Lateral Movement - type: input id: authors attributes: diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index 3d6fc3cd0..fa2de927f 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -97,6 +97,12 @@ body: - Vulnerability Analysis - Web Application - Wordlists + - Payload Development + - Reconnaissance + - Persistence + - Privilege Escalation + - Credential Access + - Lateral Movement - type: input id: authors attributes: From 4d736925b66f9378f38631cf9359dff89c04978f Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 12:31:17 -0700 Subject: [PATCH 144/330] added chrome dependency --- packages/gowitness.vm/gowitness.vm.nuspec | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/gowitness.vm/gowitness.vm.nuspec b/packages/gowitness.vm/gowitness.vm.nuspec index c3f781a49..124ec6dff 100644 --- a/packages/gowitness.vm/gowitness.vm.nuspec +++ b/packages/gowitness.vm/gowitness.vm.nuspec @@ -7,6 +7,7 @@ Website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. + From 3dd5546504cb278069480df7076c483ea2a42401 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 12:31:48 -0700 Subject: [PATCH 145/330] updated category --- packages/gowitness.vm/tools/chocolateyinstall.ps1 | 2 +- packages/gowitness.vm/tools/chocolateyuninstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/gowitness.vm/tools/chocolateyinstall.ps1 b/packages/gowitness.vm/tools/chocolateyinstall.ps1 index 3af8b6c05..eef1c2f0f 100644 --- a/packages/gowitness.vm/tools/chocolateyinstall.ps1 +++ b/packages/gowitness.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoWitness' -$category = 'Information Gathering' +$category = 'Reconnaissance' $exeUrl = 'https://github.com/sensepost/gowitness/releases/download/2.5.0/gowitness-2.5.0-windows-amd64.exe' $exeSha256 = '6b563d157e5b6a0ffd7a360d97a00d55ea579ca6c7146c88f65e1de820e14097' diff --git a/packages/gowitness.vm/tools/chocolateyuninstall.ps1 b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 index e8e844a0d..e230db1e0 100644 --- a/packages/gowitness.vm/tools/chocolateyuninstall.ps1 +++ b/packages/gowitness.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoWitness' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category From 98dc126aaf8cbd0229b61624c340214c3424b55c Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 13:43:39 -0700 Subject: [PATCH 146/330] renamed. changed category. --- .../juicypotato.vm.nuspec} | 4 ++-- .../tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename packages/{juicy-potato.vm/juicy-potato.vm.nuspec => juicypotato.vm/juicypotato.vm.nuspec} (56%) rename packages/{juicy-potato.vm => juicypotato.vm}/tools/chocolateyinstall.ps1 (91%) rename packages/{juicy-potato.vm => juicypotato.vm}/tools/chocolateyuninstall.ps1 (80%) diff --git a/packages/juicy-potato.vm/juicy-potato.vm.nuspec b/packages/juicypotato.vm/juicypotato.vm.nuspec similarity index 56% rename from packages/juicy-potato.vm/juicy-potato.vm.nuspec rename to packages/juicypotato.vm/juicypotato.vm.nuspec index dd2ac4439..c4c58f50c 100644 --- a/packages/juicy-potato.vm/juicy-potato.vm.nuspec +++ b/packages/juicypotato.vm/juicypotato.vm.nuspec @@ -1,10 +1,10 @@ - juicy-potato.vm + juicypotato.vm 0.1 ohpe - A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM + Local Privilege Escalation tool that abuses the SeImpersonatePrivilege to go from a Windows Service Account to NT AUTHORITY\SYSTEM diff --git a/packages/juicy-potato.vm/tools/chocolateyinstall.ps1 b/packages/juicypotato.vm/tools/chocolateyinstall.ps1 similarity index 91% rename from packages/juicy-potato.vm/tools/chocolateyinstall.ps1 rename to packages/juicypotato.vm/tools/chocolateyinstall.ps1 index 7ef85e97f..e91764ca9 100644 --- a/packages/juicy-potato.vm/tools/chocolateyinstall.ps1 +++ b/packages/juicypotato.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'JuicyPotato' -$category = 'Exploitation' +$category = 'Privilege Escalation' $exeUrl = 'https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe' $exeSha256 = '0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036' diff --git a/packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 b/packages/juicypotato.vm/tools/chocolateyuninstall.ps1 similarity index 80% rename from packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 rename to packages/juicypotato.vm/tools/chocolateyuninstall.ps1 index d6dafbe7e..081b52491 100644 --- a/packages/juicy-potato.vm/tools/chocolateyuninstall.ps1 +++ b/packages/juicypotato.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'JuicyPotato' -$category = 'Exploitation' +$category = 'Privilege Escalation' VM-Uninstall $toolName $category From 731ac916cb0ee93b318153240e11f0a65a7c0121 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 10 Jul 2023 21:04:54 +0000 Subject: [PATCH 147/330] Add powerupsql.vm Closes https://github.com/mandiant/VM-Packages/issues/485. --- packages/powerupsql.vm/powerupsql.vm.nuspec | 12 ++++++++++++ packages/powerupsql.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/powerupsql.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/powerupsql.vm/powerupsql.vm.nuspec create mode 100644 packages/powerupsql.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/powerupsql.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/powerupsql.vm/powerupsql.vm.nuspec b/packages/powerupsql.vm/powerupsql.vm.nuspec new file mode 100644 index 000000000..74f4500f0 --- /dev/null +++ b/packages/powerupsql.vm/powerupsql.vm.nuspec @@ -0,0 +1,12 @@ + + + + powerupsql.vm + 0.0.0.20230710 + NetSPI + PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. + + + + + diff --git a/packages/powerupsql.vm/tools/chocolateyinstall.ps1 b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ee61008f4 --- /dev/null +++ b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerUpSQL' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/NetSPI/PowerUpSQL/archive/2837c7bdda47a07703b7841080024f30a73a7743.zip' +$zipSha256 = 'fffed1c3f480b40616070e7ebb5bf7e8093e0bb483ce1ef2400f586018439c85' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 b/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..134c093ed --- /dev/null +++ b/packages/powerupsql.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerUpSQL' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 0455b66bafdba68a45c454ca0c3fb460cf993dd4 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 14:08:25 -0700 Subject: [PATCH 148/330] added a shortcut command --- packages/powerupsql.vm/tools/chocolateyinstall.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/powerupsql.vm/tools/chocolateyinstall.ps1 b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 index ee61008f4..05ba752d8 100644 --- a/packages/powerupsql.vm/tools/chocolateyinstall.ps1 +++ b/packages/powerupsql.vm/tools/chocolateyinstall.ps1 @@ -7,4 +7,6 @@ $category = 'Exploitation' $zipUrl = 'https://github.com/NetSPI/PowerUpSQL/archive/2837c7bdda47a07703b7841080024f30a73a7743.zip' $zipSha256 = 'fffed1c3f480b40616070e7ebb5bf7e8093e0bb483ce1ef2400f586018439c85' -VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 +$powershellCommand = 'Import-Module PowerUpSQL.psd1; Get-Command -Module PowerUpSQL' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand From 18a010c1d81deabf762f5c9e8cefb3f4fda315ba Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 10 Jul 2023 23:31:41 +0000 Subject: [PATCH 149/330] Add petitpotam.vm Closes https://github.com/mandiant/VM-Packages/issues/496. --- packages/petitpotam.vm/petitpotam.vm.nuspec | 12 ++++++++++++ packages/petitpotam.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/petitpotam.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/petitpotam.vm/petitpotam.vm.nuspec create mode 100644 packages/petitpotam.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/petitpotam.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/petitpotam.vm/petitpotam.vm.nuspec b/packages/petitpotam.vm/petitpotam.vm.nuspec new file mode 100644 index 000000000..f5bf39d1c --- /dev/null +++ b/packages/petitpotam.vm/petitpotam.vm.nuspec @@ -0,0 +1,12 @@ + + + + petitpotam.vm + 0.0.0.20230710 + topotam + PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions + + + + + diff --git a/packages/petitpotam.vm/tools/chocolateyinstall.ps1 b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c3e14e72b --- /dev/null +++ b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PetitPotam' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/topotam/PetitPotam/archive/d83ac8f2dd34654628c17490f99106eb128e7d1e.zip' +$zipSha256 = '5429479879877c2a6263d79c1a83fbcbd0f9f37bf9870c155358d9dc25662862' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 b/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5d8f7bc3e --- /dev/null +++ b/packages/petitpotam.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PetitPotam' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From f2ff310482fe098fd8b88b4cba35c55d4ff43ff2 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 10 Jul 2023 16:37:20 -0700 Subject: [PATCH 150/330] added shortcut --- packages/petitpotam.vm/tools/chocolateyinstall.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/petitpotam.vm/tools/chocolateyinstall.ps1 b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 index c3e14e72b..c946faf73 100644 --- a/packages/petitpotam.vm/tools/chocolateyinstall.ps1 +++ b/packages/petitpotam.vm/tools/chocolateyinstall.ps1 @@ -7,4 +7,6 @@ $category = 'Exploitation' $zipUrl = 'https://github.com/topotam/PetitPotam/archive/d83ac8f2dd34654628c17490f99106eb128e7d1e.zip' $zipSha256 = '5429479879877c2a6263d79c1a83fbcbd0f9f37bf9870c155358d9dc25662862' -VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 +$powershellCommand = '.\PetitPotam.exe' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand From f30607d387f2bc3f248f6c7e8eaad8ddfbd63381 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 10 Jul 2023 23:44:02 +0000 Subject: [PATCH 151/330] Add snaffler.vm Closes https://github.com/mandiant/VM-Packages/issues/498. --- packages/snaffler.vm/snaffler.vm.nuspec | 12 ++++++++++++ packages/snaffler.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/snaffler.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/snaffler.vm/snaffler.vm.nuspec create mode 100644 packages/snaffler.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/snaffler.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec new file mode 100644 index 000000000..b2a35b0b3 --- /dev/null +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -0,0 +1,12 @@ + + + + snaffler.vm + 1.0.126 + l0ss, Sh3r4 + Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. + + + + + diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f3c7e1696 --- /dev/null +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Snaffler' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.126/Snaffler.exe' +$exeSha256 = 'c27cfb7487f51e33a5964a64df0c3f0f4b5f94b64a428ae1817255d480b42472' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/snaffler.vm/tools/chocolateyuninstall.ps1 b/packages/snaffler.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0bcd51976 --- /dev/null +++ b/packages/snaffler.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Snaffler' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category From cbb383703e82403454ab145ac8a5a034d5c9bd18 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 11 Jul 2023 01:18:35 +0000 Subject: [PATCH 152/330] Add dumpert.vm Closes https://github.com/mandiant/VM-Packages/issues/508. --- packages/dumpert.vm/dumpert.vm.nuspec | 12 ++++++++++++ packages/dumpert.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/dumpert.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/dumpert.vm/dumpert.vm.nuspec create mode 100644 packages/dumpert.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dumpert.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dumpert.vm/dumpert.vm.nuspec b/packages/dumpert.vm/dumpert.vm.nuspec new file mode 100644 index 000000000..1b5f0eb93 --- /dev/null +++ b/packages/dumpert.vm/dumpert.vm.nuspec @@ -0,0 +1,12 @@ + + + + dumpert.vm + 0.0.0.20230711 + outflank + This tool demonstrates the use of direct System Calls and API unhooking and combines these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. + + + + + diff --git a/packages/dumpert.vm/tools/chocolateyinstall.ps1 b/packages/dumpert.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..b40b3ce06 --- /dev/null +++ b/packages/dumpert.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Dumpert' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/outflanknl/Dumpert/archive/8000ca4c585b0fc317cee69504be22d1ac2ed779.zip' +$zipSha256 = '1ffbf3332db29e834c779008586c386ebbf1ca21e5c081ae6bba1a033d937bec' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/dumpert.vm/tools/chocolateyuninstall.ps1 b/packages/dumpert.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..aa96ccb94 --- /dev/null +++ b/packages/dumpert.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Dumpert' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From e7163d008f16a5bbe6f78f9feefe854ab4f9dfbd Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 11 Jul 2023 06:00:05 +0000 Subject: [PATCH 153/330] Add rubeus.vm Closes https://github.com/mandiant/VM-Packages/issues/516. --- packages/rubeus.vm/rubeus.vm.nuspec | 12 ++++++++++++ packages/rubeus.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/rubeus.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/rubeus.vm/rubeus.vm.nuspec create mode 100644 packages/rubeus.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/rubeus.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/rubeus.vm/rubeus.vm.nuspec b/packages/rubeus.vm/rubeus.vm.nuspec new file mode 100644 index 000000000..3d8c84910 --- /dev/null +++ b/packages/rubeus.vm/rubeus.vm.nuspec @@ -0,0 +1,12 @@ + + + + rubeus.vm + 2.2.1 + harmj0y + Rubeus is a C# toolset for raw Kerberos interaction and abuses. + + + + + diff --git a/packages/rubeus.vm/tools/chocolateyinstall.ps1 b/packages/rubeus.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..a4eabddd9 --- /dev/null +++ b/packages/rubeus.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Rubeus' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/Rubeus/archive/refs/heads/master.zip' +$zipSha256 = 'f6d1650043e528e24b4bc5c1f24e64ff0c4bbcf72537b84b1d8f866dd8ab8ccb' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/rubeus.vm/tools/chocolateyuninstall.ps1 b/packages/rubeus.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..f684162c1 --- /dev/null +++ b/packages/rubeus.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Rubeus' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 1210fd439d236027e0cd139e919b020f729d0dc8 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 11 Jul 2023 16:42:39 +0000 Subject: [PATCH 154/330] Add burp-free.vm Closes https://github.com/mandiant/VM-Packages/issues/518. --- packages/burp-free.vm/burp-free.vm.nuspec | 13 +++++++++++++ .../burp-free.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../burp-free.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/burp-free.vm/burp-free.vm.nuspec create mode 100644 packages/burp-free.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/burp-free.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/burp-free.vm/burp-free.vm.nuspec b/packages/burp-free.vm/burp-free.vm.nuspec new file mode 100644 index 000000000..70166c646 --- /dev/null +++ b/packages/burp-free.vm/burp-free.vm.nuspec @@ -0,0 +1,13 @@ + + + + burp-free.vm + 0.0.0.20230711 + PortSwigger Ltd. + Burp Suite Community Edition is PortSwigger's free integrated platform for performing security testing of web applications. + + + + + + diff --git a/packages/burp-free.vm/tools/chocolateyinstall.ps1 b/packages/burp-free.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d386965e8 --- /dev/null +++ b/packages/burp-free.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'BurpSuiteCommunity' + $category = 'Utilities' + $shimPath = '"C:\Program Files\BurpSuiteCommunity\BurpSuiteCommunity.exe"' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/burp-free.vm/tools/chocolateyuninstall.ps1 b/packages/burp-free.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0e840129e --- /dev/null +++ b/packages/burp-free.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BurpSuiteCommunity' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category From 02d9ef9f71208eb22047e0b178689442cd8729f9 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 11 Jul 2023 11:23:27 -0700 Subject: [PATCH 155/330] fix burp-free.vm install --- packages/burp-free.vm/burp-free.vm.nuspec | 2 +- packages/burp-free.vm/tools/chocolateyinstall.ps1 | 4 ++-- success_failure.json | Bin 0 -> 104 bytes 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 success_failure.json diff --git a/packages/burp-free.vm/burp-free.vm.nuspec b/packages/burp-free.vm/burp-free.vm.nuspec index 70166c646..c711530a9 100644 --- a/packages/burp-free.vm/burp-free.vm.nuspec +++ b/packages/burp-free.vm/burp-free.vm.nuspec @@ -7,7 +7,7 @@ Burp Suite Community Edition is PortSwigger's free integrated platform for performing security testing of web applications. - + diff --git a/packages/burp-free.vm/tools/chocolateyinstall.ps1 b/packages/burp-free.vm/tools/chocolateyinstall.ps1 index d386965e8..5f927f3a5 100644 --- a/packages/burp-free.vm/tools/chocolateyinstall.ps1 +++ b/packages/burp-free.vm/tools/chocolateyinstall.ps1 @@ -4,11 +4,11 @@ Import-Module vm.common -Force -DisableNameChecking try { $toolName = 'BurpSuiteCommunity' $category = 'Utilities' - $shimPath = '"C:\Program Files\BurpSuiteCommunity\BurpSuiteCommunity.exe"' + $shimPath = 'BurpSuiteCommunity\BurpSuiteCommunity.exe' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category $shortcut = Join-Path $shortcutDir "$toolName.lnk" - $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + $executablePath = Join-Path ${Env:ProgramFiles} $shimPath -Resolve Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin VM-Assert-Path $shortcut } catch { diff --git a/success_failure.json b/success_failure.json new file mode 100644 index 0000000000000000000000000000000000000000..9e21877f8a38b492814752764cb7098ee4322a87 GIT binary patch literal 104 zcmezWubM%Lp_rkRAsGl$fvjR6--^MAK?g{uF(fi%GUNbdi-2+ Date: Tue, 11 Jul 2023 14:46:37 -0700 Subject: [PATCH 156/330] added tool directory argument --- packages/common.vm/tools/vm.common/vm.common.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 66fc7e892..f6321970b 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -428,7 +428,7 @@ function VM-Install-Single-Exe { Get-ChocolateyWebFile @packageArgs VM-Assert-Path $executablePath - VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments + VM-Install-Shortcut -toolName $toolName -category $category -executableDir $toolDir -executablePath $executablePath -consoleApp $consoleApp -arguments $arguments Install-BinFile -Name $toolName -Path $executablePath return $executablePath } catch { From 73a62791b2903f307a950c000903a331c6fc308f Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Tue, 11 Jul 2023 14:53:27 -0700 Subject: [PATCH 157/330] updated version --- packages/common.vm/common.vm.nuspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index b8cf64c79..5111632bf 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230616 + 0.0.0.20230711 Common libraries for VM-packages Mandiant From 9b1d3432df604b7664cba9ff751804adee477442 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 11 Jul 2023 22:36:15 +0000 Subject: [PATCH 158/330] Add kerbrute.vm Closes https://github.com/mandiant/VM-Packages/issues/523. --- packages/kerbrute.vm/kerbrute.vm.nuspec | 12 ++++++++++++ packages/kerbrute.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/kerbrute.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/kerbrute.vm/kerbrute.vm.nuspec create mode 100644 packages/kerbrute.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/kerbrute.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/kerbrute.vm/kerbrute.vm.nuspec b/packages/kerbrute.vm/kerbrute.vm.nuspec new file mode 100644 index 000000000..9d4849f75 --- /dev/null +++ b/packages/kerbrute.vm/kerbrute.vm.nuspec @@ -0,0 +1,12 @@ + + + + kerbrute.vm + 1.0.3 + ropnop + A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication + + + + + diff --git a/packages/kerbrute.vm/tools/chocolateyinstall.ps1 b/packages/kerbrute.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2fdcb8179 --- /dev/null +++ b/packages/kerbrute.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Kerbrute' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_windows_amd64.exe' +$exeSha256 = 'd18aa84b7bf0efde9c6b5db2a38ab1ec9484c59c5284c0bd080f5197bf9388b0' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 b/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4c73672d9 --- /dev/null +++ b/packages/kerbrute.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Kerbrute' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From a4196bef5521afad8f9859717738acb2f62588c4 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 7 Jul 2023 12:24:23 +0200 Subject: [PATCH 159/330] categories: Add InnoSetup category We can already two InnoSetup tools (innoextract and innounp) and we are planing to add two more (IFPSTools and isd). Create a new InnoSetup category for these tools to make it easier to find them and make Utilities smaller. Sort the categories list alphabetically. --- .github/ISSUE_TEMPLATE/new_metapackage.yml | 25 ++++++++++--------- .github/ISSUE_TEMPLATE/new_package.yml | 25 ++++++++++--------- categories.txt | 25 ++++++++++--------- packages/innoextract.vm/innoextract.vm.nuspec | 2 +- .../tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- packages/innounp.vm/innounp.vm.nuspec | 2 +- .../innounp.vm/tools/chocolateyinstall.ps1 | 2 +- .../innounp.vm/tools/chocolateyuninstall.ps1 | 2 +- 9 files changed, 45 insertions(+), 42 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/new_metapackage.yml b/.github/ISSUE_TEMPLATE/new_metapackage.yml index c57fda3d7..534dfa0e9 100644 --- a/.github/ISSUE_TEMPLATE/new_metapackage.yml +++ b/.github/ISSUE_TEMPLATE/new_metapackage.yml @@ -50,40 +50,41 @@ body: label: Category description: Which category should this tool be installed to? options: + - Active Directory - Android - Cloud + - Command & Control + - Credential Access - Debuggers - Delphi - Disassemblers - dotNet + - Evasion + - Exploitation - Forensic - Hex Editors + - Information Gathering + - InnoSetup - Java - Javascript + - Lateral Movement - Networking - Office + - Password Attacks + - Payload Development - PDF - PE + - Persistence - PowerShell + - Privilege Escalation - Python + - Reconnaissance - Text Editors - Utilities - VB - - Active Directory - - Command & Control - - Evasion - - Exploitation - - Information Gathering - - Password Attacks - Vulnerability Analysis - Web Application - Wordlists - - Payload Development - - Reconnaissance - - Persistence - - Privilege Escalation - - Credential Access - - Lateral Movement - type: input id: authors attributes: diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index fa2de927f..fdc11a0ca 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -69,40 +69,41 @@ body: label: Category description: Which category should this tool be installed to? options: + - Active Directory - Android - Cloud + - Command & Control + - Credential Access - Debuggers - Delphi - Disassemblers - dotNet + - Evasion + - Exploitation - Forensic - Hex Editors + - Information Gathering + - InnoSetup - Java - Javascript + - Lateral Movement - Networking - Office + - Password Attacks + - Payload Development - PDF - PE + - Persistence - PowerShell + - Privilege Escalation - Python + - Reconnaissance - Text Editors - Utilities - VB - - Active Directory - - Command & Control - - Evasion - - Exploitation - - Information Gathering - - Password Attacks - Vulnerability Analysis - Web Application - Wordlists - - Payload Development - - Reconnaissance - - Persistence - - Privilege Escalation - - Credential Access - - Lateral Movement - type: input id: authors attributes: diff --git a/categories.txt b/categories.txt index d337cb8d4..585808a2c 100644 --- a/categories.txt +++ b/categories.txt @@ -1,34 +1,35 @@ +Active Directory Android Cloud +Command & Control +Credential Access Debuggers Delphi Disassemblers dotNet +Evasion +Exploitation Forensic Hex Editors +Information Gathering +InnoSetup Java Javascript +Lateral Movement Networking Office +Password Attacks +Payload Development PDF PE +Persistence PowerShell +Privilege Escalation Python +Reconnaissance Text Editors Utilities VB -Active Directory -Command & Control -Evasion -Exploitation -Information Gathering -Password Attacks Vulnerability Analysis Web Application Wordlists -Payload Development -Reconnaissance -Persistence -Privilege Escalation -Credential Access -Lateral Movement diff --git a/packages/innoextract.vm/innoextract.vm.nuspec b/packages/innoextract.vm/innoextract.vm.nuspec index df7bcbcf9..2b49e5ec8 100644 --- a/packages/innoextract.vm/innoextract.vm.nuspec +++ b/packages/innoextract.vm/innoextract.vm.nuspec @@ -2,7 +2,7 @@ innoextract.vm - 1.9 + 1.9.0.20230710 Daniel Scharrer A tool to extract Inno Setup installers. diff --git a/packages/innoextract.vm/tools/chocolateyinstall.ps1 b/packages/innoextract.vm/tools/chocolateyinstall.ps1 index 139415a55..6d977ae1f 100644 --- a/packages/innoextract.vm/tools/chocolateyinstall.ps1 +++ b/packages/innoextract.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'innoextract' -$category = 'Utilities' +$category = 'InnoSetup' $zipUrl = 'https://constexpr.org/innoextract/files/innoextract-1.9/innoextract-1.9-windows.zip' $zipSha256 = '6989342c9b026a00a72a38f23b62a8e6a22cc5de69805cf47d68ac2fec993065' diff --git a/packages/innoextract.vm/tools/chocolateyuninstall.ps1 b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 index c8fc6faa4..cd62be8cf 100644 --- a/packages/innoextract.vm/tools/chocolateyuninstall.ps1 +++ b/packages/innoextract.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'innoextract' -$category = 'Utilities' +$category = 'InnoSetup' VM-Uninstall $toolName $category diff --git a/packages/innounp.vm/innounp.vm.nuspec b/packages/innounp.vm/innounp.vm.nuspec index 338842ddf..d562d3ea9 100644 --- a/packages/innounp.vm/innounp.vm.nuspec +++ b/packages/innounp.vm/innounp.vm.nuspec @@ -2,7 +2,7 @@ innounp.vm - 0.50 + 0.50.0.20230710 QuickeneR, Ariman Unpacker for Inno Setup installers. diff --git a/packages/innounp.vm/tools/chocolateyinstall.ps1 b/packages/innounp.vm/tools/chocolateyinstall.ps1 index 88c41e1bb..51c309b75 100644 --- a/packages/innounp.vm/tools/chocolateyinstall.ps1 +++ b/packages/innounp.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'innounp' -$category = 'Utilities' +$category = 'InnoSetup' $exeUrl = 'https://github.com/WhatTheBlock/innounp/releases/download/v0.50/innounp.exe' $exeSha256 = '9b72ad9f93d167652a0e2bf3921abdfd3e6747c5e718461a2e58b9dfacd31f4c' diff --git a/packages/innounp.vm/tools/chocolateyuninstall.ps1 b/packages/innounp.vm/tools/chocolateyuninstall.ps1 index 805972b92..59d89a272 100644 --- a/packages/innounp.vm/tools/chocolateyuninstall.ps1 +++ b/packages/innounp.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'innounp' -$category = 'Utilities' +$category = 'InnoSetup' VM-Uninstall $toolName $category From 1f480214a4acfef43f5ba25924ef90a73cd7bc11 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 10 Jul 2023 11:34:12 +0200 Subject: [PATCH 160/330] isd.vm: Add Inno Setup Decompiler I found this tool in https://github.com/dscharrer/innoextract/issues/106 and found it useful. --- packages/isd.vm/isd.vm.nuspec | 12 ++++++++++++ packages/isd.vm/tools/chocolateyinstall.ps1 | 19 +++++++++++++++++++ packages/isd.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 38 insertions(+) create mode 100644 packages/isd.vm/isd.vm.nuspec create mode 100644 packages/isd.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/isd.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/isd.vm/isd.vm.nuspec b/packages/isd.vm/isd.vm.nuspec new file mode 100644 index 000000000..b55d9f9a3 --- /dev/null +++ b/packages/isd.vm/isd.vm.nuspec @@ -0,0 +1,12 @@ + + + + isd.vm + 1.5 + VDisAsm + Inno Setup Decompiler + + + + + diff --git a/packages/isd.vm/tools/chocolateyinstall.ps1 b/packages/isd.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..91eccefb7 --- /dev/null +++ b/packages/isd.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,19 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Inno Setup Decompiler' + $category = 'InnoSetup' + + $zipUrl = 'https://github.com/dscharrer/innoextract/files/5507287/isdsetup.1.5.exe.zip' + $zipSha256 = '8fe99b5a989066131b6553394c2c93eed5adbd9430494ab921aafd74d2c818dc' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $executablePath = (Join-Path $toolDir "PSUI.exe") + VM-Install-With-Installer $toolName $category "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP- /Dir=`"$($toolDir)`"" $executablePath $zipUrl -sha256 $zipSha256 + + $desktopShortcut = Join-Path "C:\Users\Public\Desktop" "$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/isd.vm/tools/chocolateyuninstall.ps1 b/packages/isd.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6c46b5a35 --- /dev/null +++ b/packages/isd.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inno Setup Decompiler' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 28b633b58d990b9e6e77703663a5785a329af82a Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 10 Jul 2023 12:33:17 +0200 Subject: [PATCH 161/330] ifpstools.vm: Add IFPSTools.NET IFPSTools.NET includes several tools, but we only create a shortcut for ifpsdasm (and add it to path) as it the one I use for malware analysis. --- packages/ifpstools.vm/ifpstools.vm.nuspec | 12 ++++++++++++ packages/ifpstools.vm/tools/chocolateyinstall.ps1 | 11 +++++++++++ packages/ifpstools.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 30 insertions(+) create mode 100644 packages/ifpstools.vm/ifpstools.vm.nuspec create mode 100644 packages/ifpstools.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/ifpstools.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/ifpstools.vm/ifpstools.vm.nuspec b/packages/ifpstools.vm/ifpstools.vm.nuspec new file mode 100644 index 000000000..4e9ca7884 --- /dev/null +++ b/packages/ifpstools.vm/ifpstools.vm.nuspec @@ -0,0 +1,12 @@ + + + + ifpstools.vm + 2.0.2 + Wack0, Jonson Tan + IFPSTools.NET: tools for working with RemObject PascalScript compiled bytecode files + + + + + diff --git a/packages/ifpstools.vm/tools/chocolateyinstall.ps1 b/packages/ifpstools.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f877e8520 --- /dev/null +++ b/packages/ifpstools.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,11 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +# IFPSTools.NET includes several tools, but we only create a shortcut for ifpsdasm (and add it to path) +$toolName = 'ifpsdasm' +$category = 'InnoSetup' + +$zipUrl = 'https://github.com/Wack0/IFPSTools.NET/releases/download/v2.0.2/ifpstools-net_v2.0.2.zip' +$zipSha256 = 'bf5242e1b950055b496a5e42a828c687681aee5f259ed262236b0bc52e02e5b8' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $null diff --git a/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 b/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0aea33156 --- /dev/null +++ b/packages/ifpstools.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ifpsdasm' +$category = 'InnoSetup' + +VM-Uninstall $toolName $category From ed8d81872faeec1f600a83b2faa47a3be2c4fbc5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 12 Jul 2023 21:13:40 +0000 Subject: [PATCH 162/330] Add syswhispers2.vm Closes https://github.com/mandiant/VM-Packages/issues/541. --- packages/syswhispers2.vm/syswhispers2.vm.nuspec | 12 ++++++++++++ packages/syswhispers2.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../syswhispers2.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/syswhispers2.vm/syswhispers2.vm.nuspec create mode 100644 packages/syswhispers2.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/syswhispers2.vm/syswhispers2.vm.nuspec b/packages/syswhispers2.vm/syswhispers2.vm.nuspec new file mode 100644 index 000000000..991066152 --- /dev/null +++ b/packages/syswhispers2.vm/syswhispers2.vm.nuspec @@ -0,0 +1,12 @@ + + + + syswhispers2.vm + 0.0.0.20230712 + jthuraisamy + SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. + + + + + diff --git a/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..20d37ae68 --- /dev/null +++ b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'syswhispers' +$category = 'Evasion' + +$zipUrl = 'https://github.com/jthuraisamy/SysWhispers2/archive/05ad0d9ec769fac2776c992d2cb55b09bd604f9a.zip' +$zipSha256 = '4741ad22fe05a9dc8e89885b37a458c12b286a9de2e3f306b57c7a5ef5f7596e' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..aac7a2989 --- /dev/null +++ b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'syswhispers' +$category = 'Evasion' + +VM-Uninstall $toolName $category From 41dcd58b3016ef8ee38eb4819921c41a7ab3a977 Mon Sep 17 00:00:00 2001 From: nos3curity <72961537+nos3curity@users.noreply.github.com> Date: Wed, 12 Jul 2023 14:38:22 -0700 Subject: [PATCH 163/330] fixed category and tool name --- packages/syswhispers2.vm/tools/chocolateyinstall.ps1 | 4 ++-- packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 index 20d37ae68..00d751f51 100644 --- a/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 +++ b/packages/syswhispers2.vm/tools/chocolateyinstall.ps1 @@ -1,8 +1,8 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'syswhispers' -$category = 'Evasion' +$toolName = 'SysWhispers2' +$category = 'Payload Development' $zipUrl = 'https://github.com/jthuraisamy/SysWhispers2/archive/05ad0d9ec769fac2776c992d2cb55b09bd604f9a.zip' $zipSha256 = '4741ad22fe05a9dc8e89885b37a458c12b286a9de2e3f306b57c7a5ef5f7596e' diff --git a/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 index aac7a2989..9ca420bae 100644 --- a/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 +++ b/packages/syswhispers2.vm/tools/chocolateyuninstall.ps1 @@ -1,7 +1,7 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking -$toolName = 'syswhispers' -$category = 'Evasion' +$toolName = 'SysWhispers2' +$category = 'Payload Development' VM-Uninstall $toolName $category From cf91723ad9b089ecfacffcc20a22d8837270c4d1 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 12 Jul 2023 22:12:02 +0000 Subject: [PATCH 164/330] Update ghidra.vm to 10.3.2 --- packages/ghidra.vm/ghidra.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index bb07d1495..6af8b272d 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,12 +2,12 @@ ghidra.vm - 10.3.1 + 10.3.2 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - + From efd287ec2d8c80e446500422d92d8a1a3e0b8670 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 13 Jul 2023 00:00:50 +0000 Subject: [PATCH 165/330] Add credninja.vm Closes https://github.com/mandiant/VM-Packages/issues/552. --- packages/credninja.vm/credninja.vm.nuspec | 12 ++++++++++++ packages/credninja.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/credninja.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/credninja.vm/credninja.vm.nuspec create mode 100644 packages/credninja.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/credninja.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/credninja.vm/credninja.vm.nuspec b/packages/credninja.vm/credninja.vm.nuspec new file mode 100644 index 000000000..2fdf08b86 --- /dev/null +++ b/packages/credninja.vm/credninja.vm.nuspec @@ -0,0 +1,12 @@ + + + + credninja.vm + 2.3 + raikiasec + This tool will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host. + + + + + diff --git a/packages/credninja.vm/tools/chocolateyinstall.ps1 b/packages/credninja.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..16f989030 --- /dev/null +++ b/packages/credninja.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CredNinja' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Raikia/CredNinja/archive/4a13f297851cd6fe88017288e6850ad276078071.zip' +$zipSha256 = '35b7dfae877c08bd9e50a5b9406eead0687b460db9428b9fe22130cc47b1ec10' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/credninja.vm/tools/chocolateyuninstall.ps1 b/packages/credninja.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..637d77d13 --- /dev/null +++ b/packages/credninja.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CredNinja' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From dc992f8b74a340e324641110aec18c7424d8b732 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 13 Jul 2023 00:37:01 +0000 Subject: [PATCH 166/330] Update sliver.vm to v1.5.41 --- packages/sliver.vm/sliver.vm.nuspec | 2 +- packages/sliver.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sliver.vm/sliver.vm.nuspec b/packages/sliver.vm/sliver.vm.nuspec index 6e9862887..1ab9cad98 100644 --- a/packages/sliver.vm/sliver.vm.nuspec +++ b/packages/sliver.vm/sliver.vm.nuspec @@ -2,7 +2,7 @@ sliver.vm - 1.5.40 + 1.5.41 bishopfox Sliver is an open source cross-platform adversary emulation/red team framework. diff --git a/packages/sliver.vm/tools/chocolateyinstall.ps1 b/packages/sliver.vm/tools/chocolateyinstall.ps1 index 7f2fd0a22..ed3367d26 100644 --- a/packages/sliver.vm/tools/chocolateyinstall.ps1 +++ b/packages/sliver.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Sliver' $category = 'Command & Control' -$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.40/sliver-client_windows.exe' -$exeSha256 = '48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b' +$exeUrl = 'https://github.com/BishopFox/sliver/releases/download/v1.5.41/sliver-client_windows.exe' +$exeSha256 = '85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From 19968a8213e0f5bdd41e7dabe758b9d5c56d11ea Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 13 Jul 2023 00:37:53 +0000 Subject: [PATCH 167/330] Update wireshark.vm to 4.0.7 --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index d670df8ab..6d8ad28a7 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.6 + 4.0.7 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From ba7048af97de2ed6fbd09a06fddf912cd868bf02 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 13 Jul 2023 10:17:27 -0700 Subject: [PATCH 168/330] Add PowerZure (#276) * added powerzure * added shortcut. added dependency * fixed shortcut --- packages/powerzure.vm/powerzure.vm.nuspec | 13 +++++++++++++ packages/powerzure.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/powerzure.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 32 insertions(+) create mode 100644 packages/powerzure.vm/powerzure.vm.nuspec create mode 100644 packages/powerzure.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/powerzure.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/powerzure.vm/powerzure.vm.nuspec b/packages/powerzure.vm/powerzure.vm.nuspec new file mode 100644 index 000000000..35f4d6c20 --- /dev/null +++ b/packages/powerzure.vm/powerzure.vm.nuspec @@ -0,0 +1,13 @@ + + + + powerzure.vm + 0.0.0.20230320 + hausec + PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. + + + + + + diff --git a/packages/powerzure.vm/tools/chocolateyinstall.ps1 b/packages/powerzure.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4075d476b --- /dev/null +++ b/packages/powerzure.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerZure' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/hausec/PowerZure/archive/093d4a3267ab514656759d7b2a6a91ac521b449b.zip' +$zipSha256 = '76e82df57013980cd6f3dd5b125e405e4ab3308368f2372121581a6a1e4a5a22' + +$powershellCommand = 'Import-Module Az, .\PowerZure.psm1; Invoke-PowerZure -h' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand \ No newline at end of file diff --git a/packages/powerzure.vm/tools/chocolateyuninstall.ps1 b/packages/powerzure.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..250259660 --- /dev/null +++ b/packages/powerzure.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerZure' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 3c829fd69c3f4b0b1191705babf2710aa6438bf3 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 19:39:12 +0200 Subject: [PATCH 169/330] :robot: Add invokeobfuscation.vm (#484) * Add invokeobfuscation.vm Closes https://github.com/mandiant/VM-Packages/issues/483. * added shortcut command --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../invokeobfuscation.vm/invokeobfuscation.vm.nuspec | 12 ++++++++++++ .../invokeobfuscation.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec create mode 100644 packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec b/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec new file mode 100644 index 000000000..576c6c3f0 --- /dev/null +++ b/packages/invokeobfuscation.vm/invokeobfuscation.vm.nuspec @@ -0,0 +1,12 @@ + + + + invokeobfuscation.vm + 1.8.2 + cobbr, 4d4c, mvle, danielbohannon + Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. + + + + + diff --git a/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 b/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4262908cb --- /dev/null +++ b/packages/invokeobfuscation.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-Obfuscation' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/danielbohannon/Invoke-Obfuscation/archive/f20e7f843edd0a3a7716736e9eddfa423395dd26.zip' +$zipSha256 = '24149efe341b4bfc216dea22ece4918abcbe0655d3d1f3c07d1965fac5b4478e' + +$powershellCommand = 'Import-Module ./Invoke-Obfuscation.psd1; Invoke-Obfuscation' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 b/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..61ddd71c8 --- /dev/null +++ b/packages/invokeobfuscation.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-Obfuscation' +$category = 'Payload Development' + +VM-Uninstall $toolName $category From f9f17af9625fe6e3712b8d18dc5223c6df8e849b Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Thu, 13 Jul 2023 10:45:08 -0700 Subject: [PATCH 170/330] Add MicroBurst (#275) * added microburst * added a shortcut psm import command * removed trailing whitespace * added the az dependency * manually importing modules to avoid errors with the shortcut * fixed shortcut, changed category * added help menu to the shortcut * updating category for uninstall to match install --------- Co-authored-by: unknown --- packages/microburst.vm/microburst.vm.nuspec | 13 +++++++++++++ packages/microburst.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ .../microburst.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 32 insertions(+) create mode 100644 packages/microburst.vm/microburst.vm.nuspec create mode 100644 packages/microburst.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/microburst.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/microburst.vm/microburst.vm.nuspec b/packages/microburst.vm/microburst.vm.nuspec new file mode 100644 index 000000000..9c8a5098e --- /dev/null +++ b/packages/microburst.vm/microburst.vm.nuspec @@ -0,0 +1,13 @@ + + + + microburst.vm + 0.0.0.20230320 + NetSPI + MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. + + + + + + diff --git a/packages/microburst.vm/tools/chocolateyinstall.ps1 b/packages/microburst.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d8f8b7051 --- /dev/null +++ b/packages/microburst.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MicroBurst' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/NetSPI/MicroBurst/archive/10a4f9579de3fe687208f7a3d3d1120fbba408cc.zip' +$zipSha256 = '72700519c40fac2b01e5362e4d3d1e171e73910f8e9e9859753f26c64f0529d0' + +$powershellCommand = 'Import-Module Az, .\Az\MicroBurst-Az.psm1, .\Misc\MicroBurst-Misc.psm1, .\REST\MicroBurst-AzureREST.psm1; Get-Command -Module MicroBurst-Az' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand \ No newline at end of file diff --git a/packages/microburst.vm/tools/chocolateyuninstall.ps1 b/packages/microburst.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..658475cbc --- /dev/null +++ b/packages/microburst.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MicroBurst' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 2cc1f1f377d8d59d4b5f570b16f0709ff126cdb5 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 19:50:36 +0200 Subject: [PATCH 171/330] :robot: Add powercat.vm (#488) * Add powercat.vm Closes https://github.com/mandiant/VM-Packages/issues/487. * added shortcut --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/powercat.vm/powercat.vm.nuspec | 12 ++++++++++++ packages/powercat.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/powercat.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/powercat.vm/powercat.vm.nuspec create mode 100644 packages/powercat.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/powercat.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/powercat.vm/powercat.vm.nuspec b/packages/powercat.vm/powercat.vm.nuspec new file mode 100644 index 000000000..47a8ef431 --- /dev/null +++ b/packages/powercat.vm/powercat.vm.nuspec @@ -0,0 +1,12 @@ + + + + powercat.vm + 0.0.0.20230710 + lukebaggett, besimorhino, nnamon, kjacobsen + PowerShell implementation of netcat functionality + + + + + diff --git a/packages/powercat.vm/tools/chocolateyinstall.ps1 b/packages/powercat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..59b42423d --- /dev/null +++ b/packages/powercat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerCat' +$category = 'Utilities' + +$ps1Url = 'https://raw.githubusercontent.com/besimorhino/powercat/4bea00079084c7dbc52105ce5b5988b036821c92/powercat.ps1' +$ps1Sha256 = 'c55672b5d2963969abe045fe75db52069d0300691d4f1f5923afeadf5353b9d2' + +$ps1Cmd = 'Import-Module .\powercat.ps1; powercat -h' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/powercat.vm/tools/chocolateyuninstall.ps1 b/packages/powercat.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..21462fd3e --- /dev/null +++ b/packages/powercat.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerCat' +$category = 'Utilities' + +VM-Uninstall $toolName $category From dd2b3e7f4a5e1b8cd166847e5cf6d080fe42fe4e Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 19:55:46 +0200 Subject: [PATCH 172/330] :robot: Add invokedosfuscation.vm (#490) * Add invokedosfuscation.vm Closes https://github.com/mandiant/VM-Packages/issues/489. * added a shortcut command --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../invokedosfuscation.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 12 ++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec create mode 100644 packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec b/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec new file mode 100644 index 000000000..04a00209e --- /dev/null +++ b/packages/invokedosfuscation.vm/invokedosfuscation.vm.nuspec @@ -0,0 +1,12 @@ + + + + invokedosfuscation.vm + 1.0 + danielbohannon + Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. + + + + + diff --git a/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 b/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f50310540 --- /dev/null +++ b/packages/invokedosfuscation.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-DOSfuscation' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/danielbohannon/Invoke-DOSfuscation/archive/6260f5b5848b967446371ee7800aaa0409ea23cc.zip' +$zipSha256 = '60b78094731fc8f54333193e840cb847ac4018c6ca1ccc36c107cda533016791' + +$powershellCommand = 'Import-Module .\Invoke-DOSfuscation.psd1; Invoke-DOSfuscation' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 b/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3db4a6666 --- /dev/null +++ b/packages/invokedosfuscation.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Invoke-DOSfuscation' +$category = 'Payload Development' + +VM-Uninstall $toolName $category From 5e44898b9bacb86a8a0aa090e9cdc98bf2087ff8 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:03:22 +0200 Subject: [PATCH 173/330] :robot: Add adconnectdump.vm (#495) * Add adconnectdump.vm Closes https://github.com/mandiant/VM-Packages/issues/494. * added dependencies * removed dependency --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/adconnectdump.vm/adconnectdump.vm.nuspec | 3 +-- packages/adconnectdump.vm/tools/chocolateyinstall.ps1 | 2 +- packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/adconnectdump.vm/adconnectdump.vm.nuspec b/packages/adconnectdump.vm/adconnectdump.vm.nuspec index 51671b625..89e26d684 100644 --- a/packages/adconnectdump.vm/adconnectdump.vm.nuspec +++ b/packages/adconnectdump.vm/adconnectdump.vm.nuspec @@ -2,12 +2,11 @@ adconnectdump.vm - 0.0.0.20230320 + 0.0.0.20230710 fox-it This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. - diff --git a/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 index 9e8a13280..3b55e44e8 100644 --- a/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 +++ b/packages/adconnectdump.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ADConnectDump' -$category = 'Cloud' +$category = 'Credential Access' $zipUrl = 'https://github.com/fox-it/adconnectdump/archive/3ff6ebe7afac83263dd41857fdec51dcca0012b4.zip' $zipSha256 = '6f36659f4d0ef7e20ddea0d7c17f36786c2fa8ca0728e6fd790f3234f408e0e9' diff --git a/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 index fdf72860c..ec6f35fc2 100644 --- a/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 +++ b/packages/adconnectdump.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ADConnectDump' -$category = 'Cloud' +$category = 'Credential Access' VM-Uninstall $toolName $category From 35485112aba3cf48183ed461f8af200c6014302a Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:04:11 +0200 Subject: [PATCH 174/330] :robot: Add powersploit.vm (#543) * Add powersploit.vm Closes https://github.com/mandiant/VM-Packages/issues/542. * Adding powersploit package and powersploit and powerview shortcuts * removed ps1 from shortcut for consistency --------- Co-authored-by: unknown Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/powersploit.vm/powersploit.vm.nuspec | 12 ++++++++++ .../tools/chocolateyinstall.ps1 | 24 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 ++++++ 3 files changed, 43 insertions(+) create mode 100644 packages/powersploit.vm/powersploit.vm.nuspec create mode 100644 packages/powersploit.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/powersploit.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/powersploit.vm/powersploit.vm.nuspec b/packages/powersploit.vm/powersploit.vm.nuspec new file mode 100644 index 000000000..8be707c54 --- /dev/null +++ b/packages/powersploit.vm/powersploit.vm.nuspec @@ -0,0 +1,12 @@ + + + + powersploit.vm + 0.0.0.20230713 + HarmJ0y, 0xe7 + PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. + + + + + diff --git a/packages/powersploit.vm/tools/chocolateyinstall.ps1 b/packages/powersploit.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bf326dbe1 --- /dev/null +++ b/packages/powersploit.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,24 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +#vars for powersploit +$toolName = 'PowerSploit' +$category = 'Exploitation' + +# install powersploit, import module, and list available powersploit modules +$zipUrl = 'https://github.com/ZeroDayLab/PowerSploit/archive/72a88240ed0c6527f3880a1fb15ea7a19589c2d8.zip' +$zipSha256 = '4a86b4b92e97fe6f1d76d8d93d9e481c007809db803cc82f4f0ec86ff7186bcf' +$powershellCommand = 'Import-Module $Env:RAW_TOOLS_DIR\PowerSploit\PowerSploit.psd1; Get-Command -Module PowerSploit' +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + +# vars for powerview +$toolName2 = 'PowerView' +$category2 = 'Reconnaissance' +$shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category2 +$shortcut = Join-Path $shortcutDir "$toolName2.lnk" +$targetCmd = Join-Path ${Env:WinDir} "system32\WindowsPowerShell\v1.0\powershell.exe" -Resolve +$executableArgs = '-NoExit Import-Module $Env:RAW_TOOLS_DIR\PowerSploit\Recon\Recon.psd1; Get-Command -Module Recon' + +# install powerview shortcut and list available powerview modules +Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $targetCmd -Arguments $executableArgs +VM-Assert-Path $shortcut diff --git a/packages/powersploit.vm/tools/chocolateyuninstall.ps1 b/packages/powersploit.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d4fee3801 --- /dev/null +++ b/packages/powersploit.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerSploit' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From fe682dd1402ac5abc75414631f155a5646374324 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:11:09 +0200 Subject: [PATCH 175/330] :robot: Add tor-browser.vm (#562) * Add tor-browser.vm Closes https://github.com/mandiant/VM-Packages/issues/561. * removing desktop shortcut * locked version * fixed shortcut path --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../tools/chocolateyinstall.ps1 | 22 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 ++++++ packages/tor-browser.vm/tor-browser.vm.nuspec | 13 +++++++++++ 3 files changed, 42 insertions(+) create mode 100644 packages/tor-browser.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/tor-browser.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/tor-browser.vm/tor-browser.vm.nuspec diff --git a/packages/tor-browser.vm/tools/chocolateyinstall.ps1 b/packages/tor-browser.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f0f2b0433 --- /dev/null +++ b/packages/tor-browser.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,22 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Tor Browser' + $category = 'Utilities' + $shimPath = '\lib\tor-browser\tools\tor-browser\Browser\firefox.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + if (Test-Path $desktopShortcut) { + Remove-Item $desktopShortcut -Force -ea 0 + } +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 b/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9f1ff5500 --- /dev/null +++ b/packages/tor-browser.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Tor Browser' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec new file mode 100644 index 000000000..7fd1add70 --- /dev/null +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -0,0 +1,13 @@ + + + + tor-browser.vm + 12.5.1 + Tor Project + The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. + + + + + + From 6fd4ac2c3caf5ddee011a000e7061857a94f5836 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:15:31 +0200 Subject: [PATCH 176/330] :robot: Add mfasweep.vm (#493) * Add mfasweep.vm Closes https://github.com/mandiant/VM-Packages/issues/491. * added shortcut * fixed shortcut cmd * changed category --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/mfasweep.vm/mfasweep.vm.nuspec | 12 ++++++++++++ packages/mfasweep.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/mfasweep.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/mfasweep.vm/mfasweep.vm.nuspec create mode 100644 packages/mfasweep.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/mfasweep.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/mfasweep.vm/mfasweep.vm.nuspec b/packages/mfasweep.vm/mfasweep.vm.nuspec new file mode 100644 index 000000000..baef41e0c --- /dev/null +++ b/packages/mfasweep.vm/mfasweep.vm.nuspec @@ -0,0 +1,12 @@ + + + + mfasweep.vm + 0.0.0.20230710 + dafthack + MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. + + + + + diff --git a/packages/mfasweep.vm/tools/chocolateyinstall.ps1 b/packages/mfasweep.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..9d961345f --- /dev/null +++ b/packages/mfasweep.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MFASweep' +$category = 'Reconnaissance' + +$ps1Url = 'https://raw.githubusercontent.com/dafthack/MFASweep/d624cdedb3eaa40518990b234b308c1ec8f6bbc7/MFASweep.ps1' +$ps1Sha256 = 'e5df6d6914a197455d4779c50863f86c5086abbcb6638a4d9ea50598313c1481' + +$ps1Cmd = 'Import-Module .\MFASweep.ps1; Get-Help Invoke-MFASweep' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 b/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fa3963d4f --- /dev/null +++ b/packages/mfasweep.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MFASweep' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category From 5ec0f065f12526139290e1d5437b5f44d7cd1bf9 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:23:49 +0200 Subject: [PATCH 177/330] Add minidump.vm (#503) Closes https://github.com/mandiant/VM-Packages/issues/502. --- packages/minidump.vm/minidump.vm.nuspec | 12 ++++++++++++ packages/minidump.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/minidump.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/minidump.vm/minidump.vm.nuspec create mode 100644 packages/minidump.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/minidump.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/minidump.vm/minidump.vm.nuspec b/packages/minidump.vm/minidump.vm.nuspec new file mode 100644 index 000000000..a718a422c --- /dev/null +++ b/packages/minidump.vm/minidump.vm.nuspec @@ -0,0 +1,12 @@ + + + + minidump.vm + 0.0.0.20230711 + Mr.Un1k0d3r + Alternative to procdump written in C# (perfect for execute-assembly) and C. + + + + + diff --git a/packages/minidump.vm/tools/chocolateyinstall.ps1 b/packages/minidump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..5ae7e3944 --- /dev/null +++ b/packages/minidump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MiniDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Mr-Un1k0d3r/MiniDump/archive/98a21941831b90b203fdbfb253cd0b3dc27a0475.zip' +$zipSha256 = '975d43c2aa7a2a84ecdd925db1fd39fec4aa610b99da45d5661979c120261b82' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/minidump.vm/tools/chocolateyuninstall.ps1 b/packages/minidump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..1f4f9300f --- /dev/null +++ b/packages/minidump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MiniDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 580a7a023282fb5e1d63f0b71e5fa501d1c9eff5 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:31:00 +0200 Subject: [PATCH 178/330] Add sharpsecdump.vm (#505) Closes https://github.com/mandiant/VM-Packages/issues/504. --- packages/sharpsecdump.vm/sharpsecdump.vm.nuspec | 12 ++++++++++++ packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../sharpsecdump.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpsecdump.vm/sharpsecdump.vm.nuspec create mode 100644 packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec b/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec new file mode 100644 index 000000000..6cfcedc33 --- /dev/null +++ b/packages/sharpsecdump.vm/sharpsecdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpsecdump.vm + 0.0.0.20230711 + G0ldenGunSec + .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py + + + + + diff --git a/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 b/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e6bc06427 --- /dev/null +++ b/packages/sharpsecdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpSecDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/G0ldenGunSec/SharpSecDump/archive/ef2463688e405fad0fabb001b3d8869db51da0e0.zip' +$zipSha256 = '10108c1817d21f747e10317ccca14b58d3e060c7c3fe268eccf81ef58e448ae4' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 b/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..817ae7934 --- /dev/null +++ b/packages/sharpsecdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpSecDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From a3c07888eb7be63bdcf2b3adf36de8f362270312 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:40:57 +0200 Subject: [PATCH 179/330] Add group3r.vm (#507) Closes https://github.com/mandiant/VM-Packages/issues/506. --- packages/group3r.vm/group3r.vm.nuspec | 12 ++++++++++++ packages/group3r.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/group3r.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/group3r.vm/group3r.vm.nuspec create mode 100644 packages/group3r.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/group3r.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/group3r.vm/group3r.vm.nuspec b/packages/group3r.vm/group3r.vm.nuspec new file mode 100644 index 000000000..e6af3ea85 --- /dev/null +++ b/packages/group3r.vm/group3r.vm.nuspec @@ -0,0 +1,12 @@ + + + + group3r.vm + 1.0.53 + l0ss + Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations. + + + + + diff --git a/packages/group3r.vm/tools/chocolateyinstall.ps1 b/packages/group3r.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d24e12720 --- /dev/null +++ b/packages/group3r.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Group3r' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/Group3r/Group3r/releases/download/1.0.53/Group3r.exe' +$exeSha256 = 'a8bb914637ae760a57ab1ea6f00636348371f4bff4ddae20cc14b533ec6d9e6b' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/group3r.vm/tools/chocolateyuninstall.ps1 b/packages/group3r.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5ebe60daa --- /dev/null +++ b/packages/group3r.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Group3r' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category From 49b17636d899f8bebd999b0e3c86a4b0ff1aaf0d Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 20:59:33 +0200 Subject: [PATCH 180/330] :robot: Add powermad.vm (#511) * Add powermad.vm Closes https://github.com/mandiant/VM-Packages/issues/510. * added shortcut command * fixed category --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/powermad.vm/powermad.vm.nuspec | 12 ++++++++++++ packages/powermad.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/powermad.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/powermad.vm/powermad.vm.nuspec create mode 100644 packages/powermad.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/powermad.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/powermad.vm/powermad.vm.nuspec b/packages/powermad.vm/powermad.vm.nuspec new file mode 100644 index 000000000..7bf6e06c8 --- /dev/null +++ b/packages/powermad.vm/powermad.vm.nuspec @@ -0,0 +1,12 @@ + + + + powermad.vm + 0.0.0.20230711 + Kevin-Robertson + Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD + + + + + diff --git a/packages/powermad.vm/tools/chocolateyinstall.ps1 b/packages/powermad.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..7e8755472 --- /dev/null +++ b/packages/powermad.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerMad' +$category = 'Exploitation' + +$zipUrl = 'https://github.com/Kevin-Robertson/Powermad/archive/3ad36e655d0dbe89941515cdb67a3fd518133dcb.zip' +$zipSha256 = 'e01cfdb69f938ecd8c707e81dce2832935bb26e368405f2180b6858bce5b4d73' + +$powershellCommand = 'Import-Module .\Powermad.psd1; Get-Command -Module Powermad' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand diff --git a/packages/powermad.vm/tools/chocolateyuninstall.ps1 b/packages/powermad.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..19291b3fe --- /dev/null +++ b/packages/powermad.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PowerMad' +$category = 'Exploitation' + +VM-Uninstall $toolName $category From 055fa7298a9f58401729a9ed58bb430184497cbc Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 21:31:09 +0200 Subject: [PATCH 181/330] Add ldapnomnom.vm (#513) Closes https://github.com/mandiant/VM-Packages/issues/512. --- packages/ldapnomnom.vm/ldapnomnom.vm.nuspec | 12 ++++++++++++ packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/ldapnomnom.vm/ldapnomnom.vm.nuspec create mode 100644 packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec b/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec new file mode 100644 index 000000000..1ba2d936c --- /dev/null +++ b/packages/ldapnomnom.vm/ldapnomnom.vm.nuspec @@ -0,0 +1,12 @@ + + + + ldapnomnom.vm + 1.1.0 + lkarlslund + Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) + + + + + diff --git a/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 b/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bbf87e367 --- /dev/null +++ b/packages/ldapnomnom.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'LDAPNomNom' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/lkarlslund/ldapnomnom/releases/download/v1.1.0/ldapnomnom-windows-amd64.exe' +$exeSha256 = '5e8d04c49ec9bac3e5269c5054dab440fd521a3840b9c8702e8ecadc01d392a6' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 b/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..72b238ffa --- /dev/null +++ b/packages/ldapnomnom.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'LDAPNomNom' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category From fee1ca2276931218ad8378dd1e98c11d0612931a Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 21:56:50 +0200 Subject: [PATCH 182/330] :robot: Add payloadallthethings.vm (#522) * Add payloadallthethings.vm Closes https://github.com/mandiant/VM-Packages/issues/521. * fixed name --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../payloadsallthethings.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec create mode 100644 packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec b/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec new file mode 100644 index 000000000..1b9e62546 --- /dev/null +++ b/packages/payloadsallthethings.vm/payloadsallthethings.vm.nuspec @@ -0,0 +1,12 @@ + + + + payloadsallthethings.vm + 0.0.0.20230711 + swisskyrepo + A list of useful payloads and bypasses for Web Application Security. + + + + + diff --git a/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 b/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..cf04233a3 --- /dev/null +++ b/packages/payloadsallthethings.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PayloadsAllTheThings' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/swisskyrepo/PayloadsAllTheThings/archive/cd19bb94096a61ef22d0c9668bc29674fce53fa0.zip' +$zipSha256 = 'c2adbecb78e01e5d8987ab42b40a30b4a104ee6c2886d8143395645408f9f361' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 b/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..da49e2b89 --- /dev/null +++ b/packages/payloadsallthethings.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PayloadsAllTheThings' +$category = 'Wordlists' + +VM-Uninstall $toolName $category From acf07325ff1ca7d8bbeb876629538e264b3953f9 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:09:35 +0200 Subject: [PATCH 183/330] :robot: Add fuzzdb.vm (#526) * Add fuzzdb.vm Closes https://github.com/mandiant/VM-Packages/issues/525. * changed description --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/fuzzdb.vm/fuzzdb.vm.nuspec | 12 ++++++++++++ packages/fuzzdb.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/fuzzdb.vm/fuzzdb.vm.nuspec create mode 100644 packages/fuzzdb.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/fuzzdb.vm/fuzzdb.vm.nuspec b/packages/fuzzdb.vm/fuzzdb.vm.nuspec new file mode 100644 index 000000000..75bc8527f --- /dev/null +++ b/packages/fuzzdb.vm/fuzzdb.vm.nuspec @@ -0,0 +1,12 @@ + + + + fuzzdb.vm + 0.0.0.20230711 + fuzzdb-project + FuzzDB is the most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. + + + + + diff --git a/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 b/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c9e609eeb --- /dev/null +++ b/packages/fuzzdb.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'FuzzDB' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/fuzzdb-project/fuzzdb/archive/5656ab25dc6bb43bae32236fab775658a90d7380.zip' +$zipSha256 = 'b732136975be06f71e8c8cfa6923a6dfba028b7f8c4cfa21c6280ef5b74aa1fa' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 b/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6de2bba12 --- /dev/null +++ b/packages/fuzzdb.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'FuzzDB' +$category = 'Wordlists' + +VM-Uninstall $toolName $category From 37b37e0b665e501e50edc8b60cb544ba278f77a1 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:15:46 +0200 Subject: [PATCH 184/330] Add statistically-likely-usernames.vm (#528) Closes https://github.com/mandiant/VM-Packages/issues/527. --- .../statistically-likely-usernames.vm.nuspec | 12 ++++++++++++ .../tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec create mode 100644 packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec b/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec new file mode 100644 index 000000000..cb2fd0cbd --- /dev/null +++ b/packages/statistically-likely-usernames.vm/statistically-likely-usernames.vm.nuspec @@ -0,0 +1,12 @@ + + + + statistically-likely-usernames.vm + 0.0.0.20230711 + insidetrust + This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks. + + + + + diff --git a/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 b/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..63666d47d --- /dev/null +++ b/packages/statistically-likely-usernames.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Statistically-Likely-Usernames' +$category = 'Wordlists' + +$zipUrl = 'https://github.com/insidetrust/statistically-likely-usernames/archive/fc2321c65a1327a1db363764979e7c23d84dfd37.zip' +$zipSha256 = 'f52a84310e098d662ae212eccc979cefc1d061aa06aca765a8e0f98a4ece3c0c' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 b/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..477c4a2b4 --- /dev/null +++ b/packages/statistically-likely-usernames.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Statistically-Likely-Usernames' +$category = 'Wordlists' + +VM-Uninstall $toolName $category From 6621a616769eec3bb56b1a29a16d449b12013404 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:20:08 +0200 Subject: [PATCH 185/330] Add covenant.vm (#530) Closes https://github.com/mandiant/VM-Packages/issues/529. --- packages/covenant.vm/covenant.vm.nuspec | 12 ++++++++++++ packages/covenant.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/covenant.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/covenant.vm/covenant.vm.nuspec create mode 100644 packages/covenant.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/covenant.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/covenant.vm/covenant.vm.nuspec b/packages/covenant.vm/covenant.vm.nuspec new file mode 100644 index 000000000..0da5df902 --- /dev/null +++ b/packages/covenant.vm/covenant.vm.nuspec @@ -0,0 +1,12 @@ + + + + covenant.vm + 0.0.0.20230711 + cobbr + Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. + + + + + diff --git a/packages/covenant.vm/tools/chocolateyinstall.ps1 b/packages/covenant.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8fc160b64 --- /dev/null +++ b/packages/covenant.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Covenant' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/cobbr/Covenant/archive/5decc3ccfab04e6e881ed00c9de649740dac8ad1.zip' +$zipSha256 = '53f532e350b7a43b0dab8e21a5298587b9a2f498c46bed77d443dea32525b525' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/covenant.vm/tools/chocolateyuninstall.ps1 b/packages/covenant.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0a33a8391 --- /dev/null +++ b/packages/covenant.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Covenant' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From d5955745992d8703e3ff2a335f925856faebe40e Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:23:47 +0200 Subject: [PATCH 186/330] Add c3.vm (#532) Closes https://github.com/mandiant/VM-Packages/issues/531. --- packages/c3.vm/c3.vm.nuspec | 12 ++++++++++++ packages/c3.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/c3.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/c3.vm/c3.vm.nuspec create mode 100644 packages/c3.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/c3.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/c3.vm/c3.vm.nuspec b/packages/c3.vm/c3.vm.nuspec new file mode 100644 index 000000000..c89293cc4 --- /dev/null +++ b/packages/c3.vm/c3.vm.nuspec @@ -0,0 +1,12 @@ + + + + c3.vm + 0.0.0.20230711 + WithSecureLabs + C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2. + + + + + diff --git a/packages/c3.vm/tools/chocolateyinstall.ps1 b/packages/c3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..fc29920db --- /dev/null +++ b/packages/c3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'C3' +$category = 'Command & Control' + +$zipUrl = 'https://github.com/WithSecureLabs/C3/archive/e1b9922d199e45e222001a3afe47757349f24e7a.zip' +$zipSha256 = '8dd29ed32c2a38312b617c430ff84019da8bd434e3704b778f031aaa859c4e8e' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/c3.vm/tools/chocolateyuninstall.ps1 b/packages/c3.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..b5a99ae45 --- /dev/null +++ b/packages/c3.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'C3' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From 6d3650d36d234e3f1e68a869b569d0ab7a08d2ca Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:32:41 +0200 Subject: [PATCH 187/330] Add badassmacros.vm (#536) Closes https://github.com/mandiant/VM-Packages/issues/535. --- packages/badassmacros.vm/badassmacros.vm.nuspec | 12 ++++++++++++ packages/badassmacros.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../badassmacros.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/badassmacros.vm/badassmacros.vm.nuspec create mode 100644 packages/badassmacros.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/badassmacros.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/badassmacros.vm/badassmacros.vm.nuspec b/packages/badassmacros.vm/badassmacros.vm.nuspec new file mode 100644 index 000000000..25c3e0cf6 --- /dev/null +++ b/packages/badassmacros.vm/badassmacros.vm.nuspec @@ -0,0 +1,12 @@ + + + + badassmacros.vm + 1.0 + sbasu7241, Inf0secRabbit + Proof of Concept tool to generate malicious macros leveraging techniques like VBA Purging and Shellcode Obfuscation to evade AV engines. + + + + + diff --git a/packages/badassmacros.vm/tools/chocolateyinstall.ps1 b/packages/badassmacros.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e924759c6 --- /dev/null +++ b/packages/badassmacros.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BadAssMacros' +$category = 'Payload Development' + +$exeUrl = 'https://github.com/Inf0secRabbit/BadAssMacros/releases/download/v1.0/BadAssMacrosx64.exe' +$exeSha256 = 'aa1efdba79ca36fa9d6d4b64fbe29e2ea7bc8cff1053e21269b8788104d48e83' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 b/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..22d0d89c3 --- /dev/null +++ b/packages/badassmacros.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'BadAssMacros' +$category = 'Payload Development' + +VM-Uninstall $toolName $category From 47de8ee825bbf8810b508e520d32f67d66c6cdf1 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:35:17 +0200 Subject: [PATCH 188/330] Add evilclippy.vm (#538) Closes https://github.com/mandiant/VM-Packages/issues/537. --- packages/evilclippy.vm/evilclippy.vm.nuspec | 12 ++++++++++++ packages/evilclippy.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/evilclippy.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/evilclippy.vm/evilclippy.vm.nuspec create mode 100644 packages/evilclippy.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/evilclippy.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/evilclippy.vm/evilclippy.vm.nuspec b/packages/evilclippy.vm/evilclippy.vm.nuspec new file mode 100644 index 000000000..7bff2df60 --- /dev/null +++ b/packages/evilclippy.vm/evilclippy.vm.nuspec @@ -0,0 +1,12 @@ + + + + evilclippy.vm + 1.3 + outflank + A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. + + + + + diff --git a/packages/evilclippy.vm/tools/chocolateyinstall.ps1 b/packages/evilclippy.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8b078f2a1 --- /dev/null +++ b/packages/evilclippy.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'EvilClippy' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/outflanknl/EvilClippy/archive/refs/tags/v1.3.zip' +$zipSha256 = '6ff1633de0ce8b99d5cf59a3e3cddf1960d4e7410d1441fd86940db42a7785a7' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 b/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..dc8694c1a --- /dev/null +++ b/packages/evilclippy.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'EvilClippy' +$category = 'Payload Development' + +VM-Uninstall $toolName $category From 617699ecc51f6a3dd361426651fb763358b246bb Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:38:57 +0200 Subject: [PATCH 189/330] Add sharplaps.vm (#540) Closes https://github.com/mandiant/VM-Packages/issues/539. --- packages/sharplaps.vm/sharplaps.vm.nuspec | 12 ++++++++++++ packages/sharplaps.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharplaps.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharplaps.vm/sharplaps.vm.nuspec create mode 100644 packages/sharplaps.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharplaps.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharplaps.vm/sharplaps.vm.nuspec b/packages/sharplaps.vm/sharplaps.vm.nuspec new file mode 100644 index 000000000..4b1e460d9 --- /dev/null +++ b/packages/sharplaps.vm/sharplaps.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharplaps.vm + 1.1 + swisskyrepo + This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. + + + + + diff --git a/packages/sharplaps.vm/tools/chocolateyinstall.ps1 b/packages/sharplaps.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..58b6d9da0 --- /dev/null +++ b/packages/sharplaps.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpLAPS' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/swisskyrepo/SharpLAPS/releases/download/latest-SharpLAPS/SharpLAPS.exe' +$exeSha256 = 'ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 b/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..c2eadddf0 --- /dev/null +++ b/packages/sharplaps.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpLAPS' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From a75c2eb98e099fcb61da8ccca15cc35d20f6aa07 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 22:45:36 +0200 Subject: [PATCH 190/330] :robot: Add mailsniper.vm (#547) * Add mailsniper.vm Closes https://github.com/mandiant/VM-Packages/issues/544. * changed desc. added shortcut. fixed name. * fixed shortcut --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/mailsniper.vm/mailsniper.vm.nuspec | 12 ++++++++++++ packages/mailsniper.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/mailsniper.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/mailsniper.vm/mailsniper.vm.nuspec create mode 100644 packages/mailsniper.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/mailsniper.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/mailsniper.vm/mailsniper.vm.nuspec b/packages/mailsniper.vm/mailsniper.vm.nuspec new file mode 100644 index 000000000..2515bc8ed --- /dev/null +++ b/packages/mailsniper.vm/mailsniper.vm.nuspec @@ -0,0 +1,12 @@ + + + + mailsniper.vm + 0.0.0.20230712 + dafthack + MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms and performing password spraying. + + + + + diff --git a/packages/mailsniper.vm/tools/chocolateyinstall.ps1 b/packages/mailsniper.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0754cd725 --- /dev/null +++ b/packages/mailsniper.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MailSniper' +$category = 'Credential Access' + +$ps1Url = 'https://raw.githubusercontent.com/dafthack/MailSniper/f6fd1441feb246ba0d1c6d47f7f3a6dcbe3d2b92/MailSniper.ps1' +$ps1Sha256 = '353eec8f77c54fc914168bbdc111f0766421aaf8d7e4314036e79bf1b08060c6' + +$ps1Cmd = 'Import-Module .\MailSniper.ps1; Get-Help MailSniper' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 b/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..17a6dd3aa --- /dev/null +++ b/packages/mailsniper.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'MailSniper' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From fd0e6e9261858dd55f18684991e4210559b986e6 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 23:07:11 +0200 Subject: [PATCH 191/330] Add keethief.vm (#555) Closes https://github.com/mandiant/VM-Packages/issues/554. --- packages/keethief.vm/keethief.vm.nuspec | 12 ++++++++++++ packages/keethief.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/keethief.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/keethief.vm/keethief.vm.nuspec create mode 100644 packages/keethief.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/keethief.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/keethief.vm/keethief.vm.nuspec b/packages/keethief.vm/keethief.vm.nuspec new file mode 100644 index 000000000..a5096a9e0 --- /dev/null +++ b/packages/keethief.vm/keethief.vm.nuspec @@ -0,0 +1,12 @@ + + + + keethief.vm + 0.0.0.20230713 + tifkin_, harmj0y + Allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system. + + + + + diff --git a/packages/keethief.vm/tools/chocolateyinstall.ps1 b/packages/keethief.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2de1891d9 --- /dev/null +++ b/packages/keethief.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'KeeThief' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/KeeThief/archive/04f3fbc0ba87dbcd9011ad40a1382169dc5afd59.zip' +$zipSha256 = '2fe020645855564ce1d0236c3e83e8d66a09c91c00d95a40b88cbe9ffd5ca204' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/keethief.vm/tools/chocolateyuninstall.ps1 b/packages/keethief.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..25a351810 --- /dev/null +++ b/packages/keethief.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'KeeThief' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From f513f6c33b155ea35bbc4ab883f11c1d9728a178 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 23:10:10 +0200 Subject: [PATCH 192/330] Add netgpppassword.vm (#560) Closes https://github.com/mandiant/VM-Packages/issues/559. --- packages/netgpppassword.vm/netgpppassword.vm.nuspec | 12 ++++++++++++ .../netgpppassword.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../netgpppassword.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/netgpppassword.vm/netgpppassword.vm.nuspec create mode 100644 packages/netgpppassword.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/netgpppassword.vm/netgpppassword.vm.nuspec b/packages/netgpppassword.vm/netgpppassword.vm.nuspec new file mode 100644 index 000000000..c9c43b5ce --- /dev/null +++ b/packages/netgpppassword.vm/netgpppassword.vm.nuspec @@ -0,0 +1,12 @@ + + + + netgpppassword.vm + 1.0 + outflank + .NET/C# implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences. + + + + + diff --git a/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 b/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f125868e8 --- /dev/null +++ b/packages/netgpppassword.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Net-GPPPassword' +$category = 'Reconnaissance' + +$exeUrl = 'https://github.com/outflanknl/Net-GPPPassword/releases/download/v1/Net-GPPPassword_dotNET_v4.exe' +$exeSha256 = '899c51f6a9ffdbf6228f0c4e22f90c5119dc5fbe0417ce1d346783c13f247e08' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 b/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3f0a419c0 --- /dev/null +++ b/packages/netgpppassword.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Net-GPPPassword' +$category = 'Reconnaissance' + +VM-Uninstall $toolName $category From 187e691685aa1be6449eed14250ce7fd38a69a34 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Thu, 13 Jul 2023 23:55:02 +0200 Subject: [PATCH 193/330] Add syswhispers3.vm (#570) Closes https://github.com/mandiant/VM-Packages/issues/549. --- packages/syswhispers3.vm/syswhispers3.vm.nuspec | 12 ++++++++++++ packages/syswhispers3.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../syswhispers3.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/syswhispers3.vm/syswhispers3.vm.nuspec create mode 100644 packages/syswhispers3.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/syswhispers3.vm/syswhispers3.vm.nuspec b/packages/syswhispers3.vm/syswhispers3.vm.nuspec new file mode 100644 index 000000000..6f011312e --- /dev/null +++ b/packages/syswhispers3.vm/syswhispers3.vm.nuspec @@ -0,0 +1,12 @@ + + + + syswhispers3.vm + 0.0.0.20230713 + klezVirus + SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. + + + + + diff --git a/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 b/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c12f05167 --- /dev/null +++ b/packages/syswhispers3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers3' +$category = 'Payload Development' + +$zipUrl = 'https://github.com/klezVirus/SysWhispers3/archive/e3d5fc744c2e5c0ae952be0f7dcf498c5a68be4b.zip' +$zipSha256 = '987d04d404ee86536e04c488037fa9c9caa12d35fefdf9c0bc193d1bfed4c96a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 b/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4536c93df --- /dev/null +++ b/packages/syswhispers3.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SysWhispers3' +$category = 'Payload Development' + +VM-Uninstall $toolName $category From 933324daa6b29b68477d834cda1f53de01b730e3 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 00:28:42 +0200 Subject: [PATCH 194/330] Add sharpexec.vm (#576) Closes https://github.com/mandiant/VM-Packages/issues/573. --- packages/sharpexec.vm/sharpexec.vm.nuspec | 12 ++++++++++++ packages/sharpexec.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpexec.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpexec.vm/sharpexec.vm.nuspec create mode 100644 packages/sharpexec.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpexec.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpexec.vm/sharpexec.vm.nuspec b/packages/sharpexec.vm/sharpexec.vm.nuspec new file mode 100644 index 000000000..00aac4630 --- /dev/null +++ b/packages/sharpexec.vm/sharpexec.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpexec.vm + 0.0.0.20230713 + anthemtotheego + SharpExec is an offensive security C# tool designed to aid with lateral movement. + + + + + diff --git a/packages/sharpexec.vm/tools/chocolateyinstall.ps1 b/packages/sharpexec.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..d2ebfb184 --- /dev/null +++ b/packages/sharpexec.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpExec' +$category = 'Lateral Movement' + +$zipUrl = 'https://github.com/anthemtotheego/SharpExec/archive/852384499de1ab7b56ee93203b31638138a1d313.zip' +$zipSha256 = 'd032aa7772d8c0d47f30a77381c372cf5d181fea2836c9c85d65eb052785d2df' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 b/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..12f418f39 --- /dev/null +++ b/packages/sharpexec.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpExec' +$category = 'Lateral Movement' + +VM-Uninstall $toolName $category From 369b3bacc50b766aac3f8dffb5e722a33edc6454 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 00:29:24 +0200 Subject: [PATCH 195/330] Add wmimplant.vm (#574) Closes https://github.com/mandiant/VM-Packages/issues/571. --- packages/wmimplant.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/wmimplant.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ packages/wmimplant.vm/wmimplant.vm.nuspec | 12 ++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/wmimplant.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/wmimplant.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/wmimplant.vm/wmimplant.vm.nuspec diff --git a/packages/wmimplant.vm/tools/chocolateyinstall.ps1 b/packages/wmimplant.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..52d780beb --- /dev/null +++ b/packages/wmimplant.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WMImplant' +$category = 'Command & Control' + +$ps1Url = 'https://raw.githubusercontent.com/RedSiege/WMImplant/0ed3c3cba9c5e96d0947c3e73288d450ac8d8702/WMImplant.ps1' +$ps1Sha256 = '4226f7d50145fadce8b564b5dadfa38d067e155173af1dba4d41afb4a2d5b2ab' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 diff --git a/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 b/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..000af87f3 --- /dev/null +++ b/packages/wmimplant.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WMImplant' +$category = 'Command & Control' + +VM-Uninstall $toolName $category diff --git a/packages/wmimplant.vm/wmimplant.vm.nuspec b/packages/wmimplant.vm/wmimplant.vm.nuspec new file mode 100644 index 000000000..1f76467e8 --- /dev/null +++ b/packages/wmimplant.vm/wmimplant.vm.nuspec @@ -0,0 +1,12 @@ + + + + wmimplant.vm + 0.0.0.20230713 + RedSiege + WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. + + + + + From da4d183909b69f6bb414b17a91f7af8750a237b7 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 00:30:12 +0200 Subject: [PATCH 196/330] Add sharpdump.vm (#575) Closes https://github.com/mandiant/VM-Packages/issues/572. --- packages/sharpdump.vm/sharpdump.vm.nuspec | 12 ++++++++++++ packages/sharpdump.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sharpdump.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpdump.vm/sharpdump.vm.nuspec create mode 100644 packages/sharpdump.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpdump.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpdump.vm/sharpdump.vm.nuspec b/packages/sharpdump.vm/sharpdump.vm.nuspec new file mode 100644 index 000000000..1cde1fee9 --- /dev/null +++ b/packages/sharpdump.vm/sharpdump.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpdump.vm + 0.0.0.20230713 + HarmJ0y + SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. + + + + + diff --git a/packages/sharpdump.vm/tools/chocolateyinstall.ps1 b/packages/sharpdump.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e6c809107 --- /dev/null +++ b/packages/sharpdump.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDump' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/SharpDump/archive/41cfcf9b1abed2da79a93c201cbd38fbbe31684c.zip' +$zipSha256 = 'c7ddbf34fc9546638d05344727c7a07bbdf492f4f2313456ee5097a5dbea942a' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 b/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..bd6d1c784 --- /dev/null +++ b/packages/sharpdump.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpDump' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From a61ba9b149e48a833bc694e8da9092dc205769c3 Mon Sep 17 00:00:00 2001 From: Menn1s <38476987+Menn1s@users.noreply.github.com> Date: Thu, 13 Jul 2023 15:36:55 -0700 Subject: [PATCH 197/330] Adding Mimikatz (#256) * added mimikatz * changed version for nuspec * added try catches * fixed error action preference location * removed unused var * using category var instead of hard coded string * fixed category in mimikatz * fixed target execution path * Update category * Fixed category in uninstall script --- packages/mimikatz.vm/mimikatz.vm.nuspec | 12 +++++ .../mimikatz.vm/tools/chocolateyinstall.ps1 | 54 +++++++++++++++++++ .../mimikatz.vm/tools/chocolateyuninstall.ps1 | 23 ++++++++ 3 files changed, 89 insertions(+) create mode 100644 packages/mimikatz.vm/mimikatz.vm.nuspec create mode 100644 packages/mimikatz.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/mimikatz.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/mimikatz.vm/mimikatz.vm.nuspec b/packages/mimikatz.vm/mimikatz.vm.nuspec new file mode 100644 index 000000000..f33f2bc57 --- /dev/null +++ b/packages/mimikatz.vm/mimikatz.vm.nuspec @@ -0,0 +1,12 @@ + + + + mimikatz.vm + 2.2.0 + Benjamin Delpy, gentilkiwi + Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets + + + + + diff --git a/packages/mimikatz.vm/tools/chocolateyinstall.ps1 b/packages/mimikatz.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..db2974298 --- /dev/null +++ b/packages/mimikatz.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,54 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking +$category = 'Credential Access' + +try { + + $ErrorActionPreference = 'Stop' + Import-Module vm.common -Force -DisableNameChecking + $name = "Mimikatz" + $path = Join-Path ${Env:TOOL_LIST_DIR} $category + + # Remove files from previous zips for upgrade + VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} + + $toolsDir = Join-Path "${Env:RAW_TOOLS_DIR}" $name + if (-Not (Test-Path $toolsDir)) { + New-Item -Path $toolsDir -ItemType Directory -Force | Out-Null + } + + $url = "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20220919/mimikatz_trunk.7z" + $checksum = "1F2338D7B628374139D373AF383A1BDEC1A16B43CED015849C6BE4E4D90CC2C3" + + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $toolsDir + url = $url + checksum = $checksum + checksumType = 'sha256' + } + + Install-ChocolateyZipPackage @packageArgs + + $shortcut = Join-Path $path "mimikatz.x86.lnk" + $target = Join-Path (Join-Path $toolsDir "Win32") "mimikatz.exe" + $target_cmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + $target_args = '/K "' + $target + '"' + $target_icon = $target_cmd + $target_dir = $toolsDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $target_cmd -Arguments $target_args -WorkingDirectory $target_dir -IconLocation $target_icon + Install-BinFile -Name "mimikatz.x86" -Path $target + + $shortcut = Join-Path $path "mimikatz.x64.lnk" + $target = Join-Path (Join-Path $toolsDir "x64") "mimikatz.exe" + $target_cmd = Join-Path ${Env:WinDir} "system32\cmd.exe" + $target_args = '/K "' + $target + '"' + $target_icon = $target_cmd + $target_dir = $toolsDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $target_cmd -Arguments $target_args -WorkingDirectory $target_dir -IconLocation $target_icon + Install-BinFile -Name "mimikatz.x64" -Path $target +} +catch{ + Write-Host "Mimikatz failed to install:" + Write-Host $_ +} diff --git a/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 b/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..817952655 --- /dev/null +++ b/packages/mimikatz.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,23 @@ +$ErrorActionPreference = 'Stop' +$category = 'Credential Access' + +try { + $name = "Mimikatz" + $path = Join-Path ${Env:TOOL_LIST_DIR} $category + + $toolsDir = Join-Path "${Env:RAW_TOOLS_DIR}" $name + Remove-Item -Path $toolsDir -ErrorAction SilentlyContinue -Recurse -Force + + $shortcut = Join-Path $path "mimikatz.x86.lnk" + Remove-Item -Force $shortcut + Uninstall-BinFile -Name "mimikatz.x86" + + + $shortcut = Join-Path $path "mimikatz.x64.lnk" + Remove-Item -Force $shortcut + Uninstall-BinFile -Name "mimikatz.x64" +} +catch{ + Write-Host "Mimikatz failed to uninstall:" + Write-Host $_ +} From 51a19de653e9e06606cfa7c4d4fae267f5d2cf65 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 01:00:14 +0200 Subject: [PATCH 198/330] :robot: Add vnc-viewer.vm (#515) * Add vnc-viewer.vm Closes https://github.com/mandiant/VM-Packages/issues/514. * Update chocolateyinstall.ps1 Fix shim path * Update chocolateyinstall.ps1 Shimpath fix two * Update chocolateyinstall.ps1 Using executable path instead of specifying shim. The chocolatey install template assumes a shim is created * Removing trailing whitespace chocolateyinstall.ps1 * Add command to path --------- Co-authored-by: Menn1s <38476987+Menn1s@users.noreply.github.com> --- .../vnc-viewer.vm/tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../vnc-viewer.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ packages/vnc-viewer.vm/vnc-viewer.vm.nuspec | 13 +++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/vnc-viewer.vm/vnc-viewer.vm.nuspec diff --git a/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 b/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3dec0eaf9 --- /dev/null +++ b/packages/vnc-viewer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'VNC-Viewer' + $category = 'Utilities' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ProgramFiles} 'RealVNC\VNC Viewer\vncviewer.exe' -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + Install-BinFile -Name $toolName -Path $executablePath + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 b/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..5e5a538c5 --- /dev/null +++ b/packages/vnc-viewer.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'VNC-Viewer' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec new file mode 100644 index 000000000..84357a9d5 --- /dev/null +++ b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec @@ -0,0 +1,13 @@ + + + + vnc-viewer.vm + 7.5.1 + RealVNC + Tool for connecting to and interacting with VNC servers. + + + + + + From 44ebbaa3a2a76afd53d02863c306750921e199f4 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 01:36:10 +0200 Subject: [PATCH 199/330] Add safetykatz.vm (#579) Closes https://github.com/mandiant/VM-Packages/issues/577. --- packages/safetykatz.vm/safetykatz.vm.nuspec | 12 ++++++++++++ packages/safetykatz.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/safetykatz.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/safetykatz.vm/safetykatz.vm.nuspec create mode 100644 packages/safetykatz.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/safetykatz.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/safetykatz.vm/safetykatz.vm.nuspec b/packages/safetykatz.vm/safetykatz.vm.nuspec new file mode 100644 index 000000000..bf27c58a4 --- /dev/null +++ b/packages/safetykatz.vm/safetykatz.vm.nuspec @@ -0,0 +1,12 @@ + + + + safetykatz.vm + 0.0.0.20230713 + HarmJ0y + SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader. + + + + + diff --git a/packages/safetykatz.vm/tools/chocolateyinstall.ps1 b/packages/safetykatz.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..c9d09728b --- /dev/null +++ b/packages/safetykatz.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SafetyKatz' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/GhostPack/SafetyKatz/archive/715b311f76eb3a4c8d00a1bd29c6cd1899e450b7.zip' +$zipSha256 = '97ed587a816ef87a310d43dba7b0370ab4cbc1756dbed102e38662abce84a81d' + +VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 diff --git a/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 b/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..d94045e67 --- /dev/null +++ b/packages/safetykatz.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SafetyKatz' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 23c04fe98588b70a576e6061db9e65184f3f9104 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 01:36:49 +0200 Subject: [PATCH 200/330] Add sharpcliphistory.vm (#580) Closes https://github.com/mandiant/VM-Packages/issues/578. --- .../sharpcliphistory.vm/sharpcliphistory.vm.nuspec | 12 ++++++++++++ .../sharpcliphistory.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec create mode 100644 packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec b/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec new file mode 100644 index 000000000..4d891c8f1 --- /dev/null +++ b/packages/sharpcliphistory.vm/sharpcliphistory.vm.nuspec @@ -0,0 +1,12 @@ + + + + sharpcliphistory.vm + 1.0 + F-Secure LABS + SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build. + + + + + diff --git a/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 b/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..479773f2f --- /dev/null +++ b/packages/sharpcliphistory.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpClipHistory' +$category = 'Credential Access' + +$exeUrl = 'https://github.com/FSecureLABS/SharpClipHistory/releases/download/v1.0/SharpClipHistory.exe' +$exeSha256 = '4527b53e515c275e572f307246614ba4fc9152a25dfd2fd712246b321626bac6' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 b/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8ded4010e --- /dev/null +++ b/packages/sharpcliphistory.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'SharpClipHistory' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 288d9b58a8c2d5e36b8b408a972537581d924c2c Mon Sep 17 00:00:00 2001 From: Menn1s <38476987+Menn1s@users.noreply.github.com> Date: Thu, 13 Jul 2023 16:58:45 -0700 Subject: [PATCH 201/330] Added metasploit (#581) * added metasploit * removed trailing whitespaces --- packages/metasploit.vm/metasploit.vm.nuspec | 12 ++++++++++++ .../metasploit.vm/tools/chocolateyinstall.ps1 | 18 ++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 13 +++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 packages/metasploit.vm/metasploit.vm.nuspec create mode 100644 packages/metasploit.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/metasploit.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/metasploit.vm/metasploit.vm.nuspec b/packages/metasploit.vm/metasploit.vm.nuspec new file mode 100644 index 000000000..05ab4f33f --- /dev/null +++ b/packages/metasploit.vm/metasploit.vm.nuspec @@ -0,0 +1,12 @@ + + + + metasploit.vm + 6.3.25.20230713 + Rapid7 + A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. + + + + + diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0114821df --- /dev/null +++ b/packages/metasploit.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,18 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Metasploit' + $category = 'Command & Control' + + $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi' + $exeSha256 = '96a505d2e72ed2fbab63187c33bc694396649d0d88ae1fb54b2c01c3f583c06e' + # can't install to specified path. + $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework" + $binDir = Join-Path $toolDir "bin" + $executablePath = (Join-Path $binDir "msfconsole.bat") + VM-Install-With-Installer $toolName $category "MSI" "/q /norestart" $executablePath $exeUrl -sha256 $exeSha256 + +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/metasploit.vm/tools/chocolateyuninstall.ps1 b/packages/metasploit.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..fe77a7b00 --- /dev/null +++ b/packages/metasploit.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,13 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Metasploit' +$category = 'Command & Control' + +VM-Uninstall $toolName $category + +# Silently uninstall +VM-Uninstall-With-Uninstaller $toolName "MSI" "/q /norestart" + +# Remove directory, shortcut, shim +VM-Uninstall $toolName $category \ No newline at end of file From 6c5b0b9a21ef72d99eda318297e4abe1b859687b Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 02:02:25 +0200 Subject: [PATCH 202/330] :robot: Add inveigh.vm (#501) * Add inveigh.vm Closes https://github.com/mandiant/VM-Packages/issues/500. * added arguments --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/inveigh.vm/inveigh.vm.nuspec | 12 ++++++++++++ packages/inveigh.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ packages/inveigh.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/inveigh.vm/inveigh.vm.nuspec create mode 100644 packages/inveigh.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/inveigh.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/inveigh.vm/inveigh.vm.nuspec b/packages/inveigh.vm/inveigh.vm.nuspec new file mode 100644 index 000000000..e5e044332 --- /dev/null +++ b/packages/inveigh.vm/inveigh.vm.nuspec @@ -0,0 +1,12 @@ + + + + inveigh.vm + 2.0.10 + Kevin-Robertson, joncave, kant2002 + Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. + + + + + diff --git a/packages/inveigh.vm/tools/chocolateyinstall.ps1 b/packages/inveigh.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..015959bbc --- /dev/null +++ b/packages/inveigh.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inveigh' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/Kevin-Robertson/Inveigh/releases/download/v2.0.10/Inveigh-net7.0-v2.0.10.zip' +$zipSha256 = '8c61ccdccc84f2223c5c3da2014deb79cf807c26db0b018373e776baa26537bc' + +$arguments = '-?' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments $arguments diff --git a/packages/inveigh.vm/tools/chocolateyuninstall.ps1 b/packages/inveigh.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..88de8fb18 --- /dev/null +++ b/packages/inveigh.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Inveigh' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 98f06562bfb262c738f1b32097957545af164746 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 02:14:37 +0200 Subject: [PATCH 203/330] :robot: Add merlin.vm (#551) * Add merlin.vm Closes https://github.com/mandiant/VM-Packages/issues/550. * added 7z unzipping * cleaned up code * removed whitespaces * changed download path --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- packages/merlin.vm/merlin.vm.nuspec | 13 +++++++ .../merlin.vm/tools/chocolateyinstall.ps1 | 34 +++++++++++++++++++ .../merlin.vm/tools/chocolateyuninstall.ps1 | 7 ++++ 3 files changed, 54 insertions(+) create mode 100644 packages/merlin.vm/merlin.vm.nuspec create mode 100644 packages/merlin.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/merlin.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/merlin.vm/merlin.vm.nuspec b/packages/merlin.vm/merlin.vm.nuspec new file mode 100644 index 000000000..a900475b9 --- /dev/null +++ b/packages/merlin.vm/merlin.vm.nuspec @@ -0,0 +1,13 @@ + + + + merlin.vm + 1.5.1 + Ne0nd0g + Merlin is a cross-platform post-exploitation Command and Control server and agent written in Go. + + + + + + diff --git a/packages/merlin.vm/tools/chocolateyinstall.ps1 b/packages/merlin.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..77eac6f33 --- /dev/null +++ b/packages/merlin.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,34 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Merlin' +$category = 'Command & Control' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + +$zipUrl = 'https://github.com/Ne0nd0g/merlin/releases/download/v1.5.1/merlinServer-Windows-x64.7z' +$zipSha256 = 'e3c6ee205a46c9619dbe12bb4d487b7bcc802113658f29397b5f550295fc76fc' +$zipPassword = 'merlin' +$fileName = 'merlinServer-Windows-x64' + +try { + # Download the zip file + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $zipUrl + checksum = $zipSha256 + checksumType = "sha256" + fileFullPath = Join-Path "${Env:USERPROFILE}\AppData\Local\Temp" ("$fileName.7z") + } + Get-ChocolateyWebFile @packageArgs + $zipPath = $packageArgs.fileFullPath + VM-Assert-Path $zipPath + + # Unzip with a password + 7z x -p"$zipPassword" "$zipPath" -o"$toolDir" -y + + # Create a shortcut + $executablePath = Join-Path ${Env:RAW_TOOLS_DIR} "Merlin\$fileName.exe" -Resolve + VM-Install-Shortcut $toolName $category $executablePath +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/merlin.vm/tools/chocolateyuninstall.ps1 b/packages/merlin.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3fcc24d39 --- /dev/null +++ b/packages/merlin.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Merlin' +$category = 'Command & Control' + +VM-Uninstall $toolName $category From 524656e631d6e2761f38b546c8f05ebd80f76077 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 02:20:09 +0200 Subject: [PATCH 204/330] :robot: Add getlapspasswords.vm (#557) * Add getlapspasswords.vm Closes https://github.com/mandiant/VM-Packages/issues/556. * added shortcut --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../getlapspasswords.vm/getlapspasswords.vm.nuspec | 12 ++++++++++++ .../getlapspasswords.vm/tools/chocolateyinstall.ps1 | 12 ++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 31 insertions(+) create mode 100644 packages/getlapspasswords.vm/getlapspasswords.vm.nuspec create mode 100644 packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec b/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec new file mode 100644 index 000000000..c8f882e06 --- /dev/null +++ b/packages/getlapspasswords.vm/getlapspasswords.vm.nuspec @@ -0,0 +1,12 @@ + + + + getlapspasswords.vm + 0.0.0.20230713 + kfosaaen + PowerShell function to pull the local admin passwords from LDAP, stored there by LAPS. + + + + + diff --git a/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 b/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..f6e9fe69c --- /dev/null +++ b/packages/getlapspasswords.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Get-LAPSPasswords' +$category = 'Credential Access' + +$ps1Url = 'https://raw.githubusercontent.com/kfosaaen/Get-LAPSPasswords/2aeffed5dc16c0d7be91ba67b79cfaaf1da1eecd/Get-LAPSPasswords.ps1' +$ps1Sha256 = '2256ef01ad1a82633abc376246f0d05784a26f16fc99f1b66e6d42a3fafa2eb4' + +$ps1Cmd = 'Import-Module; Get-Help Get-LAPSPasswords' + +VM-Install-Single-Ps1 $toolName $category $ps1Url -ps1Sha256 $ps1Sha256 -ps1Cmd $ps1Cmd diff --git a/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 b/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..25e2748fb --- /dev/null +++ b/packages/getlapspasswords.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Get-LAPSPasswords' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From 1c2f1a97ccb78006d87e5dd41bfca9c50699f890 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 02:51:15 +0200 Subject: [PATCH 205/330] :robot: Add resourcehacker.vm (#568) * Add resourcehacker.vm Closes https://github.com/mandiant/VM-Packages/issues/567. * added to path --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> --- .../resourcehacker.vm/resourcehacker.vm.nuspec | 13 +++++++++++++ .../tools/chocolateyinstall.ps1 | 17 +++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 37 insertions(+) create mode 100644 packages/resourcehacker.vm/resourcehacker.vm.nuspec create mode 100644 packages/resourcehacker.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/resourcehacker.vm/resourcehacker.vm.nuspec b/packages/resourcehacker.vm/resourcehacker.vm.nuspec new file mode 100644 index 000000000..182f25354 --- /dev/null +++ b/packages/resourcehacker.vm/resourcehacker.vm.nuspec @@ -0,0 +1,13 @@ + + + + resourcehacker.vm + 5.1.8 + Angus Johnson + Resource Hacker is a resource editor for 32bit and 64bit Windows applications. + + + + + + diff --git a/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 b/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..0ad10dd6c --- /dev/null +++ b/packages/resourcehacker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,17 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'Resource Hacker' + $category = 'Utilities' + $shimPath = '\lib\resourcehacker.portable\v5.1.8\ResourceHacker.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-BinFile -Name $toolName -Path $executablePath + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 b/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..981a55799 --- /dev/null +++ b/packages/resourcehacker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'Resource Hacker' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category From cf6cdd906f7116db088bce2a1d8ed698235274b1 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 02:53:42 +0200 Subject: [PATCH 206/330] :robot: Add winscp.vm (#564) * Add winscp.vm Closes https://github.com/mandiant/VM-Packages/issues/563. * removing shortcut * added to path * removed whitespace --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> Co-authored-by: Menn1s --- .../winscp.vm/tools/chocolateyinstall.ps1 | 22 +++++++++++++++++++ .../winscp.vm/tools/chocolateyuninstall.ps1 | 7 ++++++ packages/winscp.vm/winscp.vm.nuspec | 13 +++++++++++ 3 files changed, 42 insertions(+) create mode 100644 packages/winscp.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/winscp.vm/tools/chocolateyuninstall.ps1 create mode 100644 packages/winscp.vm/winscp.vm.nuspec diff --git a/packages/winscp.vm/tools/chocolateyinstall.ps1 b/packages/winscp.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..e16b9ab8d --- /dev/null +++ b/packages/winscp.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,22 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'WinSCP' + $category = 'Utilities' + $shimPath = '\bin\winscp.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-BinFile -Name $toolName -Path $executablePath + + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Delete Desktop shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/winscp.vm/tools/chocolateyuninstall.ps1 b/packages/winscp.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..484c6530b --- /dev/null +++ b/packages/winscp.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'WinSCP' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/winscp.vm/winscp.vm.nuspec b/packages/winscp.vm/winscp.vm.nuspec new file mode 100644 index 000000000..5511e9ddd --- /dev/null +++ b/packages/winscp.vm/winscp.vm.nuspec @@ -0,0 +1,13 @@ + + + + winscp.vm + 6.1.1 + Martin Přikryl + WinSCP is an open source free SFTP client, SCP client, FTPS client and FTP client for Windows. Its main function is file transfer between a local and a remote computer. + + + + + + From f55f6f51e3aea53d1ec82f42d76bc4cdee45b930 Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Fri, 14 Jul 2023 10:40:13 -0700 Subject: [PATCH 207/330] Commando Package Recategorization (#586) * recategorized packages * fix capitalization in category variable * updated package versions --- packages/asreproast.vm/asreproast.vm.nuspec | 2 +- packages/asreproast.vm/tools/chocolateyinstall.ps1 | 2 +- packages/asreproast.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/azurehound.vm/azurehound.vm.nuspec | 2 +- packages/azurehound.vm/tools/chocolateyinstall.ps1 | 2 +- packages/azurehound.vm/tools/chocolateyuninstall.ps1 | 2 +- .../bloodhound-custom-queries.vm.nuspec | 2 +- .../bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 | 2 +- .../bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/bloodhound.vm/bloodhound.vm.nuspec | 2 +- packages/bloodhound.vm/tools/chocolateyinstall.ps1 | 2 +- packages/bloodhound.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/certify.vm/certify.vm.nuspec | 2 +- packages/certify.vm/tools/chocolateyinstall.ps1 | 2 +- packages/certify.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/confuserex.vm/confuserex.vm.nuspec | 2 +- packages/confuserex.vm/tools/chocolateyinstall.ps1 | 2 +- packages/confuserex.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/dotnettojscript.vm/dotnettojscript.vm.nuspec | 2 +- packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 | 2 +- packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/gadgettojscript.vm/gadgettojscript.vm.nuspec | 2 +- packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 | 2 +- packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/gobuster.vm/gobuster.vm.nuspec | 2 +- packages/gobuster.vm/tools/chocolateyinstall.ps1 | 2 +- packages/gobuster.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/nanodump.vm/nanodump.vm.nuspec | 2 +- packages/nanodump.vm/tools/chocolateyinstall.ps1 | 2 +- packages/nanodump.vm/tools/chocolateyuninstall.ps1 | 2 +- .../outflank-c2-tool-collection.vm.nuspec | 2 +- .../outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 | 2 +- .../tools/chocolateyuninstall.ps1 | 2 +- packages/routesixtysink.vm/routesixtysink.vm.nuspec | 2 +- packages/routesixtysink.vm/tools/chocolateyinstall.ps1 | 2 +- packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/seatbelt.vm/seatbelt.vm.nuspec | 2 +- packages/seatbelt.vm/tools/chocolateyinstall.ps1 | 2 +- packages/seatbelt.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/sharphound.vm/sharphound.vm.nuspec | 2 +- packages/sharphound.vm/tools/chocolateyinstall.ps1 | 2 +- packages/sharphound.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/sharpview.vm/sharpview.vm.nuspec | 2 +- packages/sharpview.vm/tools/chocolateyinstall.ps1 | 2 +- packages/sharpview.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/sharpwmi.vm/sharpwmi.vm.nuspec | 2 +- packages/sharpwmi.vm/tools/chocolateyinstall.ps1 | 2 +- packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 | 2 +- .../situational-awareness-bof.vm.nuspec | 2 +- .../situational-awareness-bof.vm/tools/chocolateyinstall.ps1 | 2 +- .../situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/stracciatella.vm/stracciatella.vm.nuspec | 2 +- packages/stracciatella.vm/tools/chocolateyinstall.ps1 | 2 +- packages/stracciatella.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/sysinternals.vm/sysinternals.vm.nuspec | 2 +- packages/sysinternals.vm/tools/chocolateyinstall.ps1 | 2 +- packages/sysinternals.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/teamfiltration.vm/teamfiltration.vm.nuspec | 2 +- packages/teamfiltration.vm/tools/chocolateyinstall.ps1 | 2 +- packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 | 2 +- .../trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 | 2 +- .../trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 | 2 +- .../trustedsec-remote-ops-bof.vm.nuspec | 2 +- packages/unhook-bof.vm/tools/chocolateyinstall.ps1 | 2 +- packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/unhook-bof.vm/unhook-bof.vm.nuspec | 2 +- packages/whisker.vm/tools/chocolateyinstall.ps1 | 2 +- packages/whisker.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/whisker.vm/whisker.vm.nuspec | 2 +- 69 files changed, 69 insertions(+), 69 deletions(-) diff --git a/packages/asreproast.vm/asreproast.vm.nuspec b/packages/asreproast.vm/asreproast.vm.nuspec index 9ea94a75d..4981d3465 100644 --- a/packages/asreproast.vm/asreproast.vm.nuspec +++ b/packages/asreproast.vm/asreproast.vm.nuspec @@ -2,7 +2,7 @@ asreproast.vm - 0.0.0.20180925 + 0.0.0.20230713 HarmJ0y Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. diff --git a/packages/asreproast.vm/tools/chocolateyinstall.ps1 b/packages/asreproast.vm/tools/chocolateyinstall.ps1 index bc1f503aa..993009d25 100644 --- a/packages/asreproast.vm/tools/chocolateyinstall.ps1 +++ b/packages/asreproast.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ASREPRoast' -$category = 'Password Attacks' +$category = 'Credential Access' $zipUrl = 'https://codeload.github.com/HarmJ0y/ASREPRoast/zip/1c94ef12038df1378f5e663fe3b8137e46c60896' $zipSha256 = '3e90bb0755f9076e74ad749a188ad99b9dc11f197d4366a8eaa4f056953e4cab' diff --git a/packages/asreproast.vm/tools/chocolateyuninstall.ps1 b/packages/asreproast.vm/tools/chocolateyuninstall.ps1 index a2c997f3a..320ad8be9 100644 --- a/packages/asreproast.vm/tools/chocolateyuninstall.ps1 +++ b/packages/asreproast.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ASREPRoast' -$category = 'Password Attacks' +$category = 'Credential Access' VM-Uninstall $toolName $category \ No newline at end of file diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 02eda7086..716b2904b 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.0.4 + 2.0.4.20230713 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index ae84ca951..71e99c3c5 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' -$category = 'Cloud' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.4/azurehound-windows-amd64.zip' $zipSha256 = 'd1748d7bac190f14dc4a95cb872870ee0ebf57e6bdc000bb011fb4d92b0f500d' diff --git a/packages/azurehound.vm/tools/chocolateyuninstall.ps1 b/packages/azurehound.vm/tools/chocolateyuninstall.ps1 index 5349947ac..8ece807a0 100644 --- a/packages/azurehound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' -$category = 'Cloud' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec index a4ade3b30..6b8694d2f 100644 --- a/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec +++ b/packages/bloodhound-custom-queries.vm/bloodhound-custom-queries.vm.nuspec @@ -2,7 +2,7 @@ bloodhound-custom-queries.vm - 0.0.0.20230626 + 0.0.0.20230713 hausec Custom Query list for the Bloodhound GUI based off my cheatsheet diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 index 79cea829d..d2497554f 100644 --- a/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound-Custom-Queries' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/hausec/Bloodhound-Custom-Queries/archive/7ef9099665aa82238bfd57d7a11c09cd4dd9381b.zip' $zipSha256 = '78a71b9797506200b4c86bdad6799ba8c3519171353ce329dff5ff4fc703ddb0' diff --git a/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 index 6b0c7b6d8..3c37dbabc 100644 --- a/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 +++ b/packages/bloodhound-custom-queries.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound-Custom-Queries' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/bloodhound.vm/bloodhound.vm.nuspec b/packages/bloodhound.vm/bloodhound.vm.nuspec index 769105f7f..3224d0bde 100644 --- a/packages/bloodhound.vm/bloodhound.vm.nuspec +++ b/packages/bloodhound.vm/bloodhound.vm.nuspec @@ -2,7 +2,7 @@ bloodhound.vm - 4.3.1 + 4.3.1.20230713 BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Andrew Robbins, Rohan Vazarkar, Will Schroeder diff --git a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 index c0bafb20c..82faaca17 100644 --- a/packages/bloodhound.vm/tools/chocolateyinstall.ps1 +++ b/packages/bloodhound.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = "https://github.com/BloodHoundAD/BloodHound/releases/download/v4.3.1/BloodHound-win32-ia32.zip" $zipSha256 = "8d2a5cc827299d47424631882399067acf41d040c5b2aacf95092aec22d90c97" diff --git a/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 b/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 index 49434fd79..f1645c2a4 100644 --- a/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/bloodhound.vm/tools/chocolateyuninstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'BloodHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/certify.vm/certify.vm.nuspec b/packages/certify.vm/certify.vm.nuspec index 1c49ecb7f..5a6c53059 100644 --- a/packages/certify.vm/certify.vm.nuspec +++ b/packages/certify.vm/certify.vm.nuspec @@ -2,7 +2,7 @@ certify.vm - 1.1.0 + 1.1.0.20230713 HarmJ0y, leechristensen Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). diff --git a/packages/certify.vm/tools/chocolateyinstall.ps1 b/packages/certify.vm/tools/chocolateyinstall.ps1 index 057da67df..0cb33c645 100644 --- a/packages/certify.vm/tools/chocolateyinstall.ps1 +++ b/packages/certify.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Certify' -$category = 'Active Directory' +$category = 'Exploitation' $zipUrl = 'https://github.com/GhostPack/Certify/archive/fb297ad30476cfdba745b9062171cd7ac145a16d.zip' $zipSha256 = '4827485203eb08271e953bbd5816e95bf8b0b897ae0937c798525afe7ed5b9e0' diff --git a/packages/certify.vm/tools/chocolateyuninstall.ps1 b/packages/certify.vm/tools/chocolateyuninstall.ps1 index 43ba836d8..3b2f47808 100644 --- a/packages/certify.vm/tools/chocolateyuninstall.ps1 +++ b/packages/certify.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Certify' -$category = 'Active Directory' +$category = 'Exploitation' VM-Uninstall $toolName $category diff --git a/packages/confuserex.vm/confuserex.vm.nuspec b/packages/confuserex.vm/confuserex.vm.nuspec index 8cdbc5202..2315016ab 100644 --- a/packages/confuserex.vm/confuserex.vm.nuspec +++ b/packages/confuserex.vm/confuserex.vm.nuspec @@ -2,7 +2,7 @@ confuserex.vm - 1.6.0 + 1.6.0.20230713 mkaring ConfuserEx is a open-source protector for .NET applications. It is the successor of Confuser project. diff --git a/packages/confuserex.vm/tools/chocolateyinstall.ps1 b/packages/confuserex.vm/tools/chocolateyinstall.ps1 index 56c9dd385..892208a46 100644 --- a/packages/confuserex.vm/tools/chocolateyinstall.ps1 +++ b/packages/confuserex.vm/tools/chocolateyinstall.ps1 @@ -3,7 +3,7 @@ Import-Module vm.common -Force -DisableNameChecking try { $toolName = 'ConfuserEx' - $category = 'Evasion' + $category = 'Payload Development' $shimPath = 'bin\ConfuserEx.exe' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category diff --git a/packages/confuserex.vm/tools/chocolateyuninstall.ps1 b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 index aaf1ae341..73db7c9ab 100644 --- a/packages/confuserex.vm/tools/chocolateyuninstall.ps1 +++ b/packages/confuserex.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'ConfuserEx' -$category = 'Evasion' +$category = 'Payload Development' VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec index 505e850be..63b9537a2 100644 --- a/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec +++ b/packages/dotnettojscript.vm/dotnettojscript.vm.nuspec @@ -2,7 +2,7 @@ dotnettojscript.vm - 0.0.0.20230602 + 0.0.0.20230713 James Forshaw A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class. diff --git a/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 index 1ab5fb51c..ace89062c 100644 --- a/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 +++ b/packages/dotnettojscript.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'DotNetToJScript' -$category = 'Evasion' +$category = 'Payload Development' $zipUrl = 'https://github.com/tyranid/DotNetToJScript/archive/4dbe155912186f9574cb1889386540ba0e80c316.zip' $zipSha256 = '12566bdfced108fafba97548c59c07be55988beb1c1e970e62bf40ddaebc4a0a' diff --git a/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 index ef73ca3ba..4ec850a4d 100644 --- a/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 +++ b/packages/dotnettojscript.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'DotNetToJScript' -$category = 'Evasion' +$category = 'Payload Development' VM-Uninstall $toolName $category diff --git a/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec index 4593217c8..bdb81c345 100644 --- a/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec +++ b/packages/gadgettojscript.vm/gadgettojscript.vm.nuspec @@ -2,7 +2,7 @@ gadgettojscript.vm - 2.0 + 2.0.0.20230713 med0x2e A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts. diff --git a/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 index bcd5ae960..24cc3e9e3 100644 --- a/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 +++ b/packages/gadgettojscript.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GadgetToJScript' -$category = 'Evasion' +$category = 'Payload Development' $zipUrl = 'https://github.com/med0x2e/GadgetToJScript/archive/98f50984015c29eecb11c6c4ddc3c2cc3a6669da.zip' $zipSha256 = '093451115744beec90e7de4efc61857361b56d16a3a31d78182a8c7ef675938b' diff --git a/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 index aa752ee70..c96e2f164 100644 --- a/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 +++ b/packages/gadgettojscript.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GadgetToJScript' -$category = 'Evasion' +$category = 'Payload Development' VM-Uninstall $toolName $category diff --git a/packages/gobuster.vm/gobuster.vm.nuspec b/packages/gobuster.vm/gobuster.vm.nuspec index 267a544fe..e6129c87d 100644 --- a/packages/gobuster.vm/gobuster.vm.nuspec +++ b/packages/gobuster.vm/gobuster.vm.nuspec @@ -2,7 +2,7 @@ gobuster.vm - 3.5.0 + 3.5.0.20230713 Directory/file and DNS busting tool written in Go OJ Reeves diff --git a/packages/gobuster.vm/tools/chocolateyinstall.ps1 b/packages/gobuster.vm/tools/chocolateyinstall.ps1 index a65ee169c..1ebb4cf5f 100644 --- a/packages/gobuster.vm/tools/chocolateyinstall.ps1 +++ b/packages/gobuster.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoBuster' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = "https://github.com/OJ/gobuster/releases/download/v3.5.0/gobuster_3.5.0_Windows_x86_64.zip" $zipSha256 = "6b2df88eb8fc3046f54116992e9a924284d2ebb228c810eb8e799a18181e2ec8" diff --git a/packages/gobuster.vm/tools/chocolateyuninstall.ps1 b/packages/gobuster.vm/tools/chocolateyuninstall.ps1 index b355f3920..b1d94111d 100644 --- a/packages/gobuster.vm/tools/chocolateyuninstall.ps1 +++ b/packages/gobuster.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'GoBuster' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/nanodump.vm/nanodump.vm.nuspec b/packages/nanodump.vm/nanodump.vm.nuspec index 177196ce6..373ae7d39 100644 --- a/packages/nanodump.vm/nanodump.vm.nuspec +++ b/packages/nanodump.vm/nanodump.vm.nuspec @@ -2,7 +2,7 @@ nanodump.vm - 0.0.0.20230530 + 0.0.0.20230713 fortra A Beacon Object File that creates a minidump of the LSASS process. diff --git a/packages/nanodump.vm/tools/chocolateyinstall.ps1 b/packages/nanodump.vm/tools/chocolateyinstall.ps1 index cbc3a2873..7dcadbfba 100644 --- a/packages/nanodump.vm/tools/chocolateyinstall.ps1 +++ b/packages/nanodump.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'NanoDump' -$category = 'Password Attacks' +$category = 'Credential Access' $zipUrl = 'https://github.com/fortra/nanodump/archive/c211c5f72b2438afb09d0eb917fe32150be91344.zip' $zipSha256 = '461a16ae517aebb65adc37a0da8f8c04fa4836da35a69239dc2f90f8098b5da0' diff --git a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 index a08771691..5916a4220 100644 --- a/packages/nanodump.vm/tools/chocolateyuninstall.ps1 +++ b/packages/nanodump.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'NanoDump' -$category = 'Password Attacks' +$category = 'Credential Access' VM-Uninstall $toolName $category diff --git a/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec index 78ffea986..a0b55713d 100644 --- a/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec +++ b/packages/outflank-c2-tool-collection.vm/outflank-c2-tool-collection.vm.nuspec @@ -2,7 +2,7 @@ outflank-c2-tool-collection.vm - 0.0.0.20230530 + 0.0.0.20230713 outflank Contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. diff --git a/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 index 6895d0ca2..e46a821de 100644 --- a/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Outflank C2 Tool Collection' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/outflanknl/C2-Tool-Collection/archive/f02df22a206ee329bc582a8427d1aa1e54309d9a.zip' $zipSha256 = '825e3372f6caf540ecbc20f31af6f4b9e711bd6ce64fb09d7d151cf4224de3d8' diff --git a/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 index f4df48d38..1f1825524 100644 --- a/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 +++ b/packages/outflank-c2-tool-collection.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Outflank C2 Tool Collection' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/routesixtysink.vm/routesixtysink.vm.nuspec b/packages/routesixtysink.vm/routesixtysink.vm.nuspec index aa167d230..68c2caa1f 100644 --- a/packages/routesixtysink.vm/routesixtysink.vm.nuspec +++ b/packages/routesixtysink.vm/routesixtysink.vm.nuspec @@ -2,7 +2,7 @@ routesixtysink.vm - 0.0.0.20230603 + 0.0.0.20230713 Dillon Franke, Michael Maturi Route Sixty-Sink is an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. diff --git a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 index 830b5538f..41eac37dd 100644 --- a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 +++ b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'RouteSixtySink' -$category = 'Web Application' +$category = 'dotNet' $zipUrl = 'https://github.com/mandiant/route-sixty-sink/archive/59195003c84d75fabf6cc573c233dfb60d631f8a.zip' $zipSha256 = '860df7a6f8b8b135e27e731d1cc11a61837a390fc7da46652f82920040802f15' diff --git a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 index 62b15c33b..b199f710e 100644 --- a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 +++ b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'RouteSixtySink' -$category = 'Web Application' +$category = 'dotNet' VM-Uninstall $toolName $category diff --git a/packages/seatbelt.vm/seatbelt.vm.nuspec b/packages/seatbelt.vm/seatbelt.vm.nuspec index 7a2b4ed30..35d74d48c 100644 --- a/packages/seatbelt.vm/seatbelt.vm.nuspec +++ b/packages/seatbelt.vm/seatbelt.vm.nuspec @@ -2,7 +2,7 @@ seatbelt.vm - 1.2.0 + 1.2.0.20230713 harmj0y, tifkin_ Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. diff --git a/packages/seatbelt.vm/tools/chocolateyinstall.ps1 b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 index 066e73af7..801620fd5 100644 --- a/packages/seatbelt.vm/tools/chocolateyinstall.ps1 +++ b/packages/seatbelt.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SeatBelt' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/GhostPack/Seatbelt/archive/96bd958cf45e3d877d842ce20906e1aa5fdc91c8.zip' $zipSha256 = '05f6da0d0b77adfae105f2030862882fc8790cf47d98ec053762b9ac99250184' diff --git a/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 index 561a786c7..8babbb033 100644 --- a/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 +++ b/packages/seatbelt.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SeatBelt' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/sharphound.vm/sharphound.vm.nuspec b/packages/sharphound.vm/sharphound.vm.nuspec index c46d91f44..43fce77ac 100644 --- a/packages/sharphound.vm/sharphound.vm.nuspec +++ b/packages/sharphound.vm/sharphound.vm.nuspec @@ -2,7 +2,7 @@ sharphound.vm - 1.1.1 + 1.1.1.20230713 specterops SharpHound is an Active Directory ingester tool for BloodHound. diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 index f484fe5ce..eb7588344 100644 --- a/packages/sharphound.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.1/SharpHound-v1.1.1.zip' $zipSha256 = '224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b' diff --git a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 index 638187e54..188469b48 100644 --- a/packages/sharphound.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/sharpview.vm/sharpview.vm.nuspec b/packages/sharpview.vm/sharpview.vm.nuspec index 4a83450ba..152da9c42 100644 --- a/packages/sharpview.vm/sharpview.vm.nuspec +++ b/packages/sharpview.vm/sharpview.vm.nuspec @@ -2,7 +2,7 @@ sharpview.vm - 0.0.0.20230602 + 0.0.0.20230713 tevora .NET port of PowerView used for information gathering within Active Directory diff --git a/packages/sharpview.vm/tools/chocolateyinstall.ps1 b/packages/sharpview.vm/tools/chocolateyinstall.ps1 index fb9413164..b814c4f24 100644 --- a/packages/sharpview.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharpview.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpView' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/tevora-threat/SharpView/archive/b60456286b41bb055ee7bc2a14d645410cca9b74.zip' $zipSha256 = 'b5b2dd91fe22f56fb846d849052fc3205f177cbd067069e6d829e38eea0aca49' diff --git a/packages/sharpview.vm/tools/chocolateyuninstall.ps1 b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 index d89b12729..d37bb8235 100644 --- a/packages/sharpview.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sharpview.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpView' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/sharpwmi.vm/sharpwmi.vm.nuspec b/packages/sharpwmi.vm/sharpwmi.vm.nuspec index a35df8e1c..6b8274e5d 100644 --- a/packages/sharpwmi.vm/sharpwmi.vm.nuspec +++ b/packages/sharpwmi.vm/sharpwmi.vm.nuspec @@ -2,7 +2,7 @@ sharpwmi.vm - 0.0.0.20230626 + 0.0.0.20230713 HarmJ0y SharpWMI is a C# implementation of various WMI functionality. diff --git a/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 index 914eac5de..9433c664b 100644 --- a/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharpwmi.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpWMI' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/GhostPack/SharpWMI/archive/0600f57aeb4733ba6fec585388af2f1ac4483b58.zip' $zipSha256 = '0dbdd04a8a62e16de40373ae416b732cd48fb642ac7b3ff243bb9580249058f5' diff --git a/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 index fe9bc5816..21d4d19f4 100644 --- a/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sharpwmi.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpWMI' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec b/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec index 09702e289..15d12a246 100644 --- a/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec +++ b/packages/situational-awareness-bof.vm/situational-awareness-bof.vm.nuspec @@ -2,7 +2,7 @@ situational-awareness-bof.vm - 0.0.0.20230529 + 0.0.0.20230713 trustedsec Provides a set of basic situational awareness commands implemented in a Beacon Object File (BOF). This allows you to perform some checks on a host before you begin executing commands that may be more invasive. diff --git a/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 index 3113fd26d..59945b655 100644 --- a/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/situational-awareness-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/trustedsec/CS-Situational-Awareness-BOF/archive/refs/heads/master.zip' $zipSha256 = 'e3673d7e41ad6d36ca7d6d44821f68238aae9968e062acb6d96fc7663c87bbdb' diff --git a/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 index 7eedba5e7..212787207 100644 --- a/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 +++ b/packages/situational-awareness-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Situational Awareness BOF' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/stracciatella.vm/stracciatella.vm.nuspec b/packages/stracciatella.vm/stracciatella.vm.nuspec index fc946e401..d2d420ef0 100644 --- a/packages/stracciatella.vm/stracciatella.vm.nuspec +++ b/packages/stracciatella.vm/stracciatella.vm.nuspec @@ -2,7 +2,7 @@ stracciatella.vm - 0.7 + 0.7.0.20230713 mgeeky Powershell runspace from within C# (aka SharpPick technique) with AMSI, ETW and Script Block Logging disabled. diff --git a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 index 1c0efd30f..ec0c2e474 100644 --- a/packages/stracciatella.vm/tools/chocolateyinstall.ps1 +++ b/packages/stracciatella.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Stracciatella' -$category = 'Evasion' +$category = 'Payload Development' $zipUrl = 'https://github.com/mgeeky/Stracciatella/archive/acc83e21951049ab4998ecd18f5e4fa01e1527da.zip' $zipSha256 = 'd9299fca780945becf9907b052112e7149fb2a2d51e28f0e73e8326455f47a82' diff --git a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 index 138433530..24bf16b93 100644 --- a/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 +++ b/packages/stracciatella.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Stracciatella' -$category = 'Evasion' +$category = 'Payload Development' VM-Uninstall $toolName $category diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index e78005c91..b12411539 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,7 +2,7 @@ sysinternals.vm - 2023.6.27 + 2023.6.27.20230713 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. diff --git a/packages/sysinternals.vm/tools/chocolateyinstall.ps1 b/packages/sysinternals.vm/tools/chocolateyinstall.ps1 index 9746629f2..b45ba3c04 100644 --- a/packages/sysinternals.vm/tools/chocolateyinstall.ps1 +++ b/packages/sysinternals.vm/tools/chocolateyinstall.ps1 @@ -48,7 +48,7 @@ try { ### # Second category - $category = 'Information Gathering' + $category = 'Reconnaissance' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category $executablePath = Join-Path $toolDir 'ADExplorer.exe' -Resolve diff --git a/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 b/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 index 2d28cd8ef..65f9bbd97 100644 --- a/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 +++ b/packages/sysinternals.vm/tools/chocolateyuninstall.ps1 @@ -15,7 +15,7 @@ VM-Remove-Tool-Shortcut 'procmon' $category ### # Second category -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Remove-Tool-Shortcut 'ADExplorer' $category ### diff --git a/packages/teamfiltration.vm/teamfiltration.vm.nuspec b/packages/teamfiltration.vm/teamfiltration.vm.nuspec index cf5e5742c..ee77acba8 100644 --- a/packages/teamfiltration.vm/teamfiltration.vm.nuspec +++ b/packages/teamfiltration.vm/teamfiltration.vm.nuspec @@ -2,7 +2,7 @@ teamfiltration.vm - 3.5.0 + 3.5.0.20230713 Flangvik TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. diff --git a/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 b/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 index 21eb9fee2..e19c5aaf8 100644 --- a/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 +++ b/packages/teamfiltration.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'TeamFiltration' -$category = 'Cloud' +$category = 'Exploitation' $zipUrl = 'https://github.com/Flangvik/TeamFiltration/releases/download/v3.5.0/TeamFiltration-Win-v3.5.0.zip' $zipSha256 = 'c91362172789aa47f45200fac925c5c8ade35cd9a8863f154d27dc5e0a2ed916' diff --git a/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 b/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 index 386fa2ec6..96d616e37 100644 --- a/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 +++ b/packages/teamfiltration.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'TeamFiltration' -$category = 'Cloud' +$category = 'Exploitation' VM-Uninstall $toolName $category diff --git a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 index 92a8893e0..fa81d78e2 100644 --- a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Remote Operations BOF' -$category = 'Information Gathering' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/trustedsec/CS-Remote-OPs-BOF/archive/a7ef2b8551568778c2603a15ea83220188009a79.zip' $zipSha256 = '61bf693272484d9f9ea25871ea57489cb24248c014782cacad1c1bb80e90962b' diff --git a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 index 9272c9d08..8015b8bab 100644 --- a/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 +++ b/packages/trustedsec-remote-ops-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Remote Operations BOF' -$category = 'Information Gathering' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec index 15dad8f48..bd981526b 100644 --- a/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec +++ b/packages/trustedsec-remote-ops-bof.vm/trustedsec-remote-ops-bof.vm.nuspec @@ -2,7 +2,7 @@ truestedsec-remote-ops-bof.vm - 0.0.0.20230530 + 0.0.0.20230713 trustedsec Addition to Situational Awareness BOFs intended for single task Windows primitives such as creating a task, stopping a service, etc. diff --git a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 index deddb7329..4dbc88278 100644 --- a/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 +++ b/packages/unhook-bof.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Unhook BOF' -$category = 'Evasion' +$category = 'Payload Development' $zipUrl = 'https://github.com/rsmudge/unhook-bof/archive/fa3c8d8a397719c5f2310334e6549bea541b209c.zip' $zipSha256 = '086f7ded18af7b397be78f63a7b4879bb1a6722f4b192d0139a02863332089ef' diff --git a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 index 551c07c7b..7e2b11899 100644 --- a/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 +++ b/packages/unhook-bof.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Unhook BOF' -$category = 'Evasion' +$category = 'Payload Development' VM-Uninstall $toolName $category diff --git a/packages/unhook-bof.vm/unhook-bof.vm.nuspec b/packages/unhook-bof.vm/unhook-bof.vm.nuspec index b82fc330f..84affd560 100644 --- a/packages/unhook-bof.vm/unhook-bof.vm.nuspec +++ b/packages/unhook-bof.vm/unhook-bof.vm.nuspec @@ -2,7 +2,7 @@ unhook-bof.vm - 0.0.0.20230530 + 0.0.0.20230713 rsmudge, physics-sec This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research. diff --git a/packages/whisker.vm/tools/chocolateyinstall.ps1 b/packages/whisker.vm/tools/chocolateyinstall.ps1 index fddce00d7..25793b837 100644 --- a/packages/whisker.vm/tools/chocolateyinstall.ps1 +++ b/packages/whisker.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Whisker' -$category = 'Active Directory' +$category = 'Persistence' $zipUrl = 'https://github.com/eladshamir/Whisker/archive/0bc2a0acc4a92b49c69d873f7ac565340a5f3291.zip' $zipSha256 = 'b181b639f2d18fb37e045d27cbe522e7b97aaa85c30dc0cb9bc75eaf6b939f9a' diff --git a/packages/whisker.vm/tools/chocolateyuninstall.ps1 b/packages/whisker.vm/tools/chocolateyuninstall.ps1 index a362d5b54..bd78b2b9e 100644 --- a/packages/whisker.vm/tools/chocolateyuninstall.ps1 +++ b/packages/whisker.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Whisker' -$category = 'Active Directory' +$category = 'Persistence' VM-Uninstall $toolName $category diff --git a/packages/whisker.vm/whisker.vm.nuspec b/packages/whisker.vm/whisker.vm.nuspec index 730b6dfab..e3a4916c0 100644 --- a/packages/whisker.vm/whisker.vm.nuspec +++ b/packages/whisker.vm/whisker.vm.nuspec @@ -2,7 +2,7 @@ whisker.vm - 0.0.0.20230602 + 0.0.0.20230713 Elad Shamir Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. From d1c38bf0255d309625113f13a57a134641ad6516 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 20:03:23 +0200 Subject: [PATCH 208/330] :robot: Add openvpn.vm (#583) * Add openvpn.vm Closes https://github.com/mandiant/VM-Packages/issues/582. * removing shortcut and autostartup * fixed shortcut path and version * fixed version string * Remove extranneous start menu shortcut --------- Co-authored-by: nos3curity <72961537+nos3curity@users.noreply.github.com> Co-authored-by: skollr34p3r <48536777+skollr34p3r@users.noreply.github.com> --- packages/openvpn.vm/openvpn.vm.nuspec | 13 +++++++++ .../openvpn.vm/tools/chocolateyinstall.ps1 | 27 +++++++++++++++++++ .../openvpn.vm/tools/chocolateyuninstall.ps1 | 7 +++++ 3 files changed, 47 insertions(+) create mode 100644 packages/openvpn.vm/openvpn.vm.nuspec create mode 100644 packages/openvpn.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/openvpn.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec new file mode 100644 index 000000000..9b0f1658e --- /dev/null +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -0,0 +1,13 @@ + + + + openvpn.vm + 2.6.5.20230713 + OpenVPN Technologies Inc + OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. + + + + + + diff --git a/packages/openvpn.vm/tools/chocolateyinstall.ps1 b/packages/openvpn.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..6cea3e2be --- /dev/null +++ b/packages/openvpn.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'OpenVPN GUI' + $category = 'Networking' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ProgramFiles} '\OpenVPN\bin\openvpn-gui.exe' -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut + + # Removing the shortcut + $desktopShortcut = Join-Path ${Env:Public} "Desktop\$toolName.lnk" + Remove-Item $desktopShortcut -Force -ea 0 + + # Delete start menu shortcut + $startShortcut = Join-Path ${Env:ProgramData} "Microsoft\Windows\Start Menu\Programs\OpenVPN\" + Remove-Item $startShortcut -Force -Recurse -ea 0 + + # Removing OpenVPN from startup + Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run' -Name 'OpenVPN-GUI' -ErrorAction SilentlyContinue + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/openvpn.vm/tools/chocolateyuninstall.ps1 b/packages/openvpn.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..2be8b497b --- /dev/null +++ b/packages/openvpn.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'OpenVPN' +$category = 'Networking' + +VM-Remove-Tool-Shortcut $toolName $category From fb8b87c6be891eb494d76577b01bbc1e49186ca1 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 20:08:00 +0200 Subject: [PATCH 209/330] :robot: Add sqlitebrowser.vm (#588) * Add sqlitebrowser.vm Closes https://github.com/mandiant/VM-Packages/issues/587. * fixing locked dependency version and shimpath --------- Co-authored-by: unknown --- .../sqlitebrowser.vm/sqlitebrowser.vm.nuspec | 13 +++++++++++++ .../tools/chocolateyinstall.ps1 | 16 ++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ success_failure.json | Bin 104 -> 0 bytes 4 files changed, 36 insertions(+) create mode 100644 packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec create mode 100644 packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 delete mode 100644 success_failure.json diff --git a/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec b/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec new file mode 100644 index 000000000..c2f532150 --- /dev/null +++ b/packages/sqlitebrowser.vm/sqlitebrowser.vm.nuspec @@ -0,0 +1,13 @@ + + + + sqlitebrowser.vm + 0.0.0.20230714 + René Peinthor, Martin Kleusberg, Mauricio Piacentini, Justin Clift + DB Browser for SQLite is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite. + + + + + + diff --git a/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 b/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..16e3f40d0 --- /dev/null +++ b/packages/sqlitebrowser.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,16 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'DB Browser for SQLite' + $category = 'Utilities' + $shimPath = '\bin\DB Browser for SQLite.exe' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} $shimPath -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -RunAsAdmin + VM-Assert-Path $shortcut +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 b/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..9bac1e407 --- /dev/null +++ b/packages/sqlitebrowser.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DB Browser for SQLite' +$category = 'Utilities' + +VM-Remove-Tool-Shortcut $toolName $category diff --git a/success_failure.json b/success_failure.json deleted file mode 100644 index 9e21877f8a38b492814752764cb7098ee4322a87..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 104 zcmezWubM%Lp_rkRAsGl$fvjR6--^MAK?g{uF(fi%GUNbdi-2+ Date: Fri, 14 Jul 2023 11:10:02 -0700 Subject: [PATCH 210/330] Whisker and RouteSixtySink Category Change (#591) * recategorized packages * fix capitalization in category variable * updated package versions * recategorized whisker and routesixtysink --- packages/routesixtysink.vm/routesixtysink.vm.nuspec | 2 +- packages/routesixtysink.vm/tools/chocolateyinstall.ps1 | 2 +- packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/whisker.vm/tools/chocolateyinstall.ps1 | 2 +- packages/whisker.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/whisker.vm/whisker.vm.nuspec | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/routesixtysink.vm/routesixtysink.vm.nuspec b/packages/routesixtysink.vm/routesixtysink.vm.nuspec index 68c2caa1f..99acb79fa 100644 --- a/packages/routesixtysink.vm/routesixtysink.vm.nuspec +++ b/packages/routesixtysink.vm/routesixtysink.vm.nuspec @@ -2,7 +2,7 @@ routesixtysink.vm - 0.0.0.20230713 + 0.0.0.20230714 Dillon Franke, Michael Maturi Route Sixty-Sink is an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. diff --git a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 index 41eac37dd..b40948af3 100644 --- a/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 +++ b/packages/routesixtysink.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'RouteSixtySink' -$category = 'dotNet' +$category = 'Reconnaissance' $zipUrl = 'https://github.com/mandiant/route-sixty-sink/archive/59195003c84d75fabf6cc573c233dfb60d631f8a.zip' $zipSha256 = '860df7a6f8b8b135e27e731d1cc11a61837a390fc7da46652f82920040802f15' diff --git a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 index b199f710e..3da70e540 100644 --- a/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 +++ b/packages/routesixtysink.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'RouteSixtySink' -$category = 'dotNet' +$category = 'Reconnaissance' VM-Uninstall $toolName $category diff --git a/packages/whisker.vm/tools/chocolateyinstall.ps1 b/packages/whisker.vm/tools/chocolateyinstall.ps1 index 25793b837..e729d6096 100644 --- a/packages/whisker.vm/tools/chocolateyinstall.ps1 +++ b/packages/whisker.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Whisker' -$category = 'Persistence' +$category = 'Exploitation' $zipUrl = 'https://github.com/eladshamir/Whisker/archive/0bc2a0acc4a92b49c69d873f7ac565340a5f3291.zip' $zipSha256 = 'b181b639f2d18fb37e045d27cbe522e7b97aaa85c30dc0cb9bc75eaf6b939f9a' diff --git a/packages/whisker.vm/tools/chocolateyuninstall.ps1 b/packages/whisker.vm/tools/chocolateyuninstall.ps1 index bd78b2b9e..a9548c787 100644 --- a/packages/whisker.vm/tools/chocolateyuninstall.ps1 +++ b/packages/whisker.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Whisker' -$category = 'Persistence' +$category = 'Exploitation' VM-Uninstall $toolName $category diff --git a/packages/whisker.vm/whisker.vm.nuspec b/packages/whisker.vm/whisker.vm.nuspec index e3a4916c0..46b1e0be1 100644 --- a/packages/whisker.vm/whisker.vm.nuspec +++ b/packages/whisker.vm/whisker.vm.nuspec @@ -2,7 +2,7 @@ whisker.vm - 0.0.0.20230713 + 0.0.0.20230714 Elad Shamir Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. From cdf76f9fbdd71e844b19c4d1cbe6244c8ccd0118 Mon Sep 17 00:00:00 2001 From: VM Packages Bot <96435757+vm-packages@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:19:25 +0200 Subject: [PATCH 211/330] :robot: Add hashcat.vm (#585) * Add hashcat.vm Closes https://github.com/mandiant/VM-Packages/issues/584. * add hashcat * fixed vars. Combined values for cleaner path usage * fixed installation issue. Set consoleApp true * added 7zip dependency for install process * removing the success failure json * Fixed 7zip executable call and fixed working directory * added logic to stop the install if no intel processor is detected * Fixed 7zip executable again * removed nested unnecessary try/catch. Using CIM instead of wmi --------- Co-authored-by: Menn1s --- packages/hashcat.vm/hashcat.vm.nuspec | 13 +++++ .../hashcat.vm/tools/chocolateyinstall.ps1 | 47 +++++++++++++++++++ .../hashcat.vm/tools/chocolateyuninstall.ps1 | 7 +++ 3 files changed, 67 insertions(+) create mode 100644 packages/hashcat.vm/hashcat.vm.nuspec create mode 100644 packages/hashcat.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/hashcat.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/hashcat.vm/hashcat.vm.nuspec b/packages/hashcat.vm/hashcat.vm.nuspec new file mode 100644 index 000000000..2a5c4eb48 --- /dev/null +++ b/packages/hashcat.vm/hashcat.vm.nuspec @@ -0,0 +1,13 @@ + + + + hashcat.vm + 6.2.6 + Jens Steube (jsteube) + Hashcat is a fast password recovery utility. + + + + + + diff --git a/packages/hashcat.vm/tools/chocolateyinstall.ps1 b/packages/hashcat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2717cdf32 --- /dev/null +++ b/packages/hashcat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,47 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + + +$toolName = 'hashcat' +$category = 'Credential Access' + +$zipUrl = 'https://github.com/hashcat/hashcat/releases/download/v6.2.6/hashcat-6.2.6.7z' +$zipSha256 = '96697e9ef6a795d45863c91d61be85a9f138596e3151e7c2cd63ccf48aaa8783' +$zipName = 'hashcat-6.2.6' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} "$toolName" +$workingDir = Join-Path "$toolDir" "$zipname" + +try { + + # Get the processor information + $processor = Get-CimInstance Win32_Processor + + + # Check if the manufacturer is Intel + if ($processor.Manufacturer -eq "GenuineIntel") { + Write-Output "Intel processor detected for hashcat." + } else { + Write-Output "Non-Intel processor detected. Hashcat will not work" + throw "Non-Intel processor detected." + } + + + # Download the zip file + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $zipUrl + checksum = $zipSha256 + checksumType = "sha256" + fileFullPath = Join-Path "${Env:USERPROFILE}\AppData\Local\Temp" ("$zipName.7z") + } + Get-ChocolateyWebFile @packageArgs + $zipPath = $packageArgs.fileFullPath + VM-Assert-Path $zipPath + + 7zip x $zipPath -o"$toolDir" -y + # Create a shortcut + $executablePath = Join-Path "$workingDir" "$toolName.exe" -Resolve + VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true -executableDir $workingDir +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/hashcat.vm/tools/chocolateyuninstall.ps1 b/packages/hashcat.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..392b88d88 --- /dev/null +++ b/packages/hashcat.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'hashcat' +$category = 'Credential Access' + +VM-Uninstall $toolName $category From abddeb92365846cf513feb5a055926c3b55a812d Mon Sep 17 00:00:00 2001 From: Alex | NoSecurity <72961537+nos3curity@users.noreply.github.com> Date: Mon, 17 Jul 2023 19:20:44 -0700 Subject: [PATCH 212/330] Standardize PowerShell Shortcuts (#594) * remove ps1 from the shortcut * updated nuspec for common.vm --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 5111632bf..c25690562 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230711 + 0.0.0.20230714 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index f6321970b..33ef32c5c 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -475,7 +475,7 @@ function VM-Install-Single-Ps1 { Get-ChocolateyWebFile @packageArgs VM-Assert-Path $scriptPath - $shortcut = Join-Path $shortcutDir "$toolName.ps1.lnk" + $shortcut = Join-Path $shortcutDir "$toolName.lnk" $targetCmd = Join-Path ${Env:WinDir} "system32\cmd.exe" -Resolve if ($ps1Cmd) { From 6f4b8adbad613972c9338936f09ed593e0f012ab Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 2 Aug 2023 22:10:15 +0000 Subject: [PATCH 213/330] Update 010editor.vm to 14.0 --- packages/010editor.vm/010editor.vm.nuspec | 2 +- packages/010editor.vm/tools/chocolateyinstall.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/010editor.vm/010editor.vm.nuspec b/packages/010editor.vm/010editor.vm.nuspec index 3e42d27ed..7bfda8802 100644 --- a/packages/010editor.vm/010editor.vm.nuspec +++ b/packages/010editor.vm/010editor.vm.nuspec @@ -2,7 +2,7 @@ 010editor.vm - 13.0.2 + 14.0 Professional text and hex editor with Binary Templates technology. SweetScape diff --git a/packages/010editor.vm/tools/chocolateyinstall.ps1 b/packages/010editor.vm/tools/chocolateyinstall.ps1 index 58cd559f8..61df41639 100644 --- a/packages/010editor.vm/tools/chocolateyinstall.ps1 +++ b/packages/010editor.vm/tools/chocolateyinstall.ps1 @@ -5,10 +5,10 @@ try { $toolName = '010Editor' $category = 'Hex Editors' - $url = 'https://download.sweetscape.com/010EditorWin32Installer13.0.2.exe' - $checksum = '30f21ab0d744b37951b7406aee84d7e2f236d4e2d1e7dcf50d750638408461b2' - $url64 = 'https://download.sweetscape.com/010EditorWin64Installer13.0.2.exe' - $checksum64 = 'c85695071e530d1bc86d116fe8f674d1089ae222659055bafab650280427a1ee' + $url = 'https://download.sweetscape.com/010EditorWin32Installer14.0.exe' + $checksum = '11d96fa10df0f8e6add3509e03b963c398a190890f0ea45d8e56c4dd77cbeaa9' + $url64 = 'https://download.sweetscape.com/010EditorWin64Installer14.0.exe' + $checksum64 = '9f926af3bc49df3ab3b2fa8e9cf97caf018081df277c25ee37fab8c2fdd974ba' $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} From 7ebfb9f9be7fc879f5d8f32cb3c23c42150d79cc Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 2 Aug 2023 22:13:11 +0000 Subject: [PATCH 214/330] Update apktool.vm to 2.8.1 --- packages/apktool.vm/apktool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/apktool.vm/apktool.vm.nuspec b/packages/apktool.vm/apktool.vm.nuspec index bd1b040d2..b6f3a6a89 100644 --- a/packages/apktool.vm/apktool.vm.nuspec +++ b/packages/apktool.vm/apktool.vm.nuspec @@ -2,12 +2,12 @@ apktool.vm - 2.7.0 + 2.8.1 Connor Tumbleson, Ryszard Wisniewski A tool for reverse engineering 3rd party, closed, binary Android apps. - + From e03c52c4cb250413a3964d0708fb34b2b9e9742d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 2 Aug 2023 22:13:42 +0000 Subject: [PATCH 215/330] Update capa.vm to v6.0.0 --- packages/capa.vm/capa.vm.nuspec | 2 +- packages/capa.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/capa.vm/capa.vm.nuspec b/packages/capa.vm/capa.vm.nuspec index 68ee7dc94..ab6138e28 100755 --- a/packages/capa.vm/capa.vm.nuspec +++ b/packages/capa.vm/capa.vm.nuspec @@ -2,7 +2,7 @@ capa.vm - 5.1.0.20230418 + 6.0.0 capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. @williballenthin, @mr-tz, @Ana06, @mike-hunhoff, @mwilliams31, @MalwareMechanic diff --git a/packages/capa.vm/tools/chocolateyinstall.ps1 b/packages/capa.vm/tools/chocolateyinstall.ps1 index d70169b4e..9d44240e4 100755 --- a/packages/capa.vm/tools/chocolateyinstall.ps1 +++ b/packages/capa.vm/tools/chocolateyinstall.ps1 @@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'capa' $category = 'Utilities' -$zipUrl = "https://github.com/mandiant/capa/releases/download/v5.1.0/capa-v5.1.0-windows.zip" -$zipSha256 = "80ac9adfd095cb631a6fa39743b37444651e4129b4181fd34c8b8b3e53bc5b06" +$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.0.0/capa-v6.0.0-windows.zip" +$zipSha256 = "ca9a5388de86e95289426007ef794f6f6977ba6720f7fe5bc35a8cdc8a16f452" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true From e7e446c15275d1d7d743cfd49f43e56ceca15da2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 2 Aug 2023 22:19:20 +0000 Subject: [PATCH 216/330] Update ghidra.vm to 10.3.2.20230802 --- packages/ghidra.vm/ghidra.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index 6af8b272d..e8ed7e691 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,13 +2,13 @@ ghidra.vm - 10.3.2 + 10.3.2.20230802 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - + From 15f27b38f5f4bd159b2f3a028dd6b06373439023 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 3 Aug 2023 00:42:39 +0000 Subject: [PATCH 217/330] Update openvpn.vm to 2.6.5.20230803 --- packages/openvpn.vm/openvpn.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec index 9b0f1658e..be9b9de3f 100644 --- a/packages/openvpn.vm/openvpn.vm.nuspec +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -2,12 +2,12 @@ openvpn.vm - 2.6.5.20230713 + 2.6.5.20230803 OpenVPN Technologies Inc OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. - + From 80118629abf43cf87ca3ecd8cca82051f233db83 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 3 Aug 2023 00:44:55 +0000 Subject: [PATCH 218/330] Update sysinternals.vm to 2023.7.26 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index b12411539..5edd38e60 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.6.27.20230713 + 2023.7.26 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From 5947fb1ea17373620a6417a0acf476afc1b01392 Mon Sep 17 00:00:00 2001 From: tylerwhardy <50224819+tylerwhardy@users.noreply.github.com> Date: Mon, 7 Aug 2023 06:04:15 -0400 Subject: [PATCH 219/330] Update chocolateyinstall.ps1 for metasploit.vm (#612) * Update chocolateyinstall.ps1 for metasploit.vm * Update metasploit.vm.nuspec --------- Co-authored-by: Moritz --- packages/metasploit.vm/metasploit.vm.nuspec | 2 +- packages/metasploit.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/metasploit.vm/metasploit.vm.nuspec b/packages/metasploit.vm/metasploit.vm.nuspec index 05ab4f33f..6d3931ac6 100644 --- a/packages/metasploit.vm/metasploit.vm.nuspec +++ b/packages/metasploit.vm/metasploit.vm.nuspec @@ -2,7 +2,7 @@ metasploit.vm - 6.3.25.20230713 + 6.3.29.20230807 Rapid7 A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1 index 0114821df..a4118f1a6 100644 --- a/packages/metasploit.vm/tools/chocolateyinstall.ps1 +++ b/packages/metasploit.vm/tools/chocolateyinstall.ps1 @@ -6,7 +6,7 @@ try { $category = 'Command & Control' $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi' - $exeSha256 = '96a505d2e72ed2fbab63187c33bc694396649d0d88ae1fb54b2c01c3f583c06e' + $exeSha256 = '2ED5A4F9E63929FA468B014515B906473AB2E540BD212C5EE19B98DCF6738169' # can't install to specified path. $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework" $binDir = Join-Path $toolDir "bin" @@ -15,4 +15,4 @@ try { } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} From 29ad7655c66f66fc601a8ddbc34cb507797eb938 Mon Sep 17 00:00:00 2001 From: Tyler the Pug <50224819+tylerwhardy@users.noreply.github.com> Date: Wed, 9 Aug 2023 16:47:26 -0400 Subject: [PATCH 220/330] Update tor-browser.vm.nuspec Update tor-browser version from 12.5.1 to 12.5.2 as 12.5.1 has been delisted from TOR project to fix #614 --- packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec index 7fd1add70..d21a7b71a 100644 --- a/packages/tor-browser.vm/tor-browser.vm.nuspec +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -2,12 +2,12 @@ tor-browser.vm - 12.5.1 + 12.5.2 Tor Project The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. - + From 8b33894a76a8a717bb285780152a976876573ded Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 9 Aug 2023 22:10:55 +0000 Subject: [PATCH 221/330] Update cutter.vm to v2.3.0 --- packages/cutter.vm/cutter.vm.nuspec | 2 +- packages/cutter.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index fc345a6e5..2d34da7dc 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.2.1 + 2.3.0 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index 39e7cb1b2..194cc07bb 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.2.1/Cutter-v2.2.1-Windows-x86_64.zip' -$zipSha256 = '2871e93e01881ba31e1c3fbdc7e4ccfb3114b3d95cad64a93fefa933846cadb4' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.0/Cutter-v2.3.0-Windows-x86_64.zip' +$zipSha256 = 'a708f0884421e7a90e95e5389697931ce5b282f8dfe0219b206b4837071bd770' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From bdd01c7a252073f2509643a3ac9c9ad146c37d4b Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 9 Aug 2023 22:12:58 +0000 Subject: [PATCH 222/330] Update cyberchef.vm to v10.5.2 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- packages/cyberchef.vm/tools/chocolateyinstall.ps1 | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 74cb352ac..ff31726de 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.4.0.20230628 + 10.5.2 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + diff --git a/packages/cyberchef.vm/tools/chocolateyinstall.ps1 b/packages/cyberchef.vm/tools/chocolateyinstall.ps1 index d0495a75a..9c0d9c0cd 100644 --- a/packages/cyberchef.vm/tools/chocolateyinstall.ps1 +++ b/packages/cyberchef.vm/tools/chocolateyinstall.ps1 @@ -11,14 +11,14 @@ try { $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} unzipLocation = $toolDir - url = 'https://github.com/gchq/CyberChef/releases/download/v10.4.0/CyberChef_v10.4.0.zip' - checksum = '8485713baeed5fced47e2543b3072032bc9e541d1962b9ee8356b615efa074a2' + url = 'https://github.com/gchq/CyberChef/releases/download/v10.5.2/CyberChef_v10.5.2.zip' + checksum = 'a4d47a313d9e79d08775abfde18a08c32b50b4db8fa52261bfddbb785910d0ef' checksumType = 'sha256' } Install-ChocolateyZipPackage @packageArgs VM-Assert-Path $toolDir - $htmlPath = Join-Path $toolDir "CyberChef_v10.4.0.html" -Resolve + $htmlPath = Join-Path $toolDir "CyberChef_v10.5.2.html" -Resolve $shortcut = Join-Path $shortcutDir "CyberChef.lnk" Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $htmlPath VM-Assert-Path $shortcut From ec6a7e1cfd4e1f7c7eddd75a337cf901a0642f97 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 9 Aug 2023 22:13:42 +0000 Subject: [PATCH 223/330] Update group3r.vm to 1.0.59 --- packages/group3r.vm/group3r.vm.nuspec | 2 +- packages/group3r.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/group3r.vm/group3r.vm.nuspec b/packages/group3r.vm/group3r.vm.nuspec index e6af3ea85..b9bf3bd1c 100644 --- a/packages/group3r.vm/group3r.vm.nuspec +++ b/packages/group3r.vm/group3r.vm.nuspec @@ -2,7 +2,7 @@ group3r.vm - 1.0.53 + 1.0.59 l0ss Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations. diff --git a/packages/group3r.vm/tools/chocolateyinstall.ps1 b/packages/group3r.vm/tools/chocolateyinstall.ps1 index d24e12720..8bddbc699 100644 --- a/packages/group3r.vm/tools/chocolateyinstall.ps1 +++ b/packages/group3r.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Group3r' $category = 'Reconnaissance' -$exeUrl = 'https://github.com/Group3r/Group3r/releases/download/1.0.53/Group3r.exe' -$exeSha256 = 'a8bb914637ae760a57ab1ea6f00636348371f4bff4ddae20cc14b533ec6d9e6b' +$exeUrl = 'https://github.com/Group3r/Group3r/releases/download/1.0.59/Group3r.exe' +$exeSha256 = '427a990d8ee64c640faa8e1be48637ef64ec300615686d4bf212503c7926e2d4' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From e4badd580e722fe52c1dd700e21082f2cc98d9d2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 9 Aug 2023 22:14:52 +0000 Subject: [PATCH 224/330] Update ilspy.vm to 8.1.0 --- packages/ilspy.vm/ilspy.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec index 27316b8f4..34193845f 100644 --- a/packages/ilspy.vm/ilspy.vm.nuspec +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -2,12 +2,12 @@ ilspy.vm - 8.0.0.20230628 + 8.1.0 SharpDevelop Team The open-source .NET assembly browser and decompiler. - + From 0680d96f14a2e9d4e3ac2c0fbf6f5d29f1128690 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 10 Aug 2023 00:38:41 +0000 Subject: [PATCH 225/330] Update sharphound.vm to v2.0.0 --- packages/sharphound.vm/sharphound.vm.nuspec | 2 +- packages/sharphound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sharphound.vm/sharphound.vm.nuspec b/packages/sharphound.vm/sharphound.vm.nuspec index 43fce77ac..7a8995369 100644 --- a/packages/sharphound.vm/sharphound.vm.nuspec +++ b/packages/sharphound.vm/sharphound.vm.nuspec @@ -2,7 +2,7 @@ sharphound.vm - 1.1.1.20230713 + 2.0.0 specterops SharpHound is an Active Directory ingester tool for BloodHound. diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 index eb7588344..609a930cd 100644 --- a/packages/sharphound.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' $category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v1.1.1/SharpHound-v1.1.1.zip' -$zipSha256 = '224d47658e0e7ddc256eb97725179a35e42fed02f7717cf5b62afbae26dcb36b' +$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v2.0.0/SharpHound-v2.0.0.zip' +$zipSha256 = '2b6ef9f4b59e06238caf0e4c79e023356784eff5d49313e7fae8539cc47a65ca' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From eb808aa185c288e120ab9239584a184e6a8ae214 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 10 Aug 2023 00:39:34 +0000 Subject: [PATCH 226/330] Update tor-browser.vm to 12.5.2 --- packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec index 7fd1add70..d21a7b71a 100644 --- a/packages/tor-browser.vm/tor-browser.vm.nuspec +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -2,12 +2,12 @@ tor-browser.vm - 12.5.1 + 12.5.2 Tor Project The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. - + From bb9501d0bd9aeaab4041b92803bcb7f0df8b0c36 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 10 Aug 2023 00:39:50 +0000 Subject: [PATCH 227/330] Update upx.vm to 4.1.0 --- packages/upx.vm/tools/chocolateyinstall.ps1 | 8 ++++---- packages/upx.vm/upx.vm.nuspec | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 index ad3818fa5..9c3d23736 100644 --- a/packages/upx.vm/tools/chocolateyinstall.ps1 +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -4,9 +4,9 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'upx' $category = 'Utilities' -$zipUrl = "https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win32.zip" -$zipSha256 = "3f5b59252b0b657143ab945ce10fa0e5c4a509f69588695e11757cb1fc1b7eb7" -$zipUrl_64 = 'https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-win64.zip' -$zipSha256_64 = '325c58ea2ed375afbd4eeac0b26f15f98db0d75dea701205ca10d8bf4d2fdc24' +$zipUrl = "https://github.com/upx/upx/releases/download/v4.1.0/upx-4.1.0-win32.zip" +$zipSha256 = "066c62993ce904f9f377ce849e85b77d1e2cf477d554c36c5ff89f6d3f0fa072" +$zipUrl_64 = 'https://github.com/upx/upx/releases/download/v4.1.0/upx-4.1.0-win64.zip' +$zipSha256_64 = '382cee168d6261a76c3b6a98b3ca2de44930bf5faa5f2dc2ced4fa3850fe8ff6' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64 -consoleApp $true -innerFolder $true diff --git a/packages/upx.vm/upx.vm.nuspec b/packages/upx.vm/upx.vm.nuspec index a4314fd4d..511bbbf96 100644 --- a/packages/upx.vm/upx.vm.nuspec +++ b/packages/upx.vm/upx.vm.nuspec @@ -2,7 +2,7 @@ upx.vm - 4.0.2.20230626 + 4.1.0 markus-oberhumer UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. From fa20fe831ed37aeae159395ecf22f87db1f36792 Mon Sep 17 00:00:00 2001 From: Tyler the Pug <50224819+tylerwhardy@users.noreply.github.com> Date: Fri, 11 Aug 2023 03:13:26 -0400 Subject: [PATCH 228/330] Rubeus patch for resolving SHA256 mismatch on 2.2.3 release (#629) * Update rubeus.vm.nuspec Updating to 2.2.3 per version posted in latest build at Rubeus/Domain/Info.cs * Update chocolateyinstall.ps1 Update SHA256 --- packages/rubeus.vm/rubeus.vm.nuspec | 2 +- packages/rubeus.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/rubeus.vm/rubeus.vm.nuspec b/packages/rubeus.vm/rubeus.vm.nuspec index 3d8c84910..0bf50823c 100644 --- a/packages/rubeus.vm/rubeus.vm.nuspec +++ b/packages/rubeus.vm/rubeus.vm.nuspec @@ -2,7 +2,7 @@ rubeus.vm - 2.2.1 + 2.2.3 harmj0y Rubeus is a C# toolset for raw Kerberos interaction and abuses. diff --git a/packages/rubeus.vm/tools/chocolateyinstall.ps1 b/packages/rubeus.vm/tools/chocolateyinstall.ps1 index a4eabddd9..0fbb140c8 100644 --- a/packages/rubeus.vm/tools/chocolateyinstall.ps1 +++ b/packages/rubeus.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'Rubeus' $category = 'Credential Access' $zipUrl = 'https://github.com/GhostPack/Rubeus/archive/refs/heads/master.zip' -$zipSha256 = 'f6d1650043e528e24b4bc5c1f24e64ff0c4bbcf72537b84b1d8f866dd8ab8ccb' +$zipSha256 = 'DC61768AF588A5FCC1CEDC491E8DF81BC652A96A1A032741034E40B75EC404F2' VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 From 8fd0a15c58c1e194061d03c755a97a83a13f6b02 Mon Sep 17 00:00:00 2001 From: Tyler the Pug <50224819+tylerwhardy@users.noreply.github.com> Date: Fri, 11 Aug 2023 12:14:16 -0400 Subject: [PATCH 229/330] Tylerwhardy metasploit patch 2 (#631) * Update metasploit.vm.nuspec Update to latest version * Update chocolateyinstall.ps1 Update to latest file hash --- packages/metasploit.vm/metasploit.vm.nuspec | 4 ++-- packages/metasploit.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/metasploit.vm/metasploit.vm.nuspec b/packages/metasploit.vm/metasploit.vm.nuspec index 6d3931ac6..3b9d97862 100644 --- a/packages/metasploit.vm/metasploit.vm.nuspec +++ b/packages/metasploit.vm/metasploit.vm.nuspec @@ -2,9 +2,9 @@ metasploit.vm - 6.3.29.20230807 + 6.3.30.20230811 Rapid7 - A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. + A computer security project that provides information about security vulnerabilities, aids in penetration testing, and IDS signature development. diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1 index a4118f1a6..2391c754c 100644 --- a/packages/metasploit.vm/tools/chocolateyinstall.ps1 +++ b/packages/metasploit.vm/tools/chocolateyinstall.ps1 @@ -6,7 +6,7 @@ try { $category = 'Command & Control' $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi' - $exeSha256 = '2ED5A4F9E63929FA468B014515B906473AB2E540BD212C5EE19B98DCF6738169' + $exeSha256 = '470039711E182C4551169A776AFC8C10B4BAEA1600334449998894B2D725D49A' # can't install to specified path. $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework" $binDir = Join-Path $toolDir "bin" From 369324793e1edffbbb4d7e195d61e8f4fb3745c6 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 16 Aug 2023 22:10:46 +0000 Subject: [PATCH 230/330] Update exiftool.vm to 12.65.0 --- packages/exiftool.vm/exiftool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 09eeb20e4..5b6ef0e8c 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.64.0 + 12.65.0 Phil Harvey A tool for reeding and writing file metadata - + From 3f7c9434139483e0d817d5407eeaf132a24161cf Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 16 Aug 2023 23:45:31 +0000 Subject: [PATCH 231/330] Update notepadplusplus.vm to 8.5.5 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index f69142460..548e94508 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.4 + 8.5.5 Wrapper for Notepad++ Don Ho - + From 38550840d5ef90f70629e924cddbd7a102d785f2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 17 Aug 2023 00:34:34 +0000 Subject: [PATCH 232/330] Update sqlrecon.vm to v3.3 --- packages/sqlrecon.vm/sqlrecon.vm.nuspec | 2 +- packages/sqlrecon.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sqlrecon.vm/sqlrecon.vm.nuspec b/packages/sqlrecon.vm/sqlrecon.vm.nuspec index 1df889f1e..0b4e51ec4 100644 --- a/packages/sqlrecon.vm/sqlrecon.vm.nuspec +++ b/packages/sqlrecon.vm/sqlrecon.vm.nuspec @@ -2,7 +2,7 @@ sqlrecon.vm - 2.2.2.20230418 + 3.3 Sanjiv Kawa, Rasta Mouse MSSQL toolkit for reconnaissance and post-exploitation diff --git a/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 b/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 index 69c3b3568..8051dfa91 100644 --- a/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 +++ b/packages/sqlrecon.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'SQLRecon' $category = 'Exploitation' -$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v2.2.2/SQLRecon.exe' -$exeSha256 = '36efd1025ff8379d5b85904160e7dba7c59f4b180f1b03de2a72531c1e9b82cf' +$exeUrl = 'https://github.com/skahwah/SQLRecon/releases/download/v3.3/SQLRecon.exe' +$exeSha256 = '934b069bb6d8e7b03747dc90a00c94df491d8e7b2d8955793c317ce9361b8e19' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 From add2fbdbeed70c0871801c4872253d7692cf9fe7 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 17 Aug 2023 00:35:11 +0000 Subject: [PATCH 233/330] Update vnc-viewer.vm to 7.6.0 --- packages/vnc-viewer.vm/vnc-viewer.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec index 84357a9d5..8d0d2e810 100644 --- a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec +++ b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec @@ -2,12 +2,12 @@ vnc-viewer.vm - 7.5.1 + 7.6.0 RealVNC Tool for connecting to and interacting with VNC servers. - + From 616b2e387cfa6f635e16bb8521b8051fb35cb3f7 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 21 Aug 2023 20:25:49 +0000 Subject: [PATCH 234/330] Add dotdumper.vm Closes https://github.com/mandiant/VM-Packages/issues/630. --- packages/dotdumper.vm/dotdumper.vm.nuspec | 12 ++++++++++++ packages/dotdumper.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/dotdumper.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/dotdumper.vm/dotdumper.vm.nuspec create mode 100644 packages/dotdumper.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dotdumper.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dotdumper.vm/dotdumper.vm.nuspec b/packages/dotdumper.vm/dotdumper.vm.nuspec new file mode 100644 index 000000000..52297f4ab --- /dev/null +++ b/packages/dotdumper.vm/dotdumper.vm.nuspec @@ -0,0 +1,12 @@ + + + + dotdumper.vm + 1.1 + ThisIsLibra + An automatic unpacker and logger for DotNet Framework targeting files + + + + + diff --git a/packages/dotdumper.vm/tools/chocolateyinstall.ps1 b/packages/dotdumper.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..67787b7c9 --- /dev/null +++ b/packages/dotdumper.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotDumper' +$category = 'dotNet' + +$zipUrl = 'https://github.com/advanced-threat-research/DotDumper/releases/download/1.1/DotDumper.zip' +$zipSha256 = '504bce7018041dfc1a7c3ecc28443a3b7648a25e9d1430b5875c11a39b686a98' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true diff --git a/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 b/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..64f369ecd --- /dev/null +++ b/packages/dotdumper.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'DotDumper' +$category = 'dotNet' + +VM-Uninstall $toolName $category From d1d80e38cd75bbba6cb6db7ac6955400d59532a9 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 18:04:25 +0000 Subject: [PATCH 235/330] Update cutter.vm to v2.3.1 --- packages/cutter.vm/cutter.vm.nuspec | 2 +- packages/cutter.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index 2d34da7dc..416a4bebf 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.3.0 + 2.3.1 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index 194cc07bb..cbc1624f6 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.0/Cutter-v2.3.0-Windows-x86_64.zip' -$zipSha256 = 'a708f0884421e7a90e95e5389697931ce5b282f8dfe0219b206b4837071bd770' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.1/Cutter-v2.3.1-Windows-x86_64.zip' +$zipSha256 = '52939105aff4f5b5ce82e17ddcd62e9cfb3c14684c1cbf98e6f485af1e47b074' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 068bca45c33764b0cae7ca2c8b7467b318fc74eb Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 18:05:40 +0000 Subject: [PATCH 236/330] Update cyberchef.vm to 10.5.2.20230822 --- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index ff31726de..6bc1cdcd4 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.5.2 + 10.5.2.20230822 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + From ba339a71a9cad97ffd03d28a34699dd3e4db7fca Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 18:15:06 +0000 Subject: [PATCH 237/330] Update cygwin.vm to 3.4.8 --- packages/cygwin.vm/cygwin.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index ed5e2a334..1088549e8 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.7 + 3.4.8 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + From 9f009503babeb3a9a7416c41cef22121bd76ef41 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 19:50:26 +0000 Subject: [PATCH 238/330] Update notepadplusplus.vm to 8.5.6 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index 548e94508..9ca8e9b29 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.5 + 8.5.6 Wrapper for Notepad++ Don Ho - + From 0ccfeaee801b6f871ebc024d60a5bef90d438833 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 20:39:02 +0000 Subject: [PATCH 239/330] Update openvpn.vm to 2.6.6 --- packages/openvpn.vm/openvpn.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec index be9b9de3f..5a04500cd 100644 --- a/packages/openvpn.vm/openvpn.vm.nuspec +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -2,12 +2,12 @@ openvpn.vm - 2.6.5.20230803 + 2.6.6 OpenVPN Technologies Inc OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. - + From 78064426e090939d7223da5480942c4065bf2548 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 20:39:22 +0000 Subject: [PATCH 240/330] Update pestudio.vm to 9.54 --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index dfa14ea81..799bc3316 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.53.0.20230629 + 9.54 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index f9ecd5853..3d583954f 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip' -$zipSha256 = 'ded56a58d7c5e06453f22a875d6a58ec0c07031e1c0873acc06b288a2d9658d8' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.54.zip' +$zipSha256 = 'b9d4f4881ae8f54170fe97e35340aa651350f226da4ee2f0bf87ce9b5ac41ea4' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 87787d39d0565263b38f7a9a9b7a35539ea20c7c Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 22 Aug 2023 20:40:04 +0000 Subject: [PATCH 241/330] Update snaffler.vm to 1.0.132 --- packages/snaffler.vm/snaffler.vm.nuspec | 2 +- packages/snaffler.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec index b2a35b0b3..8c9573386 100644 --- a/packages/snaffler.vm/snaffler.vm.nuspec +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -2,7 +2,7 @@ snaffler.vm - 1.0.126 + 1.0.132 l0ss, Sh3r4 Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 index f3c7e1696..ba073e570 100644 --- a/packages/snaffler.vm/tools/chocolateyinstall.ps1 +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Snaffler' $category = 'Reconnaissance' -$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.126/Snaffler.exe' -$exeSha256 = 'c27cfb7487f51e33a5964a64df0c3f0f4b5f94b64a428ae1817255d480b42472' +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.132/Snaffler.exe' +$exeSha256 = '436108e86eced22b3384bc129b7a16a5f50821b98aa146847e94f595d130b235' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From 81dd79d358dd71f244e2d28a76b060a6f9a1a7b5 Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 23 Aug 2023 10:42:59 +0200 Subject: [PATCH 242/330] Revert ":robot: Package update" --- packages/cutter.vm/cutter.vm.nuspec | 2 +- packages/cutter.vm/tools/chocolateyinstall.ps1 | 4 ++-- packages/cyberchef.vm/cyberchef.vm.nuspec | 4 ++-- packages/cygwin.vm/cygwin.vm.nuspec | 4 ++-- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- packages/openvpn.vm/openvpn.vm.nuspec | 4 ++-- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 4 ++-- packages/snaffler.vm/snaffler.vm.nuspec | 2 +- packages/snaffler.vm/tools/chocolateyinstall.ps1 | 4 ++-- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index 416a4bebf..2d34da7dc 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.3.1 + 2.3.0 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index cbc1624f6..194cc07bb 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.1/Cutter-v2.3.1-Windows-x86_64.zip' -$zipSha256 = '52939105aff4f5b5ce82e17ddcd62e9cfb3c14684c1cbf98e6f485af1e47b074' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.0/Cutter-v2.3.0-Windows-x86_64.zip' +$zipSha256 = 'a708f0884421e7a90e95e5389697931ce5b282f8dfe0219b206b4837071bd770' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 6bc1cdcd4..ff31726de 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,12 @@ cyberchef.vm - 10.5.2.20230822 + 10.5.2 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - + diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index 1088549e8..ed5e2a334 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.8 + 3.4.7 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index 9ca8e9b29..548e94508 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.6 + 8.5.5 Wrapper for Notepad++ Don Ho - + diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec index 5a04500cd..be9b9de3f 100644 --- a/packages/openvpn.vm/openvpn.vm.nuspec +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -2,12 +2,12 @@ openvpn.vm - 2.6.6 + 2.6.5.20230803 OpenVPN Technologies Inc OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. - + diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index 799bc3316..dfa14ea81 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.54 + 9.53.0.20230629 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index 3d583954f..f9ecd5853 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.54.zip' -$zipSha256 = 'b9d4f4881ae8f54170fe97e35340aa651350f226da4ee2f0bf87ce9b5ac41ea4' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip' +$zipSha256 = 'ded56a58d7c5e06453f22a875d6a58ec0c07031e1c0873acc06b288a2d9658d8' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec index 8c9573386..b2a35b0b3 100644 --- a/packages/snaffler.vm/snaffler.vm.nuspec +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -2,7 +2,7 @@ snaffler.vm - 1.0.132 + 1.0.126 l0ss, Sh3r4 Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 index ba073e570..f3c7e1696 100644 --- a/packages/snaffler.vm/tools/chocolateyinstall.ps1 +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Snaffler' $category = 'Reconnaissance' -$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.132/Snaffler.exe' -$exeSha256 = '436108e86eced22b3384bc129b7a16a5f50821b98aa146847e94f595d130b235' +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.126/Snaffler.exe' +$exeSha256 = 'c27cfb7487f51e33a5964a64df0c3f0f4b5f94b64a428ae1817255d480b42472' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From 41b5bd90b78d0352328c36f0200767d41e9c3da8 Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Wed, 23 Aug 2023 15:34:11 -0400 Subject: [PATCH 243/330] disabling stringsifter for the time being --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/modules.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index 606277012..b3616f955 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230522 + 0.0.0.20230822 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index a9ecbf7aa..f3b4055f3 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -20,7 +20,7 @@ - + From e9f6d0868f377c4a1334f9ab7e224d49f57e729d Mon Sep 17 00:00:00 2001 From: Moritz Date: Thu, 24 Aug 2023 09:12:42 +0200 Subject: [PATCH 244/330] remove chrome dependency from cyberchef (#642) * remove Chrome dependency --- packages/cyberchef.vm/cyberchef.vm.nuspec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/cyberchef.vm/cyberchef.vm.nuspec b/packages/cyberchef.vm/cyberchef.vm.nuspec index 6bc1cdcd4..895580585 100644 --- a/packages/cyberchef.vm/cyberchef.vm.nuspec +++ b/packages/cyberchef.vm/cyberchef.vm.nuspec @@ -2,12 +2,11 @@ cyberchef.vm - 10.5.2.20230822 + 10.5.2.20230823 GCHQ The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. - From a004bbdcb9b20ec7126eedc51ae0b0df47514f49 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 24 Aug 2023 15:09:46 +0000 Subject: [PATCH 245/330] Add PEAnatomist.vm Closes https://github.com/mandiant/VM-Packages/issues/647. --- packages/peanatomist.vm/peanatomist.vm.nuspec | 12 ++++++++++++ packages/peanatomist.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../peanatomist.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/peanatomist.vm/peanatomist.vm.nuspec create mode 100644 packages/peanatomist.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/peanatomist.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/peanatomist.vm/peanatomist.vm.nuspec b/packages/peanatomist.vm/peanatomist.vm.nuspec new file mode 100644 index 000000000..d14076cba --- /dev/null +++ b/packages/peanatomist.vm/peanatomist.vm.nuspec @@ -0,0 +1,12 @@ + + + + peanatomist.vm + 0.2.11931.20230824 + RamMerLabs + PE Analysis tool providing detailed information + + + + + diff --git a/packages/peanatomist.vm/tools/chocolateyinstall.ps1 b/packages/peanatomist.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..231489a2b --- /dev/null +++ b/packages/peanatomist.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PEAnatomist' +$category = 'PE' + +$zipUrl = 'https://rammerlabs.alidml.ru/files/0000-0002-29CD-0000/PEAnatomist-0.2.zip' +$zipSha256 = '8265abffa0f9e7ad4c3e2293b708c4cfda475407309e97b2437ec7121cd8668d' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false diff --git a/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..8be304ada --- /dev/null +++ b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'PEAnatomist' +$category = 'PE' + +VM-Uninstall $toolName $category From f3785b59941f0432fa04b8fcaefa69c13e12848a Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Thu, 24 Aug 2023 13:40:11 -0400 Subject: [PATCH 246/330] adding package dnfile --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/modules.xml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index b3616f955..2e17a92b1 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230822 + 0.0.0.20230824 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index f3b4055f3..e9dd9f38a 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -5,6 +5,7 @@ + From 8a400e28730f87c15ad367a845a57f2a656a32e8 Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Thu, 24 Aug 2023 13:45:40 -0400 Subject: [PATCH 247/330] adding pythonnet package --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/modules.xml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index b3616f955..2e17a92b1 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230822 + 0.0.0.20230824 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index f3b4055f3..68d49523d 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -16,6 +16,7 @@ + From ab723a3fe0c9dcc1f441ae13f9bb7ebab366403c Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Fri, 25 Aug 2023 11:20:17 -0400 Subject: [PATCH 248/330] adding dncil package --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/modules.xml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index 2e17a92b1..6adb8f198 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230824 + 0.0.0.20230825 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 82fb2a0dc..9c17da2df 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -6,6 +6,7 @@ + From a0107d1647d1155e73a7513b16c384b20ab7a8ef Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Sun, 27 Aug 2023 23:29:33 -0400 Subject: [PATCH 249/330] added dnlib library --- packages/dnlib.vm/dnlib.vm.nuspec | 12 ++++++++ packages/dnlib.vm/tools/chocolateyinstall.ps1 | 29 +++++++++++++++++++ .../dnlib.vm/tools/chocolateyuninstall.ps1 | 12 ++++++++ 3 files changed, 53 insertions(+) create mode 100644 packages/dnlib.vm/dnlib.vm.nuspec create mode 100644 packages/dnlib.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dnlib.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dnlib.vm/dnlib.vm.nuspec b/packages/dnlib.vm/dnlib.vm.nuspec new file mode 100644 index 000000000..7cc0e2b02 --- /dev/null +++ b/packages/dnlib.vm/dnlib.vm.nuspec @@ -0,0 +1,12 @@ + + + + dnlib.vm + 4.0.0 + 0xd4d + .NET module/assembly reader/writer library + + + + + diff --git a/packages/dnlib.vm/tools/chocolateyinstall.ps1 b/packages/dnlib.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..935c6a833 --- /dev/null +++ b/packages/dnlib.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,29 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'dnlib' + $category = 'dotNet' + + $zipUrl = 'https://www.nuget.org/api/v2/package/dnlib/4.0.0' + $zipSha256 = 'adee956696461c9146da3ba220a1a3e6f553a8ba26f2664b1d8507a35976961e' + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $toolDir + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + SpecificFolder = "lib" + } + Install-ChocolateyZipPackage @packageArgs + VM-Assert-Path $toolDir + + $executablePath = Join-Path $toolDir "lib" + VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/dnlib.vm/tools/chocolateyuninstall.ps1 b/packages/dnlib.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..3884aa82b --- /dev/null +++ b/packages/dnlib.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'dnlib' +$category = 'dotNet' +$toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + +# Remove tool files +Remove-Item $toolDir -Recurse -Force -ea 0 | Out-Null + +# Remove tool shortcut +VM-Remove-Tool-Shortcut $toolName $category From 8488d530d5be31749debff15e7ae0998dbf6aa5b Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 14:05:00 +0000 Subject: [PATCH 250/330] Update capa.vm to v6.1.0 --- packages/capa.vm/capa.vm.nuspec | 2 +- packages/capa.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/capa.vm/capa.vm.nuspec b/packages/capa.vm/capa.vm.nuspec index ab6138e28..adc685f81 100755 --- a/packages/capa.vm/capa.vm.nuspec +++ b/packages/capa.vm/capa.vm.nuspec @@ -2,7 +2,7 @@ capa.vm - 6.0.0 + 6.1.0 capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. @williballenthin, @mr-tz, @Ana06, @mike-hunhoff, @mwilliams31, @MalwareMechanic diff --git a/packages/capa.vm/tools/chocolateyinstall.ps1 b/packages/capa.vm/tools/chocolateyinstall.ps1 index 9d44240e4..e6213f979 100755 --- a/packages/capa.vm/tools/chocolateyinstall.ps1 +++ b/packages/capa.vm/tools/chocolateyinstall.ps1 @@ -4,8 +4,8 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'capa' $category = 'Utilities' -$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.0.0/capa-v6.0.0-windows.zip" -$zipSha256 = "ca9a5388de86e95289426007ef794f6f6977ba6720f7fe5bc35a8cdc8a16f452" +$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-windows.zip" +$zipSha256 = "070923d5ca225ef29a670af9cc66a8d648fcaaff7e283cb1ddc73de6e3610f0f" VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true From 60e367d9a53dc6ebdbaab8905491c897be889b21 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 14:05:36 +0000 Subject: [PATCH 251/330] Update cutter.vm to v2.3.1 --- packages/cutter.vm/cutter.vm.nuspec | 2 +- packages/cutter.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index 2d34da7dc..416a4bebf 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.3.0 + 2.3.1 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index 194cc07bb..cbc1624f6 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.0/Cutter-v2.3.0-Windows-x86_64.zip' -$zipSha256 = 'a708f0884421e7a90e95e5389697931ce5b282f8dfe0219b206b4837071bd770' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.1/Cutter-v2.3.1-Windows-x86_64.zip' +$zipSha256 = '52939105aff4f5b5ce82e17ddcd62e9cfb3c14684c1cbf98e6f485af1e47b074' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From f025ad963f809626e3b5766f225e0b397fa01292 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 14:08:52 +0000 Subject: [PATCH 252/330] Update cygwin.vm to 3.4.8 --- packages/cygwin.vm/cygwin.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index ed5e2a334..1088549e8 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.7 + 3.4.8 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + From 24a60be51c51b9c1e4573a1326a8827b63246f6a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 15:45:03 +0000 Subject: [PATCH 253/330] Update notepadplusplus.vm to 8.5.6 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index 548e94508..9ca8e9b29 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.5 + 8.5.6 Wrapper for Notepad++ Don Ho - + From 00f990490418e32bcc995bfb63f17c735ea0cc2a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 16:33:35 +0000 Subject: [PATCH 254/330] Update openvpn.vm to 2.6.6 --- packages/openvpn.vm/openvpn.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/openvpn.vm/openvpn.vm.nuspec b/packages/openvpn.vm/openvpn.vm.nuspec index be9b9de3f..5a04500cd 100644 --- a/packages/openvpn.vm/openvpn.vm.nuspec +++ b/packages/openvpn.vm/openvpn.vm.nuspec @@ -2,12 +2,12 @@ openvpn.vm - 2.6.5.20230803 + 2.6.6 OpenVPN Technologies Inc OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. - + From 015b7bb9f8a3a40465428bdcc79080869f09fa53 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 16:33:56 +0000 Subject: [PATCH 255/330] Update pestudio.vm to 9.54 --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index dfa14ea81..799bc3316 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.53.0.20230629 + 9.54 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index f9ecd5853..3d583954f 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.53.zip' -$zipSha256 = 'ded56a58d7c5e06453f22a875d6a58ec0c07031e1c0873acc06b288a2d9658d8' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.54.zip' +$zipSha256 = 'b9d4f4881ae8f54170fe97e35340aa651350f226da4ee2f0bf87ce9b5ac41ea4' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 04e25b5755c913da402516450c92ca70dc9fa42a Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 16:34:14 +0000 Subject: [PATCH 256/330] Update putty.vm to 0.79.0 --- packages/putty.vm/putty.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/putty.vm/putty.vm.nuspec b/packages/putty.vm/putty.vm.nuspec index e179e60b6..83942ce6b 100644 --- a/packages/putty.vm/putty.vm.nuspec +++ b/packages/putty.vm/putty.vm.nuspec @@ -2,12 +2,12 @@ putty.vm - 0.78.0 + 0.79.0 Simon Tatham PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. - + From b364fec28a84adc424f5044ddc3ef8a856e24617 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 16:34:47 +0000 Subject: [PATCH 257/330] Update snaffler.vm to 1.0.132 --- packages/snaffler.vm/snaffler.vm.nuspec | 2 +- packages/snaffler.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec index b2a35b0b3..8c9573386 100644 --- a/packages/snaffler.vm/snaffler.vm.nuspec +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -2,7 +2,7 @@ snaffler.vm - 1.0.126 + 1.0.132 l0ss, Sh3r4 Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 index f3c7e1696..ba073e570 100644 --- a/packages/snaffler.vm/tools/chocolateyinstall.ps1 +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Snaffler' $category = 'Reconnaissance' -$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.126/Snaffler.exe' -$exeSha256 = 'c27cfb7487f51e33a5964a64df0c3f0f4b5f94b64a428ae1817255d480b42472' +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.132/Snaffler.exe' +$exeSha256 = '436108e86eced22b3384bc129b7a16a5f50821b98aa146847e94f595d130b235' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From 651b56f0e0b58f2825d9ab599ef6bc6b8c278882 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Tue, 29 Aug 2023 16:35:47 +0000 Subject: [PATCH 258/330] Update wireshark.vm to 4.0.8 --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index 6d8ad28a7..009c3fc46 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.7 + 4.0.8 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From 94c2db8cf19cec554a1b30c353240f23876230c7 Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 30 Aug 2023 09:02:01 +0200 Subject: [PATCH 259/330] Undo wireshark update --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index 009c3fc46..6d8ad28a7 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.8 + 4.0.7 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From 9bfff2f6d58882bbcfad75aa2b9d24ea9b1145c0 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 30 Aug 2023 22:09:35 +0000 Subject: [PATCH 260/330] Update azurehound.vm to v2.0.5 --- packages/azurehound.vm/azurehound.vm.nuspec | 2 +- packages/azurehound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 716b2904b..7e374065b 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.0.4.20230713 + 2.0.5 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index 71e99c3c5..b5e366753 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' $category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.4/azurehound-windows-amd64.zip' -$zipSha256 = 'd1748d7bac190f14dc4a95cb872870ee0ebf57e6bdc000bb011fb4d92b0f500d' +$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.5/azurehound-windows-amd64.zip' +$zipSha256 = 'f091faa36ca44141699bb94b8a2096208d354beb3ef91806b659ed94c2022466' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From 7b83a97d8d0e1f6ada3bbcf1a6391a83fc6a16e1 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 31 Aug 2023 00:37:31 +0000 Subject: [PATCH 261/330] Update tor-browser.vm to 12.5.3 --- packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec index d21a7b71a..e3f5bfa10 100644 --- a/packages/tor-browser.vm/tor-browser.vm.nuspec +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -2,12 +2,12 @@ tor-browser.vm - 12.5.2 + 12.5.3 Tor Project The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. - + From e1adbafc7aabd751c371f40eee4bac9117bb978f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 31 Aug 2023 00:38:32 +0000 Subject: [PATCH 262/330] Update wireshark.vm to 4.0.8 --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index 6d8ad28a7..009c3fc46 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.7 + 4.0.8 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From 0c609a87014648d01bb439d9568972e4f866ff36 Mon Sep 17 00:00:00 2001 From: Tyler the Pug <50224819+tylerwhardy@users.noreply.github.com> Date: Tue, 5 Sep 2023 01:46:07 -0400 Subject: [PATCH 263/330] Update vbdec.vm to 1.0.917 Update vbdec.vm to 1.0.917 to fix broken download. It was needed to delete the old package from myget as the version was higher than in the newer version. We had used the date instead of the tool version. --- packages/vbdec.vm/tools/chocolateyinstall.ps1 | 4 ++-- packages/vbdec.vm/vbdec.vm.nuspec | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/vbdec.vm/tools/chocolateyinstall.ps1 b/packages/vbdec.vm/tools/chocolateyinstall.ps1 index a7a0dd1fe..9af368ce7 100644 --- a/packages/vbdec.vm/tools/chocolateyinstall.ps1 +++ b/packages/vbdec.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'vbdec' $category = 'VB' - $exeUrl = 'https://github.com/dzzie/pdfstreamdumper/releases/download/vbdec_12.7.22/VBDEC_Setup_SnapShot_12.8.22.exe' - $exeSha256 = 'baed0da101d1c5d5a326d5c6d004c811c9d23cb76638f79eaffa9150db7e8535' + $exeUrl = 'http://sandsprite.com/flare_vm/VBDEC_Setup_983E127DB204A3E50723E4A30D80EF8C.exe' + $exeSha256 = 'E6FA33F1D8C51214B1B6E49665F1EDBCBF05399D57CC2A04CED0A74A194ADA63' $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName $executablePath = (Join-Path $toolDir "vbdec.exe") diff --git a/packages/vbdec.vm/vbdec.vm.nuspec b/packages/vbdec.vm/vbdec.vm.nuspec index 1c1b9b757..020533169 100644 --- a/packages/vbdec.vm/vbdec.vm.nuspec +++ b/packages/vbdec.vm/vbdec.vm.nuspec @@ -2,9 +2,9 @@ vbdec.vm - 12.7.22 + 1.0.917 vbGamer45, David Zimmer - VBDec is a VB6 disassembler and PCode debugger + VBDec works as a VB6 disassembler, PCode debugger, structure viewer for all vb6 executables, and can generate IDA scripts to integrate structures and named function offsets. From 595ebcc04752ee680031f328bbda59594b7c266c Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 5 Sep 2023 08:36:26 +0200 Subject: [PATCH 264/330] Bring stringsifter back Use upstream version as a new version has been released that also includes the fixes in the patched version. Increase the pip version to the latest one. --- packages/libraries.python3.vm/libraries.python3.vm.nuspec | 2 +- packages/libraries.python3.vm/tools/chocolateyinstall.ps1 | 5 ++--- packages/libraries.python3.vm/tools/modules.xml | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index 6adb8f198..339be7fc1 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,7 +2,7 @@ libraries.python3.vm - 0.0.0.20230825 + 0.0.0.20230906 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index a5e35f4d5..fe3d230be 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -9,9 +9,8 @@ try { # Create output file to log python module installation details $outputFile = VM-New-Install-Log $toolDir - # Fix pip version, stringsifter doesn't install with pip 23: - # https://github.com/mandiant/stringsifter/issues/29 - Invoke-Expression "py -3.9 -m pip install pip==20.1 >> $outputFile" + # Fix pip version + Invoke-Expression "py -3.9 -m pip install pip~=23.2.1 >> $outputFile" $failures = @() $modules = $modulesXml.modules.module diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 9c17da2df..5f99c9c8b 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -22,8 +22,7 @@ - - + From f7f90eb0bd745c7ced846f9ddd2846f9de6d6e98 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 7 Sep 2023 10:43:02 +0000 Subject: [PATCH 265/330] Add cryptotester.vm Closes https://github.com/mandiant/VM-Packages/issues/598. --- packages/cryptotester.vm/cryptotester.vm.nuspec | 12 ++++++++++++ packages/cryptotester.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ .../cryptotester.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/cryptotester.vm/cryptotester.vm.nuspec create mode 100644 packages/cryptotester.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/cryptotester.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/cryptotester.vm/cryptotester.vm.nuspec b/packages/cryptotester.vm/cryptotester.vm.nuspec new file mode 100644 index 000000000..700abd873 --- /dev/null +++ b/packages/cryptotester.vm/cryptotester.vm.nuspec @@ -0,0 +1,12 @@ + + + + cryptotester.vm + 1.7.0.20230907 + Michael Gillespie (@demonslay335) + Utility tool for performing cryptanalysis with a focus on ransomware cryptography + + + + + diff --git a/packages/cryptotester.vm/tools/chocolateyinstall.ps1 b/packages/cryptotester.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..3accb0920 --- /dev/null +++ b/packages/cryptotester.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CryptoTester' +$category = 'Utilities' + +$zipUrl = 'https://github.com/Demonslay335/CryptoTester/releases/download/v1.7.0.0/CryptoTester.zip' +$zipSha256 = 'f1f6fe584fe697e3ec414854600781ae1906e7d28d9f370662a144821694539c' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false diff --git a/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 b/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..08b71ba66 --- /dev/null +++ b/packages/cryptotester.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'CryptoTester' +$category = 'Utilities' + +VM-Uninstall $toolName $category From 194c0a977650addc3b63a1667cea55b036ea9323 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 13 Sep 2023 22:14:24 +0000 Subject: [PATCH 266/330] Update cygwin.vm to 3.4.9 --- packages/cygwin.vm/cygwin.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cygwin.vm/cygwin.vm.nuspec b/packages/cygwin.vm/cygwin.vm.nuspec index 1088549e8..02eaee9e4 100644 --- a/packages/cygwin.vm/cygwin.vm.nuspec +++ b/packages/cygwin.vm/cygwin.vm.nuspec @@ -2,12 +2,12 @@ cygwin.vm - 3.4.8 + 3.4.9 Wrapper for cygwin and useful cygwin packages Red Hat Inc. - + From 4f351ab247d46a224aced86ae8957cf809407cf3 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 13 Sep 2023 22:14:59 +0000 Subject: [PATCH 267/330] Update dnspyex.vm to v6.4.1 --- packages/dnspyex.vm/dnspyex.vm.nuspec | 2 +- packages/dnspyex.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec index 859e16e1a..d78717951 100644 --- a/packages/dnspyex.vm/dnspyex.vm.nuspec +++ b/packages/dnspyex.vm/dnspyex.vm.nuspec @@ -2,7 +2,7 @@ dnspyex.vm - 6.4.0 + 6.4.1 0xd4d, ElektroKill dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 index 369ab3b07..6deba42f8 100644 --- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 +++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'dnSpy' $category = 'dotNet' - $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.0/dnSpy-netframework.zip" - $zipSha256 = "103233b20688839046221bd1d0bd145c820e6a145e39a2c6c63a1ca360f230b8" + $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.1/dnSpy-netframework.zip" + $zipSha256 = "d3d8aefb7c5c4ef15d077c13f88c13b0f1403fb71e73610dc68975a62e4230cb" $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0] $toolNameX86 = "$toolName-x86" From f1a7acc5f7a33aed729c0316aad39176b8d36c6f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 13 Sep 2023 22:17:06 +0000 Subject: [PATCH 268/330] Update ghidra.vm to 10.3.3 --- packages/ghidra.vm/ghidra.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index e8ed7e691..cb807ec36 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,12 +2,12 @@ ghidra.vm - 10.3.2.20230802 + 10.3.3 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - + From 3c4172a92e2789595f7de7e903766fa647b4578e Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 13 Sep 2023 22:17:44 +0000 Subject: [PATCH 269/330] Update ida.diaphora.vm to 3.1 --- packages/ida.diaphora.vm/ida.diaphora.vm.nuspec | 2 +- packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec index ef34c94d7..2c741b6f2 100644 --- a/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec +++ b/packages/ida.diaphora.vm/ida.diaphora.vm.nuspec @@ -2,7 +2,7 @@ ida.diaphora.vm - 3.0 + 3.1 joxeankoret Diaphora is a program diffing tool that works as an IDA plugin. diff --git a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 index 35e29c667..6b391a5dd 100644 --- a/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 +++ b/packages/ida.diaphora.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ $toolName = 'diaphora' $category = 'Utilities' $executableName = "diaphora.py" -$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/3.0.zip' -$zipSha256 = '3d4a1bcaea155fbadecc823d59004580aae04edc0e98a96860df550bd4c08a40' +$zipUrl = 'https://github.com/joxeankoret/diaphora/archive/refs/tags/3.1.zip' +$zipSha256 = '5802ebca119d2af4bb99434ce575dc4299396e95c7c6b01895d4a34c8d9d559d' # Diaphora needs to be executed from IDA, do not install bin file VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -executableName $executableName -innerFolder $true -withoutBinFile From c3fefc9a554c505bea2b90ecbea4c72754bc5517 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 13 Sep 2023 23:52:27 +0000 Subject: [PATCH 270/330] Update notepadplusplus.vm to 8.5.7 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index 9ca8e9b29..94bce3643 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.6 + 8.5.7 Wrapper for Notepad++ Don Ho - + From 8134385d7d6c53ae209c941fe68a09c096a9dbd5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 14 Sep 2023 00:46:28 +0000 Subject: [PATCH 271/330] Update vcbuildtools.vm to 0.0.0.20230914 --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 1a73e221d..146a08bda 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20230621 + 0.0.0.20230914 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From ad24e213e74fee40beea156b316bc20205f76087 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 20 Sep 2023 22:10:01 +0000 Subject: [PATCH 272/330] Update azurehound.vm to v2.1.0 --- packages/azurehound.vm/azurehound.vm.nuspec | 2 +- packages/azurehound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 7e374065b..582b7db71 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.0.5 + 2.1.0 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index b5e366753..75ba7f671 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' $category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.0.5/azurehound-windows-amd64.zip' -$zipSha256 = 'f091faa36ca44141699bb94b8a2096208d354beb3ef91806b659ed94c2022466' +$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.1.0/azurehound-windows-amd64.zip' +$zipSha256 = '12d89b6ae1865fdce3094899d9aae854c985d125e04f414d3a8cd2b083c34424' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From 385e5e2860dd86aa9e8273fca9c60ee0d42afc96 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 20 Sep 2023 22:10:50 +0000 Subject: [PATCH 273/330] Update cutter.vm to v2.3.2 --- packages/cutter.vm/cutter.vm.nuspec | 2 +- packages/cutter.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/cutter.vm/cutter.vm.nuspec b/packages/cutter.vm/cutter.vm.nuspec index 416a4bebf..73bd5b7b2 100644 --- a/packages/cutter.vm/cutter.vm.nuspec +++ b/packages/cutter.vm/cutter.vm.nuspec @@ -2,7 +2,7 @@ cutter.vm - 2.3.1 + 2.3.2 Rizin Cutter is a FOSS dissassembler/decompiler diff --git a/packages/cutter.vm/tools/chocolateyinstall.ps1 b/packages/cutter.vm/tools/chocolateyinstall.ps1 index cbc1624f6..e0c635556 100644 --- a/packages/cutter.vm/tools/chocolateyinstall.ps1 +++ b/packages/cutter.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Cutter' $category = 'Disassemblers' -$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.1/Cutter-v2.3.1-Windows-x86_64.zip' -$zipSha256 = '52939105aff4f5b5ce82e17ddcd62e9cfb3c14684c1cbf98e6f485af1e47b074' +$zipUrl = 'https://github.com/rizinorg/cutter/releases/download/v2.3.2/Cutter-v2.3.2-Windows-x86_64.zip' +$zipSha256 = 'e53a137809a610f939ce13744640f0da67369e87fdb1b2545be3e417c7781c8e' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From b4c0257f0c88400762ff3e0d87d83b170f8a4f94 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 20 Sep 2023 22:11:23 +0000 Subject: [PATCH 274/330] Update exiftool.vm to 12.67.0 --- packages/exiftool.vm/exiftool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 5b6ef0e8c..4909f4ca9 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.65.0 + 12.67.0 Phil Harvey A tool for reeding and writing file metadata - + From d80dcbabf9a5e6b1cd47aa378c5b574b22fa9f11 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 20 Sep 2023 22:12:52 +0000 Subject: [PATCH 275/330] Update ghidra.vm to 10.3.3.20230920 --- packages/ghidra.vm/ghidra.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec index cb807ec36..b4a3a5c8d 100644 --- a/packages/ghidra.vm/ghidra.vm.nuspec +++ b/packages/ghidra.vm/ghidra.vm.nuspec @@ -2,13 +2,13 @@ ghidra.vm - 10.3.3 + 10.3.3.20230920 National Security Agency A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. - + From 6fa1947cfdd5d71064b96953272f25a431095ae5 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 20 Sep 2023 22:14:10 +0000 Subject: [PATCH 276/330] Update ilspy.vm to 8.1.1 --- packages/ilspy.vm/ilspy.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/ilspy.vm/ilspy.vm.nuspec b/packages/ilspy.vm/ilspy.vm.nuspec index 34193845f..3ed7936b7 100644 --- a/packages/ilspy.vm/ilspy.vm.nuspec +++ b/packages/ilspy.vm/ilspy.vm.nuspec @@ -2,12 +2,12 @@ ilspy.vm - 8.1.0 + 8.1.1 SharpDevelop Team The open-source .NET assembly browser and decompiler. - + From 367ae609c5c6cd8c49679ba78e5184a9771e2be2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 21 Sep 2023 00:38:01 +0000 Subject: [PATCH 277/330] Update pestudio.vm to 9.55 --- packages/pestudio.vm/pestudio.vm.nuspec | 2 +- packages/pestudio.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec index 799bc3316..15ece23bd 100644 --- a/packages/pestudio.vm/pestudio.vm.nuspec +++ b/packages/pestudio.vm/pestudio.vm.nuspec @@ -2,7 +2,7 @@ pestudio.vm - 9.54 + 9.55 Marc Ochsenmeier The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1 index 3d583954f..06322bacc 100644 --- a/packages/pestudio.vm/tools/chocolateyinstall.ps1 +++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'pestudio' $category = 'PE' -$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.54.zip' -$zipSha256 = 'b9d4f4881ae8f54170fe97e35340aa651350f226da4ee2f0bf87ce9b5ac41ea4' +$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.55.zip' +$zipSha256 = '16c80b5afdeafec3120c9bcf93014dc08291d0840069a926f2728e1881674ca1' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From c68c9d0a2360025cce6daf3e8c3bf36cb5ab1ec2 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 21 Sep 2023 00:38:41 +0000 Subject: [PATCH 278/330] Update snaffler.vm to 1.0.135 --- packages/snaffler.vm/snaffler.vm.nuspec | 2 +- packages/snaffler.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/snaffler.vm/snaffler.vm.nuspec b/packages/snaffler.vm/snaffler.vm.nuspec index 8c9573386..51149c7de 100644 --- a/packages/snaffler.vm/snaffler.vm.nuspec +++ b/packages/snaffler.vm/snaffler.vm.nuspec @@ -2,7 +2,7 @@ snaffler.vm - 1.0.132 + 1.0.135 l0ss, Sh3r4 Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. diff --git a/packages/snaffler.vm/tools/chocolateyinstall.ps1 b/packages/snaffler.vm/tools/chocolateyinstall.ps1 index ba073e570..589c361e1 100644 --- a/packages/snaffler.vm/tools/chocolateyinstall.ps1 +++ b/packages/snaffler.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'Snaffler' $category = 'Reconnaissance' -$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.132/Snaffler.exe' -$exeSha256 = '436108e86eced22b3384bc129b7a16a5f50821b98aa146847e94f595d130b235' +$exeUrl = 'https://github.com/SnaffCon/Snaffler/releases/download/1.0.135/Snaffler.exe' +$exeSha256 = 'c3777df8af97479419aaff9bbb113ddeb1aef7515a91fc683f8c62133466a137' VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true From d79ce59f668247915c1a7e0669c04f4bc338c464 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 21 Sep 2023 00:39:26 +0000 Subject: [PATCH 279/330] Update tor-browser.vm to 12.5.4 --- packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec index e3f5bfa10..293944ba4 100644 --- a/packages/tor-browser.vm/tor-browser.vm.nuspec +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -2,12 +2,12 @@ tor-browser.vm - 12.5.3 + 12.5.4 Tor Project The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. - + From 25cdade73fc66d7a1a1bc93d4b9e40526779adcd Mon Sep 17 00:00:00 2001 From: day1player <37482972+day1player@users.noreply.github.com> Date: Wed, 27 Sep 2023 01:15:23 -0600 Subject: [PATCH 280/330] Installer updates (#656) Create `debloater.vm and `installer.vm` packages adding several helper functions to `common.vm`. --- packages/common.vm/README.md | 7 +- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/chocolateyinstall.ps1 | 27 +- .../common.vm/tools/chocolateyuninstall.ps1 | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 389 +++++++++++++++++- packages/debloat.vm/debloat.vm.nuspec | 12 + .../debloat.vm/tools/chocolateyinstall.ps1 | 26 ++ packages/debloat.vm/tools/win10.xml | 182 ++++++++ packages/debloat.vm/tools/win11.xml | 57 +++ packages/debloat.vm/tools/win11arm.xml | 57 +++ packages/installer.vm/installer.vm.nuspec | 13 + .../installer.vm/tools/chocolateyinstall.ps1 | 209 ++++++++++ scripts/test/lint.py | 4 +- scripts/test/test_install.ps1 | 2 +- 14 files changed, 952 insertions(+), 37 deletions(-) create mode 100644 packages/debloat.vm/debloat.vm.nuspec create mode 100644 packages/debloat.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/debloat.vm/tools/win10.xml create mode 100644 packages/debloat.vm/tools/win11.xml create mode 100644 packages/debloat.vm/tools/win11arm.xml create mode 100644 packages/installer.vm/installer.vm.nuspec create mode 100644 packages/installer.vm/tools/chocolateyinstall.ps1 diff --git a/packages/common.vm/README.md b/packages/common.vm/README.md index f674056bd..98de30c3e 100755 --- a/packages/common.vm/README.md +++ b/packages/common.vm/README.md @@ -15,14 +15,9 @@ The environment variables below are configurable by the user: - VM common directory containing anything related to VM-packages (e.g., shared module, log file, saved config file, etc...) - `TOOL_LIST_DIR` - Default Path: - - *`%PROGRAMDATA%`*`\Microsoft\Windows\Start Menu\Programs\Tools` + - *`%USERPROFILE%`*`\Desktop\Tools` - Use: - Path to a directory containing tool shortcuts -- `TOOL_LIST_SHORTCUT` - - Default Path: - - *`%USERPROFILE%`*`\Desktop\Tools.lnk` - - Use: - - Path to a shortcut file (`.lnk`) that points to *`%TOOL_LIST_DIR%`* - `RAW_TOOLS_DIR` - Default Path: - *`%SYSTEMDRIVE%`*`\Tools` diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index c25690562..16a91bf55 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230714 + 0.0.0.20230904 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/chocolateyinstall.ps1 b/packages/common.vm/tools/chocolateyinstall.ps1 index 6d4d62446..996778df6 100755 --- a/packages/common.vm/tools/chocolateyinstall.ps1 +++ b/packages/common.vm/tools/chocolateyinstall.ps1 @@ -89,7 +89,7 @@ Write-Host -ForegroundColor Green "[+] PSModulePath set to:" $prevPath $envVarName = "TOOL_LIST_DIR" $toolListDir = [Environment]::GetEnvironmentVariable($envVarName, 2) if (-Not (Test-Path env:\$envVarName) -Or ($toolListDir -eq $null)) { - $toolListDir = Join-Path ${Env:ProgramData} "Microsoft\Windows\Start Menu\Programs\Tools" + $toolListDir = Join-Path ${Env:USERPROFILE} "Desktop\Tools" if (-Not (Test-Path $toolListDir) ) { New-Item -Path $toolListDir -ItemType directory -Force | Out-Null } @@ -106,31 +106,6 @@ if (-Not (Test-Path $toolListDir)) { Write-Host -ForegroundColor Green "[+] Created folder:" $toolListDir } - -# ################################################################################################ # -# Setup the default tool list directory shortcut and env var if it doesn't exist -# ################################################################################################ # -$envVarName = "TOOL_LIST_SHORTCUT" -$toolListDirShortcut = [Environment]::GetEnvironmentVariable($envVarName, 2) -if ((-Not (Test-Path env:\$envVarName)) -Or ($toolListDirShortcut -eq $null)) { - $toolListDirShortcut = Join-Path ${Env:UserProfile} "Desktop\Tools.lnk" - if (-Not (Test-Path $toolListDirShortcut)) { - Install-ChocolateyShortcut -ShortcutFilePath $toolListDirShortcut -TargetPath $toolListDir - } - - Install-ChocolateyEnvironmentVariable -VariableName $envVarName -VariableValue $toolListDirShortcut -VariableType 'Machine' - Set-Item "Env:$envVarName" $toolListDirShortcut -Force -} -Write-Host -ForegroundColor Green "[+] TOOL_LIST_SHORTCUT set to:" $toolListDirShortcut - -# If the user set the env var but the .lnk file doesn't exist, create it with Choco -$toolListDirShortcut = [Environment]::ExpandEnvironmentVariables("%$envVarName%") -if (-Not (Test-Path $toolListDirShortcut)) { - Install-ChocolateyShortcut -ShortcutFilePath $toolListDirShortcut -TargetPath $toolListDir - Write-Host -ForegroundColor Green "[+] Created shortcut:" $toolListDirShortcut -} - - # ################################################################################################ # # Set up the default raw tools directory and env var if it doesn't exist # ################################################################################################ # diff --git a/packages/common.vm/tools/chocolateyuninstall.ps1 b/packages/common.vm/tools/chocolateyuninstall.ps1 index ec68c4db4..dd63c45d9 100755 --- a/packages/common.vm/tools/chocolateyuninstall.ps1 +++ b/packages/common.vm/tools/chocolateyuninstall.ps1 @@ -17,7 +17,7 @@ Set-Item "Env:$envVarName" $prevPath -Force # Remove the env vars and what they point to # NOTE: Purposefully NOT recursively deleting RAW_TOOLS_DIR as the user may have other items there -$envVarNames = @("VM_CONFIG", "TOOL_LIST_DIR", "TOOL_LIST_SHORTCUT", "VM_COMMON_DIR") +$envVarNames = @("VM_CONFIG", "TOOL_LIST_DIR", "VM_COMMON_DIR") foreach ($envVarName in $envVarNames) { if (Test-Path env:\$envVarName) { $envVarValue = [Environment]::GetEnvironmentVariable($envVarName, 'Machine') diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 33ef32c5c..eced15120 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -879,10 +879,397 @@ SignatureStatus: $([SignatureStatus]([UInt32]$avInfo.productState -band [Product $envVars = @" VM_COMMON_DIR: ${Env:VM_COMMON_DIR} TOOL_LIST_DIR: ${Env:TOOL_LIST_DIR} -TOOL_LIST_SHORTCUT: ${Env:TOOL_LIST_SHORTCUT} RAW_TOOLS_DIR: ${Env:RAW_TOOLS_DIR} "@ VM-Write-Log "INFO" "$($survey -f $osInfo, $memInfo, $diskInfo, $avInfoFormatted, $psInfo, $psInfoClr, $chocoInfo, $boxstarerInfo, $installedPackages, $envVars)" } +function VM-Remove-Appx-Package { +# Function for removing Apps + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$appName + ) + + try { + # Check if the app is installed + $installedPackage = Get-AppxPackage -Name $appName + VM-Write-Log "INFO" "Removing $appName package" + if ($installedPackage) { + try { + $packageFullName = $installedPackage.PackageFullName + Remove-AppxPackage -Package $packageFullName -ErrorAction SilentlyContinue + VM-Write-Log "INFO" "$packageFullName removed" + } + catch { + VM-Write-Log-Exception $_ + } + } else { + VM-Write-Log "WARN" "[+] Installed $appName not found on the system." + } + # Check if the app is provisioned + $provisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $appName } -ErrorAction SilentlyContinue + if ($provisionedPackage) { + try { + Remove-AppxProvisionedPackage -PackageName $provisionedPackage.PackageName -Online -ErrorAction SilentlyContinue + VM-Write-Log "INFO" $("Provisioned package " + $provisionedPackage.PackageName + " removed") + } + catch { + VM-Write-Log-Exception $_ + } + } else { + VM-Write-Log "WARN" "[+] Provisioned $appName not found on the system." + } + } catch { + VM-Write-Log "ERROR" "An error occurred while removing the $appName package. Error: $_" + } +} + +function VM-Set-Service-Manual-Start { +# Function for setting Services to manual startup + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$serviceName + ) + + try { + $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue + + if ($service) { + Set-Service -Name $service.Name -StartupType Manual + VM-Write-Log "INFO" "[+] Service $serviceName has been disabled." + } else { + VM-Write-Log "WARN" "[+] Service $serviceName not found." + } + } catch { + VM-Write-Log "ERROR" "An error occurred while setting the service startup type. Error: $_" + } +} + +function VM-Disable-Scheduled-Task { +# Function for disabling scheduled tasks + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$value + ) + + try { + $output = Disable-ScheduledTask -TaskName $value -ErrorAction SilentlyContinue + if ($output){ + VM-Write-Log "INFO" "[+] Scheduled task '$name' has been disabled." + } else { + VM-Write-Log "ERROR" "[+] Scheduled task '$name' not found." + } + + } catch { + VM-Write-Log "ERROR" "An error occurred while disabling the '$name' scheduled task. Error: $_" + } +} + +function VM-Update-Registry-Value { +# Function for setting Registry items + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $path, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $value, + + [Parameter(Mandatory=$true)] + [ValidateSet("String", "ExpandString", "Binary", "DWord", "QWord", "MultiString", "Unknown")] + [string] $type, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $data + ) + + try { + # Validate the value based on the type parameter + if ($type -eq "DWord" -or $type -eq "QWord") { + $validatedData = [int64]::Parse($data) + } elseif ($type -eq "Binary") { + $validatedData = [byte[]]::new(($data -split '(.{2})' | Where-Object { $_ -match '..' } | ForEach-Object { [convert]::ToByte($_, 16) })) + } else { + $validatedData = $data + } + + # check if path exists. If not, create the path for the registry value + if (!(Test-Path -Path $path)) { + # Create the registry key + New-Item -Path $path -Force | Out-Null + VM-Write-Log "INFO" "`t[+] Registry key created: $path" + } else { + VM-Write-Log "WARN" "`t[+] Registry key already exists: $path" + } + + Set-ItemProperty -Path $path -Name $value -Value $validatedData -Type $type -Force | Out-Null + VM-Write-Log "INFO" "[+] $name has been successful" + } catch { + VM-Write-Log "ERROR" "Failed to update the registry value. Error: $_" + } +} + +function VM-Remove-Path { +# Function for removing Paths/Programs + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateSet("file", "dir")] + [string]$type, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$path + ) + + try { + if ($type -eq "file") { + if (Test-Path -Path $path -PathType Leaf) { + Remove-Item -Path $path -Force + VM-Write-Log "INFO" "[+] $name has been successfully removed." + } else { + VM-Write-Log "WARN" "[+] $path does not exist." + } + } elseif ($type -eq "dir") { + if (Test-Path -Path $path -PathType Container) { + Remove-Item -Path $path -Recurse -Force + VM-Write-Log "INFO" "[+] $name has been successfully removed." + } else { + VM-Write-Log "WARN" "[+] $path does not exist." + } + } + } catch { + VM-Write-Log "ERROR" "An error occurred while removing the $type $path. Error: $_" + } +} + +function VM-Execute-Custom-Command{ +# Function for removing items in need of custom code. + param( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string]$name, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string[]]$cmds + ) + + try { + VM-Write-Log "INFO" "Executing commands for '$name':" + foreach ($cmd in $cmds) { + Start-Process powershell -ArgumentList "-WindowStyle","Hidden","-Command",$cmd -Wait + } + VM-Write-Log "INFO" "[+] All commands for '$name' have been executed successfully." + } catch { + VM-Write-Log "ERROR" "An error occurred while executing commands for '$name'. Error: $_" + } +} + +function VM-Configure-Prompts { + # $Env:VMname must be set in the install script + try { + # Set PowerShell prompt + $psprompt = @" + function prompt { + Write-Host (`$Env:VMname + " " + `$(Get-Date)) -ForegroundColor Green + Write-Host ("PS " + `$(Get-Location) + " >") -NoNewLine -ForegroundColor White + return " " + } +"@ + + # Ensure profile file exists and append new content to it, not overwriting old content + if (!(Test-Path $profile)) { + New-Item -ItemType File -Path $profile -Force | Out-Null + } + Add-Content -Path $profile -Value $psprompt + + # Set cmd prompt + ## Configure the command + $VMname = $Env:VMname -replace ' ', '' # setx command cannot have spaces + $command = "cmd /c 'setx PROMPT $VMname`$S`$d`$s`$t`$_`$p$+`$g'" + ## Convert to base64 + $base64 = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($command)) + ## Run command + Invoke-Expression ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($base64))) | Out-Null + + VM-Write-Log "INFO" "Timestamps added to cmd prompt and PowerShell" + } catch { + VM-Write-Log-Exception $_ + } + +} + +function VM-Configure-PS-Logging { + if ($PSVersionTable -And $PSVersionTable.PSVersion.Major -ge 5) { + try { + VM-Write-Log "INFO" "Enabling PowerShell Script Block Logging" + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\Transcription' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + New-ItemProperty -Path $psLoggingPath -Name "EnableInvocationHeader" -Value 1 -PropertyType DWORD -Force | Out-Null + New-ItemProperty -Path $psLoggingPath -Name "EnableTranscripting" -Value 1 -PropertyType DWORD -Force | Out-Null + New-ItemProperty -Path $psLoggingPath -Name "OutputDirectory" -Value (Join-Path ${Env:UserProfile} "Desktop\PS_Transcripts") -PropertyType String -Force | Out-Null + + $psLoggingPath = 'HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' + if (-Not (Test-Path $psLoggingPath)) { + New-Item -Path $psLoggingPath -Force | Out-Null + } + New-ItemProperty -Path $psLoggingPath -Name "EnableScriptBlockLogging" -Value 1 -PropertyType DWORD -Force | Out-Null + VM-Write-Log "INFO" "PowerShell transcripts will be saved to the desktop." + } catch { + VM-Write-Log-Exception $_ + } + } +} + +# Main function for debloater and configuration changes +# Expects an XML file +function VM-Apply-Configurations { + param( + [Parameter(Position = 0)] + [string]$configFile + ) + + try { + # Load and parse the XML config file + VM-Assert-Path $configFile + $config = [xml](Get-Content $configFile) + + # Process the apps + if ($config.config.apps.app) { + $config.config.apps.app | ForEach-Object { + $appName = $_.name + VM-Remove-Appx-Package -appName $appName + } + } + + # Process the services + if ($config.config.services.service) { + $config.config.services.service | ForEach-Object { + $serviceName = $_.name + VM-Set-Service-Manual-Start -serviceName $serviceName + } + } + + # Process the tasks + if ($config.config.tasks.task) { + $config.config.tasks.task | ForEach-Object { + $descName = $_.name + $taskName = $_.value + VM-Disable-Scheduled-Task -name $descName -value $taskName + } + } + + # Process the registry items + if ($config.config."registry-items"."registry-item") { + $config.config."registry-items"."registry-item" | ForEach-Object { + $name = $_.name + $path = $_.path + $value = $_.value + $type = $_.type + $data = $_.data + VM-Update-Registry-Value -name $name -path $path -value $value -type $type -data $data + } + } + + # Process the path items + if ($config.config."path-items"."path-item") { + $config.config."path-items"."path-item" | ForEach-Object { + $name = $_.name + $type = $_.type + $path = $_.path + VM-Remove-Path -name $name -type $type -path $path + } + } + + # Process the custom items + if ($config.config."custom-items"."custom-item") { + $config.config."custom-items"."custom-item" | ForEach-Object { + $name = $_.name + $cmds = @($_.cmd | ForEach-Object { $_.value }) + VM-Execute-Custom-Command -name $name -cmds $cmds + } + } + } catch { + VM-Write-Log "ERROR" "An error occurred while applying config. Error: $_" + } +} + +# This function returns a string of "Win10", "Win11", or "Win11ARM" +function VM-Get-WindowsVersion { + $osInfo = Get-ComputerInfo + + # Extract the version number and other details + $version = $osInfo.OsName + $osArchitecture = $osInfo.OSArchitecture + + if ($version -match "10") { + return "Win10" + } + elseif ($version -match "11" -and $osArchitecture -eq "64-bit") { + return "Win11" + } + elseif ($version -match "11" -and $osArchitecture -match "ARM") { + return "Win11ARM" + } + else { + return "Unknown" + } +} + +function VM-Get-InstalledPackages { + if (Get-Command choco -ErrorAction:SilentlyContinue) { + powershell.exe "choco list -r" | ForEach-Object { + $Name, $Version = $_ -split '\|' + New-Object -TypeName psobject -Property @{ + 'Name' = $Name + 'Version' = $Version + } + } + } +} + +function VM-Refresh-Desktop { + try { + Add-Type -TypeDefinition @" +using System; +using System.Runtime.InteropServices; + +public class Shell { + [DllImport("Shell32.dll")] + public static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2); +} +"@ + $SHCNE_ASSOCCHANGED = 0x08000000 + $SHCNF_IDLIST = 0 + [void][Shell]::SHChangeNotify($SHCNE_ASSOCCHANGED, $SHCNF_IDLIST, [IntPtr]::Zero, [IntPtr]::Zero) + } catch { + VM-Write-Log-Exception $_ + } +} \ No newline at end of file diff --git a/packages/debloat.vm/debloat.vm.nuspec b/packages/debloat.vm/debloat.vm.nuspec new file mode 100644 index 000000000..9bb56794d --- /dev/null +++ b/packages/debloat.vm/debloat.vm.nuspec @@ -0,0 +1,12 @@ + + + + debloat.vm + 0.0.0.20230904 + Debloat and performance configurations for Windows OS + Mandiant + + + + + diff --git a/packages/debloat.vm/tools/chocolateyinstall.ps1 b/packages/debloat.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..8d2419b1d --- /dev/null +++ b/packages/debloat.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,26 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$packageToolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" + +try { + # Determine OS Version + $osVersion = VM-Get-WindowsVersion + + switch ($osVersion) { + "Win10" { $config = Join-Path $packageToolsDir "win10.xml" } + "Win11" { $config = Join-Path $packageToolsDir "win11.xml" } + "Win11ARM" { $config = Join-Path $packageToolsDir "win11arm.xml"} + default { + VM-Write-Log "WARN" "Debloater unable to determine debloat config, applying win10.xml" + $config = Join-Path $packageToolsDir "win10.xml" + } + } + + VM-Apply-Configurations $config + VM-Write-Log "INFO" "Debloating and performance modifications for $osVersion done" + +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/debloat.vm/tools/win10.xml b/packages/debloat.vm/tools/win10.xml new file mode 100644 index 000000000..5eba06e19 --- /dev/null +++ b/packages/debloat.vm/tools/win10.xml @@ -0,0 +1,182 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/debloat.vm/tools/win11.xml b/packages/debloat.vm/tools/win11.xml new file mode 100644 index 000000000..1f052867b --- /dev/null +++ b/packages/debloat.vm/tools/win11.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/debloat.vm/tools/win11arm.xml b/packages/debloat.vm/tools/win11arm.xml new file mode 100644 index 000000000..1f052867b --- /dev/null +++ b/packages/debloat.vm/tools/win11arm.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec new file mode 100644 index 000000000..28dc1f69d --- /dev/null +++ b/packages/installer.vm/installer.vm.nuspec @@ -0,0 +1,13 @@ + + + + installer.vm + 0.0.0.20230904 + Mandiant + Generic installer for custom virtual machines. + + + + + + diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..7ec778d85 --- /dev/null +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,209 @@ +$ErrorActionPreference = 'Continue' +$global:VerbosePreference = "SilentlyContinue" +Import-Module vm.common -Force -DisableNameChecking + +try { + # Gather packages to install + $installedPackages = (VM-Get-InstalledPackages).Name + $configPath = Join-Path ${Env:VM_COMMON_DIR} "packages.xml" -Resolve + $configXml = [xml](Get-Content $configPath) + $packagesToInstall = $configXml.config.packages.package.name | Where-Object { $installedPackages -notcontains $_ } + + # List packages to install + Write-Host "[+] Packages to install:" + foreach ($package in $packagesToInstall) { + Write-Host "`t[+] $package" + } + Start-Sleep 1 + + # Install the packages + try { + foreach ($package in $packagesToInstall) { + VM-Write-Log "INFO" "Installing: $package" + choco install "$package" -y + VM-Write-Log "INFO" "$package has been installed" + } + } catch { + VM-Write-Log-Exception $_ + } + VM-Write-Log "INFO" "[+] All packages complete" + + # Set Profile/Version specific configurations + VM-Write-Log "INFO" "[+] Beginning Windows OS VM profile configuration changes" + $configFile = Join-Path $Env:VM_COMMON_DIR "config.xml" -Resolve + VM-Apply-Configurations $configFile + + # Configure PowerShell and cmd prompts + VM-Configure-Prompts + + # Configure PowerShell Logging + VM-Configure-PS-Logging + + # Configure Desktop\Tools folder with a custom icon + if ($iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" -Resolve) { + $folderPath = $Env:TOOL_LIST_DIR + # Set the icon + if (Test-Path -Path $folderPath -PathType Container) { + # Full path to the desktop.ini file inside the folder + $desktopIniPath = Join-Path -Path $folderPath -ChildPath 'desktop.ini' + + # Check if desktop.ini already exists + if (-Not (Test-Path -Path $desktopIniPath)) { + # Create an empty desktop.ini if it doesn't exist + Set-Content -Path $desktopIniPath -Value '' + } + + # Make the folder "system" to enable custom settings like icon change + Start-Process "attrib" -ArgumentList "+s $folderPath" -Wait + + # Write the needed settings into desktop.ini + Add-Content -Path $desktopIniPath -Value "[.ShellClassInfo]" + Add-Content -Path $desktopIniPath -Value ("IconResource=$iconPath,0") + + # Make the desktop.ini file hidden and system + Start-Process "attrib" -ArgumentList " +h +s $desktopIniPath" -Wait + } + } + # Refresh the desktop + VM-Refresh-Desktop + + # Remove Chocolatey cache + $cache = "${Env:LocalAppData}\ChocoCache" + Remove-Item $cache -Recurse -Force + + # Construct failed packages file path + $failedPackages = Join-Path $Env:VM_COMMON_DIR "failed_packages.txt" + $failures = @{} + + # Check and list failed packages from "lib-bad" + $chocoLibBad = Join-Path ${Env:ProgramData} "chocolatey\lib-bad" + if ((Test-Path $chocoLibBad) -and (Get-ChildItem -Path $chocoLibBad | Measure-Object).Count -gt 0) { + Get-ChildItem -Path $chocoLibBad | Foreach-Object { + $failures[$_.Name] = $true + } + } + + # Cross-compare packages to install versus installed packages to find failed packages + $installedPackages = VM-Get-InstalledPackages + foreach ($package in $packagesToInstall) { + if ($installedPackages.Name -notcontains $package) { + $failures[$package] = $true + } + } + + # Write installed packages to log file + foreach ($package in $installedPackages){ + VM-Write-Log "INFO" "Packages installed: $($package.Name) | $($package.Version)" + } + + # Write each failed package to failure file + foreach ($package in $failures.Keys) { + VM-Write-Log "ERROR" "Failed to install: $package" + Add-Content $failedPackages $package + } + + # Log additional info if we found failed packages + $logPath = Join-Path ${Env:VM_COMMON_DIR} "log.txt" + if ((Test-Path $failedPackages)) { + VM-Write-Log "ERROR" "For each failed package, you may attempt a manual install via: choco install -y " + VM-Write-Log "ERROR" "Failed package list saved to: $failedPackages" + VM-Write-Log "ERROR" "Please check the following logs for additional errors:" + VM-Write-Log "ERROR" "`t$logPath (this file)" + VM-Write-Log "ERROR" "`t%PROGRAMDATA%\chocolatey\logs\chocolatey.log" + VM-Write-Log "ERROR" "`t%LOCALAPPDATA%\Boxstarter\boxstarter.log" + } + + # Display installer log if available + if ((Test-Path $logPath)) { + Write-Host "[-] Please check the following logs for any errors:" -ForegroundColor Yellow + Write-Host "`t[-] $logPath" -ForegroundColor Yellow + Write-Host "`t[-] %PROGRAMDATA%\chocolatey\logs\chocolatey.log" -ForegroundColor Yellow + Write-Host "`t[-] %LOCALAPPDATA%\Boxstarter\boxstarter.log" -ForegroundColor Yellow + } + + # Let users know installation is complete by setting background, playing win sound, and display message box + # Set background + Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value "0 0 0" -Force | Out-Null + $backgroundImage = "${Env:VM_COMMON_DIR}\background.png" + if ((Test-Path $backgroundImage)) { + # Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 + New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value 0 -Force | Out-Null + New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force | Out-Null + Add-Type -TypeDefinition @" +using System; +using System.Runtime.InteropServices; + +public class VMBackground +{ + [DllImport("User32.dll",CharSet=CharSet.Unicode)] + public static extern int SystemParametersInfo (Int32 uAction, Int32 uParam, String lpvParam, Int32 fuWinIni); + [DllImport("User32.dll",CharSet=CharSet.Unicode)] + public static extern bool SetSysColors(int cElements, int[] lpaElements, int[] lpaRgbValues); +} +"@ + [VMBackground]::SystemParametersInfo(20, 0, $backgroundImage, 3) + [VMBackground]::SetSysColors(1, @(1), @(0x000000)) + } + + # Play sound + try { + $playWav = New-Object System.Media.SoundPlayer + $playWav.SoundLocation = 'https://www.winhistory.de/more/winstart/down/owin31.wav' + $playWav.PlaySync() + } catch { + VM-Write-Log-Exception $_ + } + + # Show dialog that install has been complete + Add-Type -AssemblyName System.Windows.Forms + Add-Type -AssemblyName System.Drawing + # Create form + $form = New-Object System.Windows.Forms.Form + $form.Text = "$Env:VMname Installation Complete" + $form.TopMost = $true + $form.StartPosition = [System.Windows.Forms.FormStartPosition]::CenterScreen + if ($iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" -Resolve){ + $form.Icon = New-Object System.Drawing.Icon($iconPath) + } + # Create a FlowLayoutPanel + $flowLayout = New-Object System.Windows.Forms.FlowLayoutPanel + $flowLayout.FlowDirection = [System.Windows.Forms.FlowDirection]::TopDown + $flowLayout.Dock = [System.Windows.Forms.DockStyle]::Fill + $flowLayout.AutoSize = $true + # Create label + $label = New-Object System.Windows.Forms.Label + $label.Text = @" +Install Complete! + +Please review %VM_COMMON_DIR%\log.txt for any errors. + +For any package related issues, please submit to github.com/mandiant/vm-packages + +For any install related issues, please submit to the VM repo + +Thank you! +"@ + $label.AutoSize = $true + $label.Font = New-Object System.Drawing.Font("Microsoft Sans Serif", 10, [System.Drawing.FontStyle]::Regular) + # Create button + $button = New-Object System.Windows.Forms.Button + $button.Text = "Finish" + $button.DialogResult = [System.Windows.Forms.DialogResult]::OK + $button.AutoSize = $true + $button.Font = New-Object System.Drawing.Font("Microsoft Sans Serif", 10, [System.Drawing.FontStyle]::Regular) + $button.Anchor = [System.Windows.Forms.AnchorStyles]::None + # Add controls to the FlowLayoutPanel + $flowLayout.Controls.Add($label) + $flowLayout.Controls.Add($button) + # Add the FlowLayoutPanel to the form + $form.Controls.Add($flowLayout) + # Auto-size form to fit content + $form.AutoSize = $true + $form.AutoSizeMode = [System.Windows.Forms.AutoSizeMode]::GrowAndShrink + # Show dialog + $form.ShowDialog() + +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/scripts/test/lint.py b/scripts/test/lint.py index cdc397bd0..350592622 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -287,7 +287,7 @@ def check(self, path): class FirstLineDoesNotSetErrorAction(Lint): - EXCLUSIONS = ["libraries.python2.vm", "libraries.python3.vm", "flarevm.installer.vm"] + EXCLUSIONS = ["libraries.python2.vm", "libraries.python3.vm", "flarevm.installer.vm", "installer.vm"] FIRST_LINE = "$ErrorActionPreference = 'Stop'" name = "first line must set error handling to stop" recommendation = f"add `{FIRST_LINE}` to the file" @@ -316,6 +316,8 @@ class UsesInvalidCategory(Lint): ".ollydumpex.vm", ".scyllahide.vm", "x64dbgpy.vm", + "installer.vm", + "debloat.vm" ] root_path = os.path.abspath(os.path.join(__file__, "../../..")) diff --git a/scripts/test/test_install.ps1 b/scripts/test/test_install.ps1 index a19d0e648..d3f92cd38 100644 --- a/scripts/test/test_install.ps1 +++ b/scripts/test/test_install.ps1 @@ -39,7 +39,7 @@ foreach ($package in $packages) { } -$exclude_tests = @("flarevm.installer.vm", "python3.vm") +$exclude_tests = @("flarevm.installer.vm", "python3.vm", "installer.vm") $failures = New-Object Collections.Generic.List[string] $failed = 0 From 2ce5df3c8f6e4015405311aca55243260b8fdb89 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 25 Sep 2023 15:35:35 +0200 Subject: [PATCH 281/330] Simplify VM-Remove-From-Right-Click-Menu Give `type` a default value as it is `file` in most of the cases to simplify the code. --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 12 ++++++------ packages/die.vm/die.vm.nuspec | 4 ++-- packages/die.vm/tools/chocolateyinstall.ps1 | 2 +- packages/die.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/explorersuite.vm/explorersuite.vm.nuspec | 4 ++-- .../explorersuite.vm/tools/chocolateyinstall.ps1 | 2 +- .../explorersuite.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/file.vm/file.vm.nuspec | 4 ++-- packages/file.vm/tools/chocolateyinstall.ps1 | 2 +- packages/file.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/hashmyfiles.vm/hashmyfiles.vm.nuspec | 4 ++-- packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 | 4 ++-- .../hashmyfiles.vm/tools/chocolateyuninstall.ps1 | 4 ++-- packages/hxd.vm/hxd.vm.nuspec | 4 ++-- packages/hxd.vm/tools/chocolateyinstall.ps1 | 2 +- packages/hxd.vm/tools/chocolateyuninstall.ps1 | 2 +- 17 files changed, 29 insertions(+), 29 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 16a91bf55..2c9aade53 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230904 + 0.0.0.20230925 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index eced15120..a2c1d8ba1 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -694,11 +694,11 @@ function VM-Add-To-Right-Click-Menu { [string] $menuLabel, # value displayed in right-click menu [Parameter(Mandatory=$true, Position=2)] [string] $command, - [Parameter(Mandatory=$true, Position=3)] + [Parameter(Mandatory=$false, Position=3)] + [string] $menuIcon, + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type, - [Parameter(Mandatory=$false, Position=4)] - [string] $menuIcon + [string] $type="file" ) try { # Determine if file or directory should show item in right-click menu @@ -738,9 +738,9 @@ function VM-Remove-From-Right-Click-Menu { ( [Parameter(Mandatory=$true, Position=0)] [String] $menuKey, # name of registry key - [Parameter(Mandatory=$true, Position=1)] + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type + [string] $type="file" ) try { # Determine if file or directory should show item in right-click menu diff --git a/packages/die.vm/die.vm.nuspec b/packages/die.vm/die.vm.nuspec index 5bcf50981..5c7175f2c 100644 --- a/packages/die.vm/die.vm.nuspec +++ b/packages/die.vm/die.vm.nuspec @@ -2,11 +2,11 @@ die.vm - 3.07.20230523 + 3.07.20230925 Hellsp@wn, horsicq Detect It Easy, or abbreviated "DIE" is a program for determining types of files. - + diff --git a/packages/die.vm/tools/chocolateyinstall.ps1 b/packages/die.vm/tools/chocolateyinstall.ps1 index 241322292..90723fd49 100644 --- a/packages/die.vm/tools/chocolateyinstall.ps1 +++ b/packages/die.vm/tools/chocolateyinstall.ps1 @@ -11,7 +11,7 @@ try { $zipSha256_64 = '3450169643be76484ac4bd5e1473f6f4745d9825c8a07255a3925a4a6e8bad7e' $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/die.vm/tools/chocolateyuninstall.ps1 b/packages/die.vm/tools/chocolateyuninstall.ps1 index eb06df9ef..6030b3492 100644 --- a/packages/die.vm/tools/chocolateyuninstall.ps1 +++ b/packages/die.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'die' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/explorersuite.vm/explorersuite.vm.nuspec b/packages/explorersuite.vm/explorersuite.vm.nuspec index 8f45c40bf..a31783c94 100644 --- a/packages/explorersuite.vm/explorersuite.vm.nuspec +++ b/packages/explorersuite.vm/explorersuite.vm.nuspec @@ -2,11 +2,11 @@ explorersuite.vm - 0.0.0.20230523 + 0.0.0.20230925 Erik Pistelli A suite of tools including CFF Explorer and a process viewer. - + diff --git a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 index 184b07a60..aa53ce53d 100644 --- a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 @@ -31,7 +31,7 @@ try { # "Open with CFF Explorer" is added to the registry for several extensions, # add it for all extension with same key to avoid duplication. # Use same label and no icon to make it look the same for all extensions. - VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" "file" + VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 index 4e01b7402..d27127a3b 100644 --- a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 @@ -7,6 +7,6 @@ foreach ($subtoolName in $subtoolNames) { VM-Remove-Tool-Shortcut $subtoolName $category } -VM-Remove-From-Right-Click-Menu 'CFF explorer' "file" +VM-Remove-From-Right-Click-Menu 'CFF explorer' VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" diff --git a/packages/file.vm/file.vm.nuspec b/packages/file.vm/file.vm.nuspec index ed3317c9c..edcc1c917 100644 --- a/packages/file.vm/file.vm.nuspec +++ b/packages/file.vm/file.vm.nuspec @@ -2,11 +2,11 @@ file.vm - 0.0.0.20170108 + 0.0.0.20230925 A Windows port of the Linux `file` utility for checking header magics Nolen Scaiffe - + diff --git a/packages/file.vm/tools/chocolateyinstall.ps1 b/packages/file.vm/tools/chocolateyinstall.ps1 index 8687bca84..8d21ed280 100644 --- a/packages/file.vm/tools/chocolateyinstall.ps1 +++ b/packages/file.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { $scriptPath = Join-Path $executableDir "leave_file_open.bat" [IO.File]::WriteAllLines($scriptPath, $("`"$executablePath`" %1", "PAUSE")) - VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" "file" + VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/file.vm/tools/chocolateyuninstall.ps1 b/packages/file.vm/tools/chocolateyuninstall.ps1 index 28509ccd8..20ecaf21b 100644 --- a/packages/file.vm/tools/chocolateyuninstall.ps1 +++ b/packages/file.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'file' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec index 9e27aab0c..ca26a9ee6 100644 --- a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec +++ b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec @@ -2,11 +2,11 @@ hashmyfiles.vm - 0.0.0.20230524 + 0.0.0.20230925 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. Nir Sofer - + diff --git a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 index b86edf750..dcf2be6e4 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,8 @@ try { $zipUrl_64 = "https://www.nirsoft.net/utils/hashmyfiles-x64.zip" $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipUrl_64 $zipUrl_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "file" "$executablePath" - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "directory" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" -type "directory" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 index 0520dd23a..c6ba4f8dc 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'hashmyfiles' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" -VM-Remove-From-Right-Click-Menu $toolName "directory" \ No newline at end of file +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName -type "directory" diff --git a/packages/hxd.vm/hxd.vm.nuspec b/packages/hxd.vm/hxd.vm.nuspec index 1ff947409..b52c701eb 100644 --- a/packages/hxd.vm/hxd.vm.nuspec +++ b/packages/hxd.vm/hxd.vm.nuspec @@ -2,11 +2,11 @@ hxd.vm - 2.5.0.20230524 + 2.5.0.20230925 Maël Hörz Freeware hex editor - + diff --git a/packages/hxd.vm/tools/chocolateyinstall.ps1 b/packages/hxd.vm/tools/chocolateyinstall.ps1 index 0a6615f76..ea8b50a59 100644 --- a/packages/hxd.vm/tools/chocolateyinstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { Install-BinFile -Name $toolName -Path $executablePath - VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hxd.vm/tools/chocolateyuninstall.ps1 b/packages/hxd.vm/tools/chocolateyuninstall.ps1 index 3e5de4ab8..67282eab3 100644 --- a/packages/hxd.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'HxD' $category = 'Hex Editors' VM-Remove-Tool-Shortcut $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName Uninstall-BinFile -Name $toolName From b142829c5482d0d2c579bdd0a446b897d8c1777f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 26 Sep 2023 17:26:36 +0200 Subject: [PATCH 282/330] Add unzip "infected" to right click menu Add 7z unzip with password "infected" option to the right menu for the most common extensions. --- packages/7zip-15-05.vm/7zip-15-05.vm.nuspec | 6 ++-- .../7zip-15-05.vm/tools/chocolateyinstall.ps1 | 13 +++++-- .../tools/chocolateyuninstall.ps1 | 7 +++- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 34 +++++++++++++------ 5 files changed, 43 insertions(+), 19 deletions(-) diff --git a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec index 1929cc48e..5ea1943ca 100644 --- a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec +++ b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec @@ -2,11 +2,11 @@ 7zip-15-05.vm - 15.05 + 15.05.0.20230926 Igor Pavlov 7-Zip file archiver. This version is able to extract NSIS scripts. - + - \ No newline at end of file + diff --git a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 index 27bccaec8..50c9f4942 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 @@ -31,8 +31,15 @@ try { Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath VM-Assert-Path $shortcut - $executablePath = Join-Path $toolDir "7z.exe" -Resolve - Install-BinFile -Name $toolName -Path $executablePath + $7zExecutablePath = Join-Path $toolDir "7z.exe" -Resolve + Install-BinFile -Name $toolName -Path $7zExecutablePath + + # Add 7z unzip with password "infected" to the right menu for the most common extensions. + # 7z can unzip other file extensions like .docx but these don't likely use the infected password. + $extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") + foreach ($extension in $extensions) { + VM-Add-To-Right-Click-Menu $toolName 'unzip "infected"' "`"$7zExecutablePath`" e -pinfected `"%1`"" "$executablePath" -extension $extension + } } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} diff --git a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 index 20451faeb..55903ee60 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,9 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" \ No newline at end of file +VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" + +$extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") +foreach ($extension in $extensions) { + VM-Remove-From-Right-Click-Menu $toolName -extension $extension +} diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 2c9aade53..b47c7b0aa 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230925 + 0.0.0.20230926 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index a2c1d8ba1..704463d9c 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -698,14 +698,20 @@ function VM-Add-To-Right-Click-Menu { [string] $menuIcon, [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type="file" + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } $key_path = "HKCR:\$key\shell\$menuKey" @@ -716,7 +722,7 @@ function VM-Add-To-Right-Click-Menu { # Add right-click menu display name if (-NOT (Test-Path -LiteralPath $key_path)) { - New-Item -Path $key_path | Out-Null + New-Item -Path $key_path -Force | Out-Null } Set-ItemProperty -LiteralPath $key_path -Name '(Default)' -Value "$menuLabel" -Type String if ($menuIcon) { @@ -740,14 +746,20 @@ function VM-Remove-From-Right-Click-Menu { [String] $menuKey, # name of registry key [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type="file" + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } $key_path = "HKCR:\$key\shell\$menuKey" From d5e61b6521514404ba335d02d26feeadc1eb2a8e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 26 Sep 2023 18:24:05 +0200 Subject: [PATCH 283/330] Add "Open with IDA" to right click menu Add "Open with IDA" and "Open with IDA (x64)" to the right click menu. The command executes a Powershell script that looks for the latest IDA Pro version and uses it to open the file. If no IDA Pro version is found, it opens the file with IDA free. --- packages/idafree.vm/idafree.vm.nuspec | 4 ++-- packages/idafree.vm/tools/chocolateyinstall.ps1 | 11 +++++++++++ packages/idafree.vm/tools/chocolateyuninstall.ps1 | 5 ++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/packages/idafree.vm/idafree.vm.nuspec b/packages/idafree.vm/idafree.vm.nuspec index 20a4fa94b..2fe2045cb 100644 --- a/packages/idafree.vm/idafree.vm.nuspec +++ b/packages/idafree.vm/idafree.vm.nuspec @@ -2,11 +2,11 @@ idafree.vm - 7.6.20230418 + 7.6.20230926 hex-rays Free version of IDA, a powerful Interactive DisAssembler and debugger - + diff --git a/packages/idafree.vm/tools/chocolateyinstall.ps1 b/packages/idafree.vm/tools/chocolateyinstall.ps1 index 562a20db3..6fdddc67f 100644 --- a/packages/idafree.vm/tools/chocolateyinstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyinstall.ps1 @@ -29,6 +29,17 @@ try { if (Test-Path $desktopShortcut) { Remove-Item $desktopShortcut -Force -ea 0 } + + $menuIcon = Join-Path $toolDir "ida.ico" -Resolve + # Run a Powershell script to open with last IDA Pro version which is likely installed after the IDA free package. + # It takes slightly longer than using an static path but it works after installing IDA Pro and every time you update it. + # The "-WindowStyle hidden" still shows the Powershell Window briefly: https://github.com/PowerShell/PowerShell/issues/3028 + # We could use the run-hidden wrapper, which won't display the Window but is likely slightly slower. + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName 'Open with IDA' "powershell.exe -WindowStyle hidden `"$script`"" "$menuIcon" + # Repeat for x64 + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida64.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName-64 'Open with IDA (x64)' "powershell.exe -WindowStyle hidden `"$script`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/idafree.vm/tools/chocolateyuninstall.ps1 b/packages/idafree.vm/tools/chocolateyuninstall.ps1 index 34663e3b8..0604d7fa7 100644 --- a/packages/idafree.vm/tools/chocolateyuninstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,7 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" \ No newline at end of file +VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" + +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName-64 From 848a97a3401ef37c93561f6f83a4ede5396632da Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 27 Sep 2023 13:56:59 +0200 Subject: [PATCH 284/330] Update IDA Free to 8.3 Update IDA Free to latest version. --- packages/idafree.vm/idafree.vm.nuspec | 2 +- packages/idafree.vm/tools/chocolateyinstall.ps1 | 8 ++++---- packages/idafree.vm/tools/chocolateyuninstall.ps1 | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/idafree.vm/idafree.vm.nuspec b/packages/idafree.vm/idafree.vm.nuspec index 2fe2045cb..ee3bca528 100644 --- a/packages/idafree.vm/idafree.vm.nuspec +++ b/packages/idafree.vm/idafree.vm.nuspec @@ -2,7 +2,7 @@ idafree.vm - 7.6.20230926 + 8.3 hex-rays Free version of IDA, a powerful Interactive DisAssembler and debugger diff --git a/packages/idafree.vm/tools/chocolateyinstall.ps1 b/packages/idafree.vm/tools/chocolateyinstall.ps1 index 6fdddc67f..946ebbb5e 100644 --- a/packages/idafree.vm/tools/chocolateyinstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyinstall.ps1 @@ -10,13 +10,13 @@ try { packageName = ${Env:ChocolateyPackageName} fileType = 'exe' silentArgs = '--mode unattended' - url = 'https://out7.hex-rays.com/files/idafree76_windows.exe' - checksum = '2ecc5b2f5329c4e7a4243634801180be38a397c31a330324c8abc605f5dffb9e' + url = 'https://out7.hex-rays.com/files/idafree83_windows.exe' + checksum = '10080a057704630578e697c6bb0b09968a54138075cacab175f62d60c71d0a1f' checksumType = 'sha256' } Install-ChocolateyPackage @packageArgs - $toolDir = Join-Path ${Env:ProgramFiles} "IDA Freeware 7.6" -Resolve + $toolDir = Join-Path ${Env:ProgramFiles} "IDA Freeware 8.3" -Resolve $executablePath = Join-Path $toolDir "ida64.exe" -Resolve $shortcut = Join-Path $shortcutDir "$toolname.lnk" Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath @@ -25,7 +25,7 @@ try { Install-BinFile -Name $toolname -Path $executablePath # Delete Desktop shortcut - $desktopShortcut = Join-Path ${Env:Public} "Desktop\IDA Freeware 7.6.lnk" + $desktopShortcut = Join-Path ${Env:Public} "Desktop\IDA Freeware 8.3.lnk" if (Test-Path $desktopShortcut) { Remove-Item $desktopShortcut -Force -ea 0 } diff --git a/packages/idafree.vm/tools/chocolateyuninstall.ps1 b/packages/idafree.vm/tools/chocolateyuninstall.ps1 index 0604d7fa7..a93c42ec3 100644 --- a/packages/idafree.vm/tools/chocolateyuninstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyuninstall.ps1 @@ -11,7 +11,7 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" +VM-Uninstall-With-Uninstaller "IDA Freeware*?8.3" "EXE" "--mode unattended" VM-Remove-From-Right-Click-Menu $toolName VM-Remove-From-Right-Click-Menu $toolName-64 From af5e77ffc67dc59ac04c06247c746e39d50ca259 Mon Sep 17 00:00:00 2001 From: mr-tz Date: Mon, 7 Aug 2023 14:22:33 +0200 Subject: [PATCH 285/330] Update MAP and scdbg Update MAP and scdbg to latest version. The previous version was incorrect as it used the date as version with using the `0.0.0.DATE` format. To ensure the version is increased with the package update, before merging this commit, we need to delete the previous packages from myget. Co-authored-by: Ana Maria Martinez Gomez --- packages/map.vm/map.vm.nuspec | 2 +- packages/map.vm/tools/chocolateyinstall.ps1 | 4 ++-- packages/scdbg.vm/scdbg.vm.nuspec | 2 +- packages/scdbg.vm/tools/chocolateyinstall.ps1 | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/map.vm/map.vm.nuspec b/packages/map.vm/map.vm.nuspec index 224fc8b26..f78b2948e 100644 --- a/packages/map.vm/map.vm.nuspec +++ b/packages/map.vm/map.vm.nuspec @@ -2,7 +2,7 @@ map.vm - 12.20.21 + 0.0.0.20230723 David Zimmer Handful of small utility type applications useful for analyzing malicious code. diff --git a/packages/map.vm/tools/chocolateyinstall.ps1 b/packages/map.vm/tools/chocolateyinstall.ps1 index fb77fdcd5..9b5898989 100644 --- a/packages/map.vm/tools/chocolateyinstall.ps1 +++ b/packages/map.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'Malcode Analyst Pack' $category = 'Utilities' - $url = 'https://github.com/dzzie/MAP/releases/download/current/map_setup.exe' - $checksum = '421872a1846ec421d3b414ba1af70b1d929082f5903bdb363d1c7172488c69e9' + $url = 'http://sandsprite.com/flare_vm/map_setup_7.26.23__A2A58AF886B9BF4DC6DB5CFDFF9B7E2300F0D0C491CD07DAC871DF60DAA370C4.exe' + $checksum = 'A2A58AF886B9BF4DC6DB5CFDFF9B7E2300F0D0C491CD07DAC871DF60DAA370C4' $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category diff --git a/packages/scdbg.vm/scdbg.vm.nuspec b/packages/scdbg.vm/scdbg.vm.nuspec index c13a3238c..6a96e573f 100644 --- a/packages/scdbg.vm/scdbg.vm.nuspec +++ b/packages/scdbg.vm/scdbg.vm.nuspec @@ -2,7 +2,7 @@ scdbg.vm - 12.7.22 + 0.0.0.20230723 Paul Baecher, Markus Koetter, David Zimmer scdbg is an emulation based shellcode API logger and debugger diff --git a/packages/scdbg.vm/tools/chocolateyinstall.ps1 b/packages/scdbg.vm/tools/chocolateyinstall.ps1 index a1c67fbab..d9cad5cf4 100644 --- a/packages/scdbg.vm/tools/chocolateyinstall.ps1 +++ b/packages/scdbg.vm/tools/chocolateyinstall.ps1 @@ -5,8 +5,8 @@ try { $toolName = 'scdbg' $category = 'Debuggers' - $zipUrl = 'https://github.com/dzzie/VS_LIBEMU/releases/download/12.7.22/VS_LIBEMU_12_7_22.zip' - $zipSha256 = '521130E34CC0A30587FF99D030633B9D124CCAC779A213E15025535171B4113D' + $zipUrl = 'http://sandsprite.com/flare_vm/VS_LIBEMU_7.26.23__D7A7B407A0FB2288655247FF3EDD361E767075B15D2F0554EB9C87BC4476D996.zip' + $zipSha256 = 'D7A7B407A0FB2288655247FF3EDD361E767075B15D2F0554EB9C87BC4476D996' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true From 475cb8924fb10d17034ff002d6aebf6a0800d6ec Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 27 Sep 2023 19:50:51 +0200 Subject: [PATCH 286/330] Add ida.plugin.capa.vm Add ida.plugin.capa.vm that install the capa plugin for IDA. The package has libraries.python3.vm as dependency, that installs the flare-capa Python library. This library has been updated to use Python 10 due to the following IDA bug: - https://github.com/mandiant/capa/issues/681 Exclude ida.plugin.capa.vm from the categories linter as it is not installed in the tools folder. Sort the categories exclusions alphabetically. --- .../ida.plugin.capa.vm.nuspec | 13 ++++++ .../tools/chocolateyinstall.ps1 | 43 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 15 +++++++ .../libraries.python3.vm.nuspec | 4 +- .../tools/chocolateyinstall.ps1 | 10 ++--- .../libraries.python3.vm/tools/modules.xml | 1 + scripts/test/lint.py | 9 ++-- 7 files changed, 84 insertions(+), 11 deletions(-) create mode 100755 packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec create mode 100755 packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 create mode 100755 packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec new file mode 100755 index 000000000..b22a4e0e5 --- /dev/null +++ b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec @@ -0,0 +1,13 @@ + + + + ida.plugin.capa.vm + 6.1.0 + capa explorer is an IDAPython plugin that integrates capa with IDA Pro. + @mike-hunhoff, @williballenthin, @mr-tz + + + + + + diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 new file mode 100755 index 000000000..e2d8964e8 --- /dev/null +++ b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,43 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Install plugin + $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v6.1.0/capa/ida/plugin/capa_explorer.py" + $pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3" + $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force + $pluginPath = Join-Path $pluginsDir "capa_explorer.py" + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + url = $pluginUrl + checksum = $pluginSha256 + checksumType = "sha256" + fileFullPath = $pluginPath + forceDownload = $true + } + Get-ChocolateyWebFile @packageArgs + VM-Assert-Path $pluginPath + + # Download capa rules + $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v6.1.0.zip" + $rulesSha256 = "d87240475b2989e919f65381556f28b455a2f7d6cd35d95acdbbbe9f04f86c84" + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $pluginsDir + url = $rulesUrl + checksum = $rulesSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs + $rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" -Resolve + + # Set capa rules in the capa plugin + $registryPath = 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa' + New-Item $registryPath -Force | Out-Null + # ida_settings expects '/' in the rule path + $value = $rulesDir.replace("\", "/") + Set-ItemProperty $registryPath -Name "rule_path" -Value "`"$value`"" -Force | Out-Null +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 new file mode 100755 index 000000000..7e1619123 --- /dev/null +++ b/packages/ida.plugin.capa.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,15 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$pluginsDir = "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" + +# Uninstall plugin +$pluginPath = Join-Path $pluginsDir "capa_explorer.py" +Remove-Item $pluginPath + +# Delete capa rules +$rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" +Remove-Item $rulesDir + +# Delete registry information +Remove-Item 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa' diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index 339be7fc1..f04894963 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,13 +2,13 @@ libraries.python3.vm - 0.0.0.20230906 + 0.0.0.20230927 Metapackage to install common Python 3.9 libraries Several, check in pypi.org for every of the libraries - + diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index fe3d230be..aaf7c9960 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -10,7 +10,7 @@ try { $outputFile = VM-New-Install-Log $toolDir # Fix pip version - Invoke-Expression "py -3.9 -m pip install pip~=23.2.1 >> $outputFile" + Invoke-Expression "py -3.10 -m pip install pip~=23.2.1 >> $outputFile" $failures = @() $modules = $modulesXml.modules.module @@ -21,19 +21,19 @@ try { $intallValue = $module.url } - Invoke-Expression "py -3.9 -m pip install $intallValue 2>&1 >> $outputFile" + Invoke-Expression "py -3.10 -m pip install $intallValue 2>&1 >> $outputFile" if ($LastExitCode -eq 0) { - Write-Host "`t[+] Installed Python 3.9 module: $($module.name)" -ForegroundColor Green + Write-Host "`t[+] Installed Python 3.10 module: $($module.name)" -ForegroundColor Green } else { - Write-Host "`t[!] Failed to install Python 3.9 module: $($module.name)" -ForegroundColor Red + Write-Host "`t[!] Failed to install Python 3.10 module: $($module.name)" -ForegroundColor Red $failures += $module.Name } } if ($failures.Count -gt 0) { foreach ($module in $failures) { - VM-Write-Log "ERROR" "Failed to install Python 3.9 module: $module" + VM-Write-Log "ERROR" "Failed to install Python 3.10 module: $module" } $outputFile = $outputFile.replace('lib\', 'lib-bad\') VM-Write-Log "ERROR" "Check $outputFile for more information" diff --git a/packages/libraries.python3.vm/tools/modules.xml b/packages/libraries.python3.vm/tools/modules.xml index 5f99c9c8b..158cd77c7 100644 --- a/packages/libraries.python3.vm/tools/modules.xml +++ b/packages/libraries.python3.vm/tools/modules.xml @@ -3,6 +3,7 @@ + diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 350592622..2c8e9e94c 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -306,18 +306,19 @@ def check(self, path): class UsesInvalidCategory(Lint): # Some packages don't have a category (we don't create a link in the tools directory) EXCLUSIONS = [ + ".ollydumpex.vm", + ".scyllahide.vm", "common.vm", + "debloat.vm", "flarevm.installer.vm", + "ida.plugin.capa.vm", + "installer.vm", "libraries.python2.vm", "libraries.python3.vm", "notepadplusplus.vm", "notepadpp.plugin.", "npcap.vm", - ".ollydumpex.vm", - ".scyllahide.vm", "x64dbgpy.vm", - "installer.vm", - "debloat.vm" ] root_path = os.path.abspath(os.path.join(__file__, "../../..")) From d6102cef6e91266da579ca86cab1d2c5af446c18 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 28 Sep 2023 12:33:05 +0200 Subject: [PATCH 287/330] Add didier-stevens-suite.vm Add didier-stevens-suite.vm and adds shortcuts for the tools pdfid and pdf-parser in the PDF category. --- .../didier-stevens-suite.vm.nuspec | 13 +++++++++ .../tools/chocolateyinstall.ps1 | 27 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 12 +++++++++ 3 files changed, 52 insertions(+) create mode 100644 packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec create mode 100644 packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec new file mode 100644 index 000000000..321b5c52d --- /dev/null +++ b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec @@ -0,0 +1,13 @@ + + + + didier-stevens-suite.vm + 0.0.0.20230928 + Didier Stevens + Tools colection by Didier Stevens + + + + + + diff --git a/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 b/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..89c95e1db --- /dev/null +++ b/packages/didier-stevens-suite.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $category = 'PDF' + $zipUrl = 'https://github.com/DidierStevens/DidierStevensSuite/archive/8190354314d6f42c9ddc477a795029dc446176c5.zip' + $zipSha256 = 'fe37ef5b81810af99820a7360aa26e7fec669432875dd29e38f307880bb53c37' + + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = ${Env:RAW_TOOLS_DIR} + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + } + Install-ChocolateyZipPackage @packageArgs + $toolDir = Get-Item "${Env:RAW_TOOLS_DIR}\DidierStevensSuite-*" + VM-Assert-Path $toolDir + + # Add shortcut for commonly used PDF tools + ForEach ($toolName in @('pdfid', 'pdf-parser')) { + $executablePath = Join-Path $toolDir "$toolName.py" + VM-Install-Shortcut $toolName $category $executablePath -consoleApp $true + } +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 b/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e784769de --- /dev/null +++ b/packages/didier-stevens-suite.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,12 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +# Remove shortcuts +$category = 'PDF' +ForEach ($toolName in @('pdfid', 'pdf-parser')) { + VM-Remove-Tool-Shortcut $toolName $category +} + +# Remove tool directory +$toolDir = Get-Item "${Env:RAW_TOOLS_DIR}\DidierStevensSuite-*" +Remove-Item $toolDir -Recurse -Force -ea 0 From c504fe06fe9874b8e4cd43d00119c76485d8480f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 28 Sep 2023 19:50:25 +0200 Subject: [PATCH 288/330] Add dex2jar.vm Add a shortcut for d2j-dex2jar. --- packages/dex2jar.vm/dex2jar.vm.nuspec | 13 +++++++++++++ packages/dex2jar.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/dex2jar.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 30 insertions(+) create mode 100644 packages/dex2jar.vm/dex2jar.vm.nuspec create mode 100644 packages/dex2jar.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/dex2jar.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/dex2jar.vm/dex2jar.vm.nuspec b/packages/dex2jar.vm/dex2jar.vm.nuspec new file mode 100644 index 000000000..ffca58cf9 --- /dev/null +++ b/packages/dex2jar.vm/dex2jar.vm.nuspec @@ -0,0 +1,13 @@ + + + + dex2jar.vm + 2.3 + @pxb1988 + Tools to work with android .dex and java .class files. + + + + + + diff --git a/packages/dex2jar.vm/tools/chocolateyinstall.ps1 b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..ad3088e8f --- /dev/null +++ b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'd2j-dex2jar' +$category = 'Java' + +$zipUrl = 'https://github.com/pxb1988/dex2jar/releases/download/v2.3/dex2jar-v2.zip' +$zipSha256 = 'd0507b6277193476ae29351905b5fa9b20d1a9a5ce119b46d87e5b188edf859e' + +VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -executableName "$toolName.bat" -innerFolder $true diff --git a/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..65ad1123b --- /dev/null +++ b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'd2j-dex2jar' +$category = 'Java' + +VM-Uninstall $toolName $category From 8239d7c3c00d2e86fd25cd9b709818b39d96f846 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 29 Sep 2023 11:40:16 +0200 Subject: [PATCH 289/330] Introduce Packers category Introduce Packers category as the Utilities folder is getting big and to make easier finding tools. Move upx to the Packers category. This change likely breaks updates. --- .github/ISSUE_TEMPLATE/new_metapackage.yml | 1 + .github/ISSUE_TEMPLATE/new_package.yml | 1 + categories.txt | 1 + packages/upx.vm/tools/chocolateyinstall.ps1 | 2 +- packages/upx.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/upx.vm/upx.vm.nuspec | 2 +- 6 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/new_metapackage.yml b/.github/ISSUE_TEMPLATE/new_metapackage.yml index 534dfa0e9..2b4d8cb3b 100644 --- a/.github/ISSUE_TEMPLATE/new_metapackage.yml +++ b/.github/ISSUE_TEMPLATE/new_metapackage.yml @@ -70,6 +70,7 @@ body: - Lateral Movement - Networking - Office + - Packers - Password Attacks - Payload Development - PDF diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index fdc11a0ca..0455fec53 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -89,6 +89,7 @@ body: - Lateral Movement - Networking - Office + - Packers - Password Attacks - Payload Development - PDF diff --git a/categories.txt b/categories.txt index 585808a2c..b9558d62b 100644 --- a/categories.txt +++ b/categories.txt @@ -18,6 +18,7 @@ Javascript Lateral Movement Networking Office +Packers Password Attacks Payload Development PDF diff --git a/packages/upx.vm/tools/chocolateyinstall.ps1 b/packages/upx.vm/tools/chocolateyinstall.ps1 index 9c3d23736..508fc5f81 100644 --- a/packages/upx.vm/tools/chocolateyinstall.ps1 +++ b/packages/upx.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'upx' -$category = 'Utilities' +$category = 'Packers' $zipUrl = "https://github.com/upx/upx/releases/download/v4.1.0/upx-4.1.0-win32.zip" $zipSha256 = "066c62993ce904f9f377ce849e85b77d1e2cf477d554c36c5ff89f6d3f0fa072" diff --git a/packages/upx.vm/tools/chocolateyuninstall.ps1 b/packages/upx.vm/tools/chocolateyuninstall.ps1 index 9684090d7..472237d25 100644 --- a/packages/upx.vm/tools/chocolateyuninstall.ps1 +++ b/packages/upx.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'upx' -$category = 'Utilities' +$category = 'Packers' VM-Uninstall $toolName $category diff --git a/packages/upx.vm/upx.vm.nuspec b/packages/upx.vm/upx.vm.nuspec index 511bbbf96..cfd18f4dc 100644 --- a/packages/upx.vm/upx.vm.nuspec +++ b/packages/upx.vm/upx.vm.nuspec @@ -2,7 +2,7 @@ upx.vm - 4.1.0 + 4.1.0.20230929 markus-oberhumer UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. From cf3fe3e468775ec260bf61ad409d814d004ed789 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 29 Sep 2023 12:06:36 +0200 Subject: [PATCH 290/330] Add pkg-unpacker Add pkg-unpacker, a nodejs tool installed similarly to malware-jail. --- .../pkg-unpacker.vm/pkg-unpacker.vm.nuspec | 13 +++++++++++++ .../tools/chocolateyinstall.ps1 | 19 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 39 insertions(+) create mode 100644 packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec create mode 100644 packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec new file mode 100644 index 000000000..b39ac1d5c --- /dev/null +++ b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec @@ -0,0 +1,13 @@ + + + + pkg-unpacker.vm + 1.0.0 + LockBlock-dev + Unpacker for pkg applications. + + + + + + diff --git a/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 b/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..2cc736110 --- /dev/null +++ b/packages/pkg-unpacker.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,19 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'pkg-unpacker' + $category = 'Packers' + $zipUrl = 'https://github.com/LockBlock-dev/pkg-unpacker/archive/b1fd5200e1bf656dedef6817c177c8bb2dc38028.zip' + $zipSha256 = '6eed1d492d37ca3934a3bc838c2256719a3e78ccf72ce1b1ca07684519ace16c' + $powershellCommand = "Write-Output '> node unpack.js'; node unpack.js" + + $toolDir = VM-Install-Raw-GitHub-Repo $toolName $category $zipUrl $zipSha256 -powershellCommand $powershellCommand + + # Get absolute path as npm is not in path until Powershell is restarted + $npmPath = Join-Path ${Env:ProgramFiles} "\nodejs\npm.cmd" -Resolve + # Install tool dependencies with npm + Set-Location $toolDir; & "$npmPath" install | Out-Null +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 b/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..6bb7b577f --- /dev/null +++ b/packages/pkg-unpacker.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'pkg-unpacker' +$category = 'Packers' + +VM-Uninstall $toolName $category From 2fbd50a6b6ba68b0d0ef9444d8d56e70d6b638c6 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 4 Oct 2023 22:13:32 +0000 Subject: [PATCH 291/330] Update cmder.vm to 1.3.24 --- packages/cmder.vm/cmder.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cmder.vm/cmder.vm.nuspec b/packages/cmder.vm/cmder.vm.nuspec index b9583bc04..154bfe878 100644 --- a/packages/cmder.vm/cmder.vm.nuspec +++ b/packages/cmder.vm/cmder.vm.nuspec @@ -2,12 +2,12 @@ cmder.vm - 1.3.21 + 1.3.24 Metapackage for cmder Mandiant, Samuel Vasko - + From a3e0be731d2f9fc57482b8fede8776363a7601a9 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 5 Oct 2023 00:37:51 +0000 Subject: [PATCH 292/330] Update sharphound.vm to v2.0.1 --- packages/sharphound.vm/sharphound.vm.nuspec | 2 +- packages/sharphound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/sharphound.vm/sharphound.vm.nuspec b/packages/sharphound.vm/sharphound.vm.nuspec index 7a8995369..bc41a21f8 100644 --- a/packages/sharphound.vm/sharphound.vm.nuspec +++ b/packages/sharphound.vm/sharphound.vm.nuspec @@ -2,7 +2,7 @@ sharphound.vm - 2.0.0 + 2.0.1 specterops SharpHound is an Active Directory ingester tool for BloodHound. diff --git a/packages/sharphound.vm/tools/chocolateyinstall.ps1 b/packages/sharphound.vm/tools/chocolateyinstall.ps1 index 609a930cd..e0fc8336e 100644 --- a/packages/sharphound.vm/tools/chocolateyinstall.ps1 +++ b/packages/sharphound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'SharpHound' $category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v2.0.0/SharpHound-v2.0.0.zip' -$zipSha256 = '2b6ef9f4b59e06238caf0e4c79e023356784eff5d49313e7fae8539cc47a65ca' +$zipUrl = 'https://github.com/BloodHoundAD/SharpHound/releases/download/v2.0.1/SharpHound-v2.0.1.zip' +$zipSha256 = 'a6f73c1a75d14322aa4993fe498299ab55866ba74440f8a52d4dffe85594de2f' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From 0bc6b1e32f97da6997cc8cd79bb73df8b6bb1d03 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 5 Oct 2023 00:39:29 +0000 Subject: [PATCH 293/330] Update sysinternals.vm to 2023.9.29 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index 5edd38e60..f0046c11d 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.7.26 + 2023.9.29 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From aee3bdbc3d0fdc6381b8edf5bef23244cac1c31c Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 5 Oct 2023 00:40:08 +0000 Subject: [PATCH 294/330] Update tor-browser.vm to 12.5.6 --- packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec index 293944ba4..d127aac1b 100644 --- a/packages/tor-browser.vm/tor-browser.vm.nuspec +++ b/packages/tor-browser.vm/tor-browser.vm.nuspec @@ -2,12 +2,12 @@ tor-browser.vm - 12.5.4 + 12.5.6 Tor Project The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. - + From 63e4e3e8a9b127915da1d81d9578d6bd9709fe21 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 5 Oct 2023 00:43:34 +0000 Subject: [PATCH 295/330] Update vcbuildtools.vm to 0.0.0.20231005 --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 146a08bda..d2e67af7e 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20230914 + 0.0.0.20231005 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From d517d33081c210cb5446e70ed6353da8220e6730 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 5 Oct 2023 00:43:52 +0000 Subject: [PATCH 296/330] Update vnc-viewer.vm to 7.6.1 --- packages/vnc-viewer.vm/vnc-viewer.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec index 8d0d2e810..ccbbf27a4 100644 --- a/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec +++ b/packages/vnc-viewer.vm/vnc-viewer.vm.nuspec @@ -2,12 +2,12 @@ vnc-viewer.vm - 7.6.0 + 7.6.1 RealVNC Tool for connecting to and interacting with VNC servers. - + From 375654fccb519708f58a122be77ca90fd6e26f8a Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 5 Oct 2023 16:17:35 +0200 Subject: [PATCH 297/330] Add sfextract.vm Use `dotnet tool update` to avoid failing the package if the tool is already installed. --- packages/sfextract.vm/sfextract.vm.nuspec | 13 +++++++++++++ packages/sfextract.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/sfextract.vm/tools/chocolateyuninstall.ps1 | 9 +++++++++ 3 files changed, 32 insertions(+) create mode 100644 packages/sfextract.vm/sfextract.vm.nuspec create mode 100644 packages/sfextract.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/sfextract.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/sfextract.vm/sfextract.vm.nuspec b/packages/sfextract.vm/sfextract.vm.nuspec new file mode 100644 index 000000000..d5e880583 --- /dev/null +++ b/packages/sfextract.vm/sfextract.vm.nuspec @@ -0,0 +1,13 @@ + + + + sfextract.vm + 2.1.0 + Joery Droppers + command-line utility to extract files from single file bundles in .NET + + + + + + diff --git a/packages/sfextract.vm/tools/chocolateyinstall.ps1 b/packages/sfextract.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..4336c2521 --- /dev/null +++ b/packages/sfextract.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'sfextract' +$category = 'dotNet' + +dotnet tool update --global sfextract --version 2.1.0 + +$executablePath = Join-Path "${Env:UserProfile}\.dotnet\tools" "$toolName.exe" -Resolve +VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath -consoleApp $true diff --git a/packages/sfextract.vm/tools/chocolateyuninstall.ps1 b/packages/sfextract.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..77888cd24 --- /dev/null +++ b/packages/sfextract.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,9 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'sfextract' +$category = 'dotNet' + +dotnet tool uninstall --global sfextract + +VM-Remove-Tool-Shortcut $toolName $category From 35dc935b50a86308903971541a1fb7cd6bb51506 Mon Sep 17 00:00:00 2001 From: erik4711 Date: Thu, 5 Oct 2023 17:07:50 +0200 Subject: [PATCH 298/330] NetworkMiner 2.8.1 (#677) * Update networkminer.vm.nuspec NM 2.8.1 * Update chocolateyinstall.ps1 NM 2.8.1 --- packages/networkminer.vm/networkminer.vm.nuspec | 2 +- packages/networkminer.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/networkminer.vm/networkminer.vm.nuspec b/packages/networkminer.vm/networkminer.vm.nuspec index ce4116306..033c7e476 100644 --- a/packages/networkminer.vm/networkminer.vm.nuspec +++ b/packages/networkminer.vm/networkminer.vm.nuspec @@ -2,7 +2,7 @@ networkminer.vm - 2.8 + 2.8.1 Netresec NetworkMiner is an open source Network Forensic Analysis Tool for Windows, but also works in Linux or Mac OS X. NetworkMiner can be used as a passive network sniffer in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to reassemble transmitted files and certificates from PCAP files. diff --git a/packages/networkminer.vm/tools/chocolateyinstall.ps1 b/packages/networkminer.vm/tools/chocolateyinstall.ps1 index e426efb34..9970de96e 100644 --- a/packages/networkminer.vm/tools/chocolateyinstall.ps1 +++ b/packages/networkminer.vm/tools/chocolateyinstall.ps1 @@ -5,6 +5,6 @@ $toolName = 'NetworkMiner' $category = 'Networking' $zipUrl = 'https://www.netresec.com/?download=NetworkMiner' -$zipSha256 = '13dc519e24a44485554be6e3651bf9381b9ea13a0376cdf958508c75e3b1bb7a' +$zipSha256 = '34e8ba09d6bb47463c0e154b7a8eef26922b8dd61000e95d1880aa8c175507e1' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true From 547d793bd50d911ffc0091b106f0479fc4e4387f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 6 Oct 2023 12:52:33 +0200 Subject: [PATCH 299/330] Use os.path.join in lint.py `os.path.join` uses the format suitable for the OS Python is running on, using `/` in Linux and `\` in Windows. We were mixing them up in the GH action run that uses Windows: ``` D:\a\VM-Packages\VM-Packages/categories.txt ``` --- scripts/test/lint.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 2c8e9e94c..62973af76 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -322,7 +322,7 @@ class UsesInvalidCategory(Lint): ] root_path = os.path.abspath(os.path.join(__file__, "../../..")) - categories_txt = f"{root_path}/categories.txt" + categories_txt = os.path.join(root_path, "categories.txt") with open(categories_txt) as file: CATEGORIES = [line.rstrip() for line in file] logger.debug(CATEGORIES) From 99d66a08cc89e63f05689bd63b6818a47015d92b Mon Sep 17 00:00:00 2001 From: vm-packages Date: Mon, 9 Oct 2023 12:12:11 +0000 Subject: [PATCH 300/330] Add reg_export.vm Closes https://github.com/mandiant/VM-Packages/issues/183. --- packages/reg_export.vm/reg_export.vm.nuspec | 12 ++++++++++++ packages/reg_export.vm/tools/chocolateyinstall.ps1 | 10 ++++++++++ packages/reg_export.vm/tools/chocolateyuninstall.ps1 | 7 +++++++ 3 files changed, 29 insertions(+) create mode 100644 packages/reg_export.vm/reg_export.vm.nuspec create mode 100644 packages/reg_export.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/reg_export.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/reg_export.vm/reg_export.vm.nuspec b/packages/reg_export.vm/reg_export.vm.nuspec new file mode 100644 index 000000000..1cdd81ff1 --- /dev/null +++ b/packages/reg_export.vm/reg_export.vm.nuspec @@ -0,0 +1,12 @@ + + + + reg_export.vm + 1.3 + Adam Kramer + A CLI that exports the raw content of a registry value to a file + + + + + diff --git a/packages/reg_export.vm/tools/chocolateyinstall.ps1 b/packages/reg_export.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..79e76a85d --- /dev/null +++ b/packages/reg_export.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,10 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'reg_export' +$category = 'Utilities' + +$exeUrl = 'https://github.com/adamkramer/reg_export/releases/download/v1.3/reg_export.exe' +$exeSha256 = '0786cf26a63a059986fa7c568c1833825104e52565c17ff777f45d3118a8b274' + +VM-Install-Single-Exe $toolName $category $exeUrl -exeSha256 $exeSha256 -consoleApp $true diff --git a/packages/reg_export.vm/tools/chocolateyuninstall.ps1 b/packages/reg_export.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..e6af9a144 --- /dev/null +++ b/packages/reg_export.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'reg_export' +$category = 'Utilities' + +VM-Uninstall $toolName $category From a12b8bad9bf3a10810e892a40b8d983b85805241 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 9 Oct 2023 08:31:26 +0200 Subject: [PATCH 301/330] installer.vm: do not require an icon FLARE-VM does not use an icon for the tools folder at the moment. Do not make the installer fail if the icon file does not exist. --- packages/installer.vm/installer.vm.nuspec | 2 +- packages/installer.vm/tools/chocolateyinstall.ps1 | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec index 28dc1f69d..432280158 100644 --- a/packages/installer.vm/installer.vm.nuspec +++ b/packages/installer.vm/installer.vm.nuspec @@ -2,7 +2,7 @@ installer.vm - 0.0.0.20230904 + 0.0.0.20231009 Mandiant Generic installer for custom virtual machines. diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index 7ec778d85..d75bc422b 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -39,8 +39,9 @@ try { # Configure PowerShell Logging VM-Configure-PS-Logging - # Configure Desktop\Tools folder with a custom icon - if ($iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" -Resolve) { + # Configure Desktop\Tools folder with a custom icon if it exists + $iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" + if (Test-Path $iconPath) { $folderPath = $Env:TOOL_LIST_DIR # Set the icon if (Test-Path -Path $folderPath -PathType Container) { From 497279caa1ab4f8b32829b85603c2c62fe580542 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 10 Oct 2023 14:34:10 +0200 Subject: [PATCH 302/330] installer.vm: be consistent with variable names Use configPath (and not configFile) for configuration file paths to be consistent with the configuration file few lines up. --- packages/installer.vm/tools/chocolateyinstall.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index d75bc422b..4046f535a 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -30,8 +30,8 @@ try { # Set Profile/Version specific configurations VM-Write-Log "INFO" "[+] Beginning Windows OS VM profile configuration changes" - $configFile = Join-Path $Env:VM_COMMON_DIR "config.xml" -Resolve - VM-Apply-Configurations $configFile + $configPath = Join-Path $Env:VM_COMMON_DIR "config.xml" -Resolve + VM-Apply-Configurations $configPath # Configure PowerShell and cmd prompts VM-Configure-Prompts From b94b3c89a5f7341b5b0df237ad704cb42e546b89 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 6 Oct 2023 12:27:00 +0200 Subject: [PATCH 303/330] Merge Java and Android categories Merge Java and Android categories into Java/Android to make it easier to find the tools. --- .github/ISSUE_TEMPLATE/new_metapackage.yml | 3 +-- .github/ISSUE_TEMPLATE/new_package.yml | 3 +-- categories.txt | 3 +-- packages/apktool.vm/apktool.vm.nuspec | 2 +- packages/apktool.vm/tools/chocolateyinstall.ps1 | 2 +- packages/apktool.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec | 2 +- packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 | 2 +- packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/dex2jar.vm/dex2jar.vm.nuspec | 2 +- packages/dex2jar.vm/tools/chocolateyinstall.ps1 | 2 +- packages/dex2jar.vm/tools/chocolateyuninstall.ps1 | 2 +- scripts/test/lint.py | 2 +- 13 files changed, 13 insertions(+), 16 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/new_metapackage.yml b/.github/ISSUE_TEMPLATE/new_metapackage.yml index 2b4d8cb3b..afe91089b 100644 --- a/.github/ISSUE_TEMPLATE/new_metapackage.yml +++ b/.github/ISSUE_TEMPLATE/new_metapackage.yml @@ -51,7 +51,6 @@ body: description: Which category should this tool be installed to? options: - Active Directory - - Android - Cloud - Command & Control - Credential Access @@ -65,7 +64,7 @@ body: - Hex Editors - Information Gathering - InnoSetup - - Java + - Java/Android - Javascript - Lateral Movement - Networking diff --git a/.github/ISSUE_TEMPLATE/new_package.yml b/.github/ISSUE_TEMPLATE/new_package.yml index 0455fec53..a21eb285f 100644 --- a/.github/ISSUE_TEMPLATE/new_package.yml +++ b/.github/ISSUE_TEMPLATE/new_package.yml @@ -70,7 +70,6 @@ body: description: Which category should this tool be installed to? options: - Active Directory - - Android - Cloud - Command & Control - Credential Access @@ -84,7 +83,7 @@ body: - Hex Editors - Information Gathering - InnoSetup - - Java + - Java/Android - Javascript - Lateral Movement - Networking diff --git a/categories.txt b/categories.txt index b9558d62b..32f96279a 100644 --- a/categories.txt +++ b/categories.txt @@ -1,5 +1,4 @@ Active Directory -Android Cloud Command & Control Credential Access @@ -13,7 +12,7 @@ Forensic Hex Editors Information Gathering InnoSetup -Java +Java/Android Javascript Lateral Movement Networking diff --git a/packages/apktool.vm/apktool.vm.nuspec b/packages/apktool.vm/apktool.vm.nuspec index b6f3a6a89..3e706ae36 100644 --- a/packages/apktool.vm/apktool.vm.nuspec +++ b/packages/apktool.vm/apktool.vm.nuspec @@ -2,7 +2,7 @@ apktool.vm - 2.8.1 + 2.8.1.20231006 Connor Tumbleson, Ryszard Wisniewski A tool for reverse engineering 3rd party, closed, binary Android apps. diff --git a/packages/apktool.vm/tools/chocolateyinstall.ps1 b/packages/apktool.vm/tools/chocolateyinstall.ps1 index 1ebb1745d..f36bc0ac2 100644 --- a/packages/apktool.vm/tools/chocolateyinstall.ps1 +++ b/packages/apktool.vm/tools/chocolateyinstall.ps1 @@ -3,7 +3,7 @@ Import-Module vm.common -Force -DisableNameChecking try { $toolName = 'apktool' - $category = 'Android' + $category = 'Java/Android' $shimPath = 'bin\apktool.exe' $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category diff --git a/packages/apktool.vm/tools/chocolateyuninstall.ps1 b/packages/apktool.vm/tools/chocolateyuninstall.ps1 index 4e92f4503..1d4846a29 100644 --- a/packages/apktool.vm/tools/chocolateyuninstall.ps1 +++ b/packages/apktool.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'apktool' -$category = 'Android' +$category = 'Java/Android' VM-Remove-Tool-Shortcut $toolName $category diff --git a/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec b/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec index bbddbff4f..a905dcbb2 100644 --- a/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec +++ b/packages/bytecodeviewer.vm/bytecodeviewer.vm.nuspec @@ -2,7 +2,7 @@ bytecodeviewer.vm - 2.11.2 + 2.11.2.20231006 Konloch A lightweight user-friendly Java/Android Bytecode Viewer, Decompiler and more. diff --git a/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 b/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 index 0240b4c58..4d55a914c 100644 --- a/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 +++ b/packages/bytecodeviewer.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Bytecode Viewer' -$category = 'Java' +$category = 'Java/Android' $exeUrl = 'https://github.com/Konloch/bytecode-viewer/releases/download/v2.11.2/Bytecode-Viewer-2.11.2.jar' $exeSha256 = '536ad387424106083f76cd0cb7c051a22aff21f08663ba2539c11f1ddef9147f' diff --git a/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 b/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 index 6dc7d3cef..4d2ddca28 100644 --- a/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 +++ b/packages/bytecodeviewer.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'Bytecode Viewer' -$category = 'Java' +$category = 'Java/Android' VM-Uninstall $toolName $category diff --git a/packages/dex2jar.vm/dex2jar.vm.nuspec b/packages/dex2jar.vm/dex2jar.vm.nuspec index ffca58cf9..41b85b7a4 100644 --- a/packages/dex2jar.vm/dex2jar.vm.nuspec +++ b/packages/dex2jar.vm/dex2jar.vm.nuspec @@ -2,7 +2,7 @@ dex2jar.vm - 2.3 + 2.3.0.20231006 @pxb1988 Tools to work with android .dex and java .class files. diff --git a/packages/dex2jar.vm/tools/chocolateyinstall.ps1 b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 index ad3088e8f..b196b342e 100644 --- a/packages/dex2jar.vm/tools/chocolateyinstall.ps1 +++ b/packages/dex2jar.vm/tools/chocolateyinstall.ps1 @@ -2,7 +2,7 @@ $ErrorActionPreference = 'Stop' Import-Module vm.common -Force -DisableNameChecking $toolName = 'd2j-dex2jar' -$category = 'Java' +$category = 'Java/Android' $zipUrl = 'https://github.com/pxb1988/dex2jar/releases/download/v2.3/dex2jar-v2.zip' $zipSha256 = 'd0507b6277193476ae29351905b5fa9b20d1a9a5ce119b46d87e5b188edf859e' diff --git a/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 index 65ad1123b..0624d2fdc 100644 --- a/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 +++ b/packages/dex2jar.vm/tools/chocolateyuninstall.ps1 @@ -2,6 +2,6 @@ $ErrorActionPreference = 'Continue' Import-Module vm.common -Force -DisableNameChecking $toolName = 'd2j-dex2jar' -$category = 'Java' +$category = 'Java/Android' VM-Uninstall $toolName $category diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 2c8e9e94c..4c967aae8 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -337,7 +337,7 @@ def check(self, path): # utf-8-sig ignores BOM file_content = open(path, "r", encoding="utf-8-sig").read() - match = re.search("\$category = ['\"](?P[\w &]+)['\"]", file_content) + match = re.search("\$category = ['\"](?P[\w &/]+)['\"]", file_content) if not match or match.group("category") not in self.CATEGORIES: return True return False From e72d35e5e75a9f3950917d76448325ed884fdfbd Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 11 Oct 2023 16:34:12 +0200 Subject: [PATCH 304/330] installer.vm: set WallpaperStyle using size Use the WallpaperStyle setting `center` (0) if images' width/height ratio is bigger or equal than 16:9 ht and `fit` (6) otherwise. Using the width/height ratio ensure that different images (including the ones used at the moment in Commando VM and FLARE-VM) are displayed nicely. --- packages/installer.vm/tools/chocolateyinstall.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index 4046f535a..79d5e4fc0 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -128,7 +128,9 @@ try { $backgroundImage = "${Env:VM_COMMON_DIR}\background.png" if ((Test-Path $backgroundImage)) { # Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 - New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value 0 -Force | Out-Null + $img = [System.Drawing.Image]::FromFile($backgroundImage); + $wallpaperStyle = if ($img.Width/$img.Height -ge 16/9) { 0 } else { 6 } + New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $wallpaperStyle -Force | Out-Null New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force | Out-Null Add-Type -TypeDefinition @" using System; From 2aac048222d470f8ca231dde7680fb426fd7a5c7 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 11 Oct 2023 17:35:52 +0200 Subject: [PATCH 305/330] installer.vm: Allow to set lock screen image Set the lock screen image if `%VM_COMMON_DIR%\lockscreen.png` is present. --- packages/installer.vm/tools/chocolateyinstall.ps1 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index 79d5e4fc0..c50186981 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -122,8 +122,17 @@ try { Write-Host "`t[-] %LOCALAPPDATA%\Boxstarter\boxstarter.log" -ForegroundColor Yellow } - # Let users know installation is complete by setting background, playing win sound, and display message box - # Set background + # Let users know installation is complete by setting lock screen & wallpaper background, playing win sound, and display message box + + # Set lock screen image + $lockScreenImage = "${Env:VM_COMMON_DIR}\lockscreen.png" + if ((Test-Path $lockScreenImage)) { + New-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Force | Out-Null + New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name LockScreenImagePath -PropertyType String -Value $lockScreenImage -Force | Out-Null + New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name LockScreenImageStatus -PropertyType DWord -Value 1 -Force | Out-Null + } + + # Set wallpaper Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value "0 0 0" -Force | Out-Null $backgroundImage = "${Env:VM_COMMON_DIR}\background.png" if ((Test-Path $backgroundImage)) { From 237ef1701606b8add203c9a479fce24d49ef883b Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 12 Oct 2023 17:34:08 +0000 Subject: [PATCH 306/330] Update apktool.vm to 2.9.0 --- packages/apktool.vm/apktool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/apktool.vm/apktool.vm.nuspec b/packages/apktool.vm/apktool.vm.nuspec index 3e706ae36..3117fba52 100644 --- a/packages/apktool.vm/apktool.vm.nuspec +++ b/packages/apktool.vm/apktool.vm.nuspec @@ -2,12 +2,12 @@ apktool.vm - 2.8.1.20231006 + 2.9.0 Connor Tumbleson, Ryszard Wisniewski A tool for reverse engineering 3rd party, closed, binary Android apps. - + From 9270eaad543c33ca570c46ee1bf560254daa5369 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 12 Oct 2023 17:34:27 +0000 Subject: [PATCH 307/330] Update azurehound.vm to v2.1.3 --- packages/azurehound.vm/azurehound.vm.nuspec | 2 +- packages/azurehound.vm/tools/chocolateyinstall.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/azurehound.vm/azurehound.vm.nuspec b/packages/azurehound.vm/azurehound.vm.nuspec index 582b7db71..ae56cc2ea 100644 --- a/packages/azurehound.vm/azurehound.vm.nuspec +++ b/packages/azurehound.vm/azurehound.vm.nuspec @@ -2,7 +2,7 @@ azurehound.vm - 2.1.0 + 2.1.3 BloodHoundAD AzureHound is the BloodHound data collector for Microsoft Azure. diff --git a/packages/azurehound.vm/tools/chocolateyinstall.ps1 b/packages/azurehound.vm/tools/chocolateyinstall.ps1 index 75ba7f671..d5125c118 100644 --- a/packages/azurehound.vm/tools/chocolateyinstall.ps1 +++ b/packages/azurehound.vm/tools/chocolateyinstall.ps1 @@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking $toolName = 'AzureHound' $category = 'Reconnaissance' -$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.1.0/azurehound-windows-amd64.zip' -$zipSha256 = '12d89b6ae1865fdce3094899d9aae854c985d125e04f414d3a8cd2b083c34424' +$zipUrl = 'https://github.com/BloodHoundAD/AzureHound/releases/download/v2.1.3/azurehound-windows-amd64.zip' +$zipSha256 = '5cc2668971e79f20065f0e9ebbff2962a35d99e081da9b8cfd75041ec26e6624' VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 From 87ec05130ab58a5b8ff2d71ae887a44ef841bb02 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 12 Oct 2023 20:01:58 +0000 Subject: [PATCH 308/330] Update pkg-unpacker.vm to 1.0.0.20231012 --- packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec index b39ac1d5c..334734218 100644 --- a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec +++ b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec @@ -2,12 +2,12 @@ pkg-unpacker.vm - 1.0.0 + 1.0.0.20231012 LockBlock-dev Unpacker for pkg applications. - + From e6f67b34aa7a88813a5e9622474dbda2ebb0ef5f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 12 Oct 2023 20:04:07 +0000 Subject: [PATCH 309/330] Update wireshark.vm to 4.0.10 --- packages/wireshark.vm/wireshark.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wireshark.vm/wireshark.vm.nuspec b/packages/wireshark.vm/wireshark.vm.nuspec index 009c3fc46..9e96078da 100644 --- a/packages/wireshark.vm/wireshark.vm.nuspec +++ b/packages/wireshark.vm/wireshark.vm.nuspec @@ -2,13 +2,13 @@ wireshark.vm - 4.0.8 + 4.0.10 Wireshark lets you capture and interactively browse the traffic running on a computer network. Gerald Combs, Wireshark team - + From 256427270f5e3b02e45251fc168c0f251460ba6e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 17 Oct 2023 10:24:33 +0200 Subject: [PATCH 310/330] installer.vm: fix bug by adding System.Drawing I forgot to add the classes from the System.Drawing .NET assembly in the following PR: https://github.com/mandiant/VM-Packages/pull/683 This caused the installer.vm package installation to fail. Fixes https://github.com/mandiant/VM-Packages/issues/693 --- packages/installer.vm/installer.vm.nuspec | 2 +- packages/installer.vm/tools/chocolateyinstall.ps1 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec index 432280158..b64dcf738 100644 --- a/packages/installer.vm/installer.vm.nuspec +++ b/packages/installer.vm/installer.vm.nuspec @@ -2,7 +2,7 @@ installer.vm - 0.0.0.20231009 + 0.0.0.20231016 Mandiant Generic installer for custom virtual machines. diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index c50186981..e2050291a 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -136,7 +136,8 @@ try { Set-ItemProperty 'HKCU:\Control Panel\Colors' -Name Background -Value "0 0 0" -Force | Out-Null $backgroundImage = "${Env:VM_COMMON_DIR}\background.png" if ((Test-Path $backgroundImage)) { - # Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 + # WallpaperStyle - Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 + Add-Type -AssemblyName System.Drawing $img = [System.Drawing.Image]::FromFile($backgroundImage); $wallpaperStyle = if ($img.Width/$img.Height -ge 16/9) { 0 } else { 6 } New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $wallpaperStyle -Force | Out-Null From 5d7850118be059e1eaf49ff0e1322c29d367c982 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 13 Oct 2023 11:31:45 +0200 Subject: [PATCH 311/330] installer.vm: do not require an icon FLARE-VM does not use an icon for the tools folder at the moment. Do not render error if the icon file does not exist. --- packages/installer.vm/installer.vm.nuspec | 2 +- packages/installer.vm/tools/chocolateyinstall.ps1 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec index b64dcf738..bd0f7aae5 100644 --- a/packages/installer.vm/installer.vm.nuspec +++ b/packages/installer.vm/installer.vm.nuspec @@ -2,7 +2,7 @@ installer.vm - 0.0.0.20231016 + 0.0.0.20231017 Mandiant Generic installer for custom virtual machines. diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index e2050291a..188a78978 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -175,7 +175,8 @@ public class VMBackground $form.Text = "$Env:VMname Installation Complete" $form.TopMost = $true $form.StartPosition = [System.Windows.Forms.FormStartPosition]::CenterScreen - if ($iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" -Resolve){ + $iconPath = Join-Path $Env:VM_COMMON_DIR "vm.ico" + if (Test-Path $iconPath) { $form.Icon = New-Object System.Drawing.Icon($iconPath) } # Create a FlowLayoutPanel From e692dca90d60ff631b597b7ab829d8ea6e66ca33 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 13 Oct 2023 11:52:31 +0200 Subject: [PATCH 312/330] installer.vm: Make clear if installation fails The log message was in my opinion a bit confusing when a package fails to install. --- packages/installer.vm/tools/chocolateyinstall.ps1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index 188a78978..f29738655 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -21,12 +21,16 @@ try { foreach ($package in $packagesToInstall) { VM-Write-Log "INFO" "Installing: $package" choco install "$package" -y - VM-Write-Log "INFO" "$package has been installed" + if ($LASTEXITCODE) { + VM-Write-Log "INFO" "`t$package has been installed" + } else { + VM-Write-Log "ERROR" "`t$package has not been installed" + } } } catch { VM-Write-Log-Exception $_ } - VM-Write-Log "INFO" "[+] All packages complete" + VM-Write-Log "INFO" "[+] Packages installation complete" # Set Profile/Version specific configurations VM-Write-Log "INFO" "[+] Beginning Windows OS VM profile configuration changes" From 96581d4843fb2c037f988da33d77efb25a323ee1 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 13 Oct 2023 12:07:17 +0200 Subject: [PATCH 313/330] VM-Write-Log: Do not use prefixes Do not use prefixes in the messages passed to `VM-Write-Log` as the output looks very weird. Example: **Before** ``` 2023/10/13 11:34:29 [installer.vm] chocolateyinstall.ps1 [+] INFO : Installing: ana.vm 2023/10/13 11:34:32 [installer.vm] chocolateyinstall.ps1 [+] INFO : ana.vm has been installed 2023/10/13 11:34:32 [installer.vm] chocolateyinstall.ps1 [+] INFO : [+] All packages complete 2023/10/13 11:34:32 [installer.vm] chocolateyinstall.ps1 [+] INFO : [+] Beginning Windows OS VM profile configuration changes 2023/10/13 11:34:32 [installer.vm] vm.common.psm1 [+] INFO : [+] Registry key created: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState 2023/10/13 11:34:33 [installer.vm] vm.common.psm1 [+] INFO : [+] Show full directory path in Explorer title bar has been successful ``` **After** ``` 2023/10/13 14:15:44 [installer.vm] chocolateyinstall.ps1 [+] INFO : Installing: ana.vm 2023/10/13 14:15:48 [installer.vm] chocolateyinstall.ps1 [+] ERROR : ana.vm has not been installed 2023/10/13 14:15:48 [installer.vm] chocolateyinstall.ps1 [+] INFO : Installing: hashmyfiles.vm 2023/10/13 14:16:04 [installer.vm] chocolateyinstall.ps1 [+] ERROR : hashmyfiles.vm has not been installed 2023/10/13 14:16:04 [installer.vm] chocolateyinstall.ps1 [+] INFO : Packages installation complete 2023/10/13 14:16:04 [installer.vm] chocolateyinstall.ps1 [+] INFO : Beginning Windows OS VM profile configuration changes 2023/10/13 14:16:04 [installer.vm] vm.common.psm1 [+] WARN : [+] Registry key already exists: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState 2023/10/13 14:16:04 [installer.vm] vm.common.psm1 [+] INFO : [+] Show full directory path in Explorer title bar has been successful ``` --- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 40 +++++++++---------- .../installer.vm/tools/chocolateyinstall.ps1 | 4 +- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index b47c7b0aa..6347ace25 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230926 + 0.0.0.20231013 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 704463d9c..03ea0a456 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -157,7 +157,7 @@ function VM-Check-Reboot { ) try { if (Test-PendingReboot){ - VM-Write-Log "ERROR" "[Err] Host must be rebooted before continuing install of $package.`n" + VM-Write-Log "ERROR" "Host must be rebooted before continuing install of $package.`n" Invoke-Reboot exit 1 } @@ -681,7 +681,7 @@ function VM-Write-Log-Exception { ) $msg = $error_record.Exception.Message $position_msg = $error_record.InvocationInfo.PositionMessage - VM-Write-Log "ERROR" "[ERR] $msg`r`n$position_msg" + VM-Write-Log "ERROR" "$msg`r`n$position_msg" throw $error_record } @@ -919,23 +919,23 @@ function VM-Remove-Appx-Package { VM-Write-Log-Exception $_ } } else { - VM-Write-Log "WARN" "[+] Installed $appName not found on the system." + VM-Write-Log "WARN" "`tInstalled $appName not found on the system." } # Check if the app is provisioned $provisionedPackage = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $appName } -ErrorAction SilentlyContinue if ($provisionedPackage) { try { Remove-AppxProvisionedPackage -PackageName $provisionedPackage.PackageName -Online -ErrorAction SilentlyContinue - VM-Write-Log "INFO" $("Provisioned package " + $provisionedPackage.PackageName + " removed") + VM-Write-Log "INFO" $("`tProvisioned package " + $provisionedPackage.PackageName + " removed") } catch { VM-Write-Log-Exception $_ } } else { - VM-Write-Log "WARN" "[+] Provisioned $appName not found on the system." + VM-Write-Log "WARN" "`tProvisioned $appName not found on the system." } } catch { - VM-Write-Log "ERROR" "An error occurred while removing the $appName package. Error: $_" + VM-Write-Log "ERROR" "`tAn error occurred while removing the $appName package. Error: $_" } } @@ -952,9 +952,9 @@ function VM-Set-Service-Manual-Start { if ($service) { Set-Service -Name $service.Name -StartupType Manual - VM-Write-Log "INFO" "[+] Service $serviceName has been disabled." + VM-Write-Log "INFO" "Service $serviceName has been disabled." } else { - VM-Write-Log "WARN" "[+] Service $serviceName not found." + VM-Write-Log "WARN" "Service $serviceName not found." } } catch { VM-Write-Log "ERROR" "An error occurred while setting the service startup type. Error: $_" @@ -976,9 +976,9 @@ function VM-Disable-Scheduled-Task { try { $output = Disable-ScheduledTask -TaskName $value -ErrorAction SilentlyContinue if ($output){ - VM-Write-Log "INFO" "[+] Scheduled task '$name' has been disabled." + VM-Write-Log "INFO" "Scheduled task '$name' has been disabled." } else { - VM-Write-Log "ERROR" "[+] Scheduled task '$name' not found." + VM-Write-Log "ERROR" "Scheduled task '$name' not found." } } catch { @@ -1024,13 +1024,13 @@ function VM-Update-Registry-Value { if (!(Test-Path -Path $path)) { # Create the registry key New-Item -Path $path -Force | Out-Null - VM-Write-Log "INFO" "`t[+] Registry key created: $path" + VM-Write-Log "INFO" "Registry key created: $path" } else { - VM-Write-Log "WARN" "`t[+] Registry key already exists: $path" + VM-Write-Log "WARN" "Registry key already exists: $path" } Set-ItemProperty -Path $path -Name $value -Value $validatedData -Type $type -Force | Out-Null - VM-Write-Log "INFO" "[+] $name has been successful" + VM-Write-Log "INFO" "$name has been successful" } catch { VM-Write-Log "ERROR" "Failed to update the registry value. Error: $_" } @@ -1056,16 +1056,16 @@ function VM-Remove-Path { if ($type -eq "file") { if (Test-Path -Path $path -PathType Leaf) { Remove-Item -Path $path -Force - VM-Write-Log "INFO" "[+] $name has been successfully removed." + VM-Write-Log "INFO" "$name has been successfully removed." } else { - VM-Write-Log "WARN" "[+] $path does not exist." + VM-Write-Log "WARN" "$path does not exist." } } elseif ($type -eq "dir") { if (Test-Path -Path $path -PathType Container) { Remove-Item -Path $path -Recurse -Force - VM-Write-Log "INFO" "[+] $name has been successfully removed." + VM-Write-Log "INFO" "$name has been successfully removed." } else { - VM-Write-Log "WARN" "[+] $path does not exist." + VM-Write-Log "WARN" "$path does not exist." } } } catch { @@ -1090,9 +1090,9 @@ function VM-Execute-Custom-Command{ foreach ($cmd in $cmds) { Start-Process powershell -ArgumentList "-WindowStyle","Hidden","-Command",$cmd -Wait } - VM-Write-Log "INFO" "[+] All commands for '$name' have been executed successfully." + VM-Write-Log "INFO" "`tAll commands for '$name' have been executed successfully." } catch { - VM-Write-Log "ERROR" "An error occurred while executing commands for '$name'. Error: $_" + VM-Write-Log "ERROR" "`tAn error occurred while executing commands for '$name'. Error: $_" } } @@ -1284,4 +1284,4 @@ public class Shell { } catch { VM-Write-Log-Exception $_ } -} \ No newline at end of file +} diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index f29738655..c3e9c5332 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -30,10 +30,10 @@ try { } catch { VM-Write-Log-Exception $_ } - VM-Write-Log "INFO" "[+] Packages installation complete" + VM-Write-Log "INFO" "Packages installation complete" # Set Profile/Version specific configurations - VM-Write-Log "INFO" "[+] Beginning Windows OS VM profile configuration changes" + VM-Write-Log "INFO" "Beginning Windows OS VM profile configuration changes" $configPath = Join-Path $Env:VM_COMMON_DIR "config.xml" -Resolve VM-Apply-Configurations $configPath From 745ce735fdfab7aacdd17ed2d84f4e2b16a8b668 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 13 Oct 2023 14:59:38 +0200 Subject: [PATCH 314/330] installer.vm: Open error log Open error log after installation is completed. --- packages/installer.vm/tools/chocolateyinstall.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index c3e9c5332..9ea283156 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -124,6 +124,8 @@ try { Write-Host "`t[-] $logPath" -ForegroundColor Yellow Write-Host "`t[-] %PROGRAMDATA%\chocolatey\logs\chocolatey.log" -ForegroundColor Yellow Write-Host "`t[-] %LOCALAPPDATA%\Boxstarter\boxstarter.log" -ForegroundColor Yellow + Start-Sleep 5 + & notepad.exe $logPath } # Let users know installation is complete by setting lock screen & wallpaper background, playing win sound, and display message box From fa71a049cae2cf65644b02891fc27e25ed7ba486 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 18 Oct 2023 11:39:37 +0200 Subject: [PATCH 315/330] common.vm: Fix typo in log message --- packages/common.vm/tools/vm.common/vm.common.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index 03ea0a456..fe5dcba43 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -157,7 +157,7 @@ function VM-Check-Reboot { ) try { if (Test-PendingReboot){ - VM-Write-Log "ERROR" "Host must be rebooted before continuing install of $package.`n" + VM-Write-Log "ERROR" "Host must be rebooted before continuing installation of $package.`n" Invoke-Reboot exit 1 } From 17584afa1ca165e4f0473f253e264e3f940f8b62 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Wed, 18 Oct 2023 17:52:53 +0200 Subject: [PATCH 316/330] installer.vm: Fix bug with background This condition should be flipped as we want to use the `fit` style for wide images. --- packages/installer.vm/installer.vm.nuspec | 2 +- packages/installer.vm/tools/chocolateyinstall.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/installer.vm/installer.vm.nuspec b/packages/installer.vm/installer.vm.nuspec index bd0f7aae5..0df338642 100644 --- a/packages/installer.vm/installer.vm.nuspec +++ b/packages/installer.vm/installer.vm.nuspec @@ -2,7 +2,7 @@ installer.vm - 0.0.0.20231017 + 0.0.0.20231018 Mandiant Generic installer for custom virtual machines. diff --git a/packages/installer.vm/tools/chocolateyinstall.ps1 b/packages/installer.vm/tools/chocolateyinstall.ps1 index 9ea283156..cd8687720 100644 --- a/packages/installer.vm/tools/chocolateyinstall.ps1 +++ b/packages/installer.vm/tools/chocolateyinstall.ps1 @@ -145,7 +145,7 @@ try { # WallpaperStyle - Center: 0, Stretch: 2, Fit:6, Fill: 10, Span: 22 Add-Type -AssemblyName System.Drawing $img = [System.Drawing.Image]::FromFile($backgroundImage); - $wallpaperStyle = if ($img.Width/$img.Height -ge 16/9) { 0 } else { 6 } + $wallpaperStyle = if ($img.Width/$img.Height -ge 16/9) { 6 } else { 0 } New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $wallpaperStyle -Force | Out-Null New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force | Out-Null Add-Type -TypeDefinition @" From 11da72179f2da24fc258b5717df31183a8ea1d7f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 18 Oct 2023 22:11:47 +0000 Subject: [PATCH 317/330] Update exiftool.vm to 12.68.0 --- packages/exiftool.vm/exiftool.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec index 4909f4ca9..03e7f9bff 100644 --- a/packages/exiftool.vm/exiftool.vm.nuspec +++ b/packages/exiftool.vm/exiftool.vm.nuspec @@ -2,12 +2,12 @@ exiftool.vm - 12.67.0 + 12.68.0 Phil Harvey A tool for reeding and writing file metadata - + From fcdddc6de397a4b44ad081e3dcf046d191164c97 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 18 Oct 2023 23:47:27 +0000 Subject: [PATCH 318/330] Update notepadplusplus.vm to 8.5.8 --- packages/notepadplusplus.vm/notepadplusplus.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec index 94bce3643..0316f2b6d 100644 --- a/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec +++ b/packages/notepadplusplus.vm/notepadplusplus.vm.nuspec @@ -2,12 +2,12 @@ notepadplusplus.vm - 8.5.7 + 8.5.8 Wrapper for Notepad++ Don Ho - + From a24ad659100df77c96eca1fb8203a831c351e73d Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 19 Oct 2023 00:38:03 +0000 Subject: [PATCH 319/330] Update pkg-unpacker.vm to 1.0.0.20231019 --- packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec index 334734218..b1d08698a 100644 --- a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec +++ b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec @@ -2,12 +2,12 @@ pkg-unpacker.vm - 1.0.0.20231012 + 1.0.0.20231019 LockBlock-dev Unpacker for pkg applications. - + From b6184c078f1c8576c38ccd4e7684b83ef8139126 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Thu, 19 Oct 2023 00:43:42 +0000 Subject: [PATCH 320/330] Update vcbuildtools.vm to 0.0.0.20231019 --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index d2e67af7e..063d9239a 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20231005 + 0.0.0.20231019 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From 53768c89002117fc2d937d7bca5e1f210c6d3a0a Mon Sep 17 00:00:00 2001 From: d35ha Date: Wed, 18 Oct 2023 11:39:37 +0200 Subject: [PATCH 321/330] Add ImHex.vm --- packages/imhex.vm/imhex.vm.nuspec | 13 +++++++++++++ packages/imhex.vm/tools/chocolateyinstall.ps1 | 17 +++++++++++++++++ packages/imhex.vm/tools/chocolateyuninstall.ps1 | 8 ++++++++ 3 files changed, 38 insertions(+) create mode 100644 packages/imhex.vm/imhex.vm.nuspec create mode 100644 packages/imhex.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/imhex.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/imhex.vm/imhex.vm.nuspec b/packages/imhex.vm/imhex.vm.nuspec new file mode 100644 index 000000000..8283426ae --- /dev/null +++ b/packages/imhex.vm/imhex.vm.nuspec @@ -0,0 +1,13 @@ + + + + imhex.vm + 1.31.0 + WerWolv + A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. + + + + + + \ No newline at end of file diff --git a/packages/imhex.vm/tools/chocolateyinstall.ps1 b/packages/imhex.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..765f1abca --- /dev/null +++ b/packages/imhex.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,17 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'ImHex' + $category = 'Hex Editors' + + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + $executablePath = Join-Path ${Env:ChocolateyInstall} "bin\imhex.exe" -Resolve + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath + VM-Assert-Path $shortcut + + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "$executablePath" +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/imhex.vm/tools/chocolateyuninstall.ps1 b/packages/imhex.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..499e5cf17 --- /dev/null +++ b/packages/imhex.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'ImHex' +$category = 'Hex Editors' + +VM-Remove-Tool-Shortcut $toolName $category +VM-Remove-From-Right-Click-Menu $toolName \ No newline at end of file From f870ea8dba1a6c2fa5f5307088ef6c0471d98834 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 20 Oct 2023 07:35:09 +0200 Subject: [PATCH 322/330] Add nodejs.vm Add nodejs.vm, a metapackage that install that installs Node.js. This package is to be requested by all packages needing nodejs to ensure they all install the same version. --- packages/malware-jail.vm/malware-jail.vm.nuspec | 4 ++-- packages/nodejs.vm/nodejs.vm.nuspec | 13 +++++++++++++ packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec | 4 ++-- 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 packages/nodejs.vm/nodejs.vm.nuspec diff --git a/packages/malware-jail.vm/malware-jail.vm.nuspec b/packages/malware-jail.vm/malware-jail.vm.nuspec index bd98e4c9b..6ad350f94 100644 --- a/packages/malware-jail.vm/malware-jail.vm.nuspec +++ b/packages/malware-jail.vm/malware-jail.vm.nuspec @@ -2,12 +2,12 @@ malware-jail.vm - 0.0.0.20230616 + 0.0.0.20231020 Hynek Petrak Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. - + diff --git a/packages/nodejs.vm/nodejs.vm.nuspec b/packages/nodejs.vm/nodejs.vm.nuspec new file mode 100644 index 000000000..a600c1532 --- /dev/null +++ b/packages/nodejs.vm/nodejs.vm.nuspec @@ -0,0 +1,13 @@ + + + + nodejs.vm + 0.0.0.20231020 + Node.js Foundation + Metapackage for Node.js to ensure all packages use the same Node.js version. + + + + + + diff --git a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec index b1d08698a..294c53bd1 100644 --- a/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec +++ b/packages/pkg-unpacker.vm/pkg-unpacker.vm.nuspec @@ -2,12 +2,12 @@ pkg-unpacker.vm - 1.0.0.20231019 + 1.0.0.20231020 LockBlock-dev Unpacker for pkg applications. - + From 4fb6c5582f45d618741e79525457f47ea269a647 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 20 Oct 2023 07:54:11 +0200 Subject: [PATCH 323/330] vcbuildtools.vm: Stop updating dependency Stop updating visualstudio2017buildtools automatically. This dependency gets updated often and it is tricky to test the update. Use date range to avoid the bot tries to update it. --- packages/vcbuildtools.vm/vcbuildtools.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec index 063d9239a..7e2ac8a46 100644 --- a/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec +++ b/packages/vcbuildtools.vm/vcbuildtools.vm.nuspec @@ -2,7 +2,7 @@ vcbuildtools.vm - 0.0.0.20231019 + 0.0.0.20231020 Metapackage that requires the dependencies below: - visualstudio2017buildtools - visualstudio2017-workload-vctools @@ -10,7 +10,7 @@ Mandiant, Microsoft - + From 93e9d16e20a031fad32ebd1a34e2a88233c2cc5e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Thu, 19 Oct 2023 16:20:30 +0200 Subject: [PATCH 324/330] Add python3.vm Add python3.vm, a metapackage that installs python3 and re-adds chocolate shim path to the top of the path. This package is to be requested by all packages needing python3 to ensure they all install the same version and that the paths is being updated. --- .../didier-stevens-suite.vm.nuspec | 6 +++--- .../libraries.python3.vm.nuspec | 6 +++--- .../tools/chocolateyinstall.ps1 | 6 +++--- packages/python3.vm/python3.vm.nuspec | 13 +++++++++++++ packages/python3.vm/tools/chocolateyinstall.ps1 | 11 +++++++++++ scripts/test/lint.py | 1 + scripts/test/test_install.ps1 | 2 +- 7 files changed, 35 insertions(+), 10 deletions(-) create mode 100644 packages/python3.vm/python3.vm.nuspec create mode 100644 packages/python3.vm/tools/chocolateyinstall.ps1 diff --git a/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec index 321b5c52d..583920a18 100644 --- a/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec +++ b/packages/didier-stevens-suite.vm/didier-stevens-suite.vm.nuspec @@ -2,12 +2,12 @@ didier-stevens-suite.vm - 0.0.0.20230928 + 0.0.0.20231019 Didier Stevens - Tools colection by Didier Stevens + Tools collection by Didier Stevens - + diff --git a/packages/libraries.python3.vm/libraries.python3.vm.nuspec b/packages/libraries.python3.vm/libraries.python3.vm.nuspec index f04894963..52412356d 100644 --- a/packages/libraries.python3.vm/libraries.python3.vm.nuspec +++ b/packages/libraries.python3.vm/libraries.python3.vm.nuspec @@ -2,13 +2,13 @@ libraries.python3.vm - 0.0.0.20230927 - Metapackage to install common Python 3.9 libraries + 0.0.0.20231019 + Metapackage to install common Python libraries Several, check in pypi.org for every of the libraries - + diff --git a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 index aaf7c9960..573d733dd 100644 --- a/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 +++ b/packages/libraries.python3.vm/tools/chocolateyinstall.ps1 @@ -16,12 +16,12 @@ try { $modules = $modulesXml.modules.module foreach ($module in $modules) { Write-Host "[+] Attempting to install Python3 module: $($module.name)" - $intallValue = $module.name + $installValue = $module.name if ($module.url) { - $intallValue = $module.url + $installValue = $module.url } - Invoke-Expression "py -3.10 -m pip install $intallValue 2>&1 >> $outputFile" + Invoke-Expression "py -3.10 -m pip install $installValue 2>&1 >> $outputFile" if ($LastExitCode -eq 0) { Write-Host "`t[+] Installed Python 3.10 module: $($module.name)" -ForegroundColor Green diff --git a/packages/python3.vm/python3.vm.nuspec b/packages/python3.vm/python3.vm.nuspec new file mode 100644 index 000000000..3dc670e67 --- /dev/null +++ b/packages/python3.vm/python3.vm.nuspec @@ -0,0 +1,13 @@ + + + + python3.vm + 0.0.0.20231019 + Metapackage for Python 3 to ensure all packages use the same Python version. + Mandiant + + + + + + diff --git a/packages/python3.vm/tools/chocolateyinstall.ps1 b/packages/python3.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..44a926c40 --- /dev/null +++ b/packages/python3.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,11 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + # Re-add shim path to the top of the path to ensure it is found before Python libraries + $shimPath = Join-Path $Env:ChocolateyInstall "bin" -Resolve + [Environment]::SetEnvironmentVariable("Path", "$shimPath;$Env:Path", "Machine") +} catch { + VM-Write-Log-Exception $_ +} + diff --git a/scripts/test/lint.py b/scripts/test/lint.py index e55713bef..82c2286c8 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -318,6 +318,7 @@ class UsesInvalidCategory(Lint): "notepadplusplus.vm", "notepadpp.plugin.", "npcap.vm", + "python3.vm", "x64dbgpy.vm", ] diff --git a/scripts/test/test_install.ps1 b/scripts/test/test_install.ps1 index d3f92cd38..5d60189ef 100644 --- a/scripts/test/test_install.ps1 +++ b/scripts/test/test_install.ps1 @@ -39,7 +39,7 @@ foreach ($package in $packages) { } -$exclude_tests = @("flarevm.installer.vm", "python3.vm", "installer.vm") +$exclude_tests = @("flarevm.installer.vm", "installer.vm") $failures = New-Object Collections.Generic.List[string] $failed = 0 From 001b58c621c1b107f9fa6b2103bf120cf50113c8 Mon Sep 17 00:00:00 2001 From: vm-packages Date: Fri, 20 Oct 2023 09:02:04 +0000 Subject: [PATCH 325/330] Update sysinternals.vm to 2023.10.18 --- packages/sysinternals.vm/sysinternals.vm.nuspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/sysinternals.vm/sysinternals.vm.nuspec b/packages/sysinternals.vm/sysinternals.vm.nuspec index f0046c11d..544836971 100644 --- a/packages/sysinternals.vm/sysinternals.vm.nuspec +++ b/packages/sysinternals.vm/sysinternals.vm.nuspec @@ -2,12 +2,12 @@ sysinternals.vm - 2023.9.29 + 2023.10.18 Mark Russinovich, Bryce Cogswell Sysinternals suite of troubleshooting tools. - + \ No newline at end of file From cba13ade107598f6ca3d852d31bbe5731a93be3c Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 20 Oct 2023 16:18:44 +0200 Subject: [PATCH 326/330] Improve issue templates To keep them in sync with flare-vm templates and to encourage users to select the correct issue type and provide all the needed information. See https://github.com/mandiant/flare-vm/pull/503 --- .github/ISSUE_TEMPLATE/bug.yml | 33 ++++++++++++++++++++++-------- .github/ISSUE_TEMPLATE/config.yml | 1 + .github/ISSUE_TEMPLATE/feature.yml | 17 +++++++++++++++ 3 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature.yml diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml index 93e83e244..dca6139ab 100644 --- a/.github/ISSUE_TEMPLATE/bug.yml +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -28,16 +28,33 @@ body: attributes: label: Environment description: | - Include details about your environment such as: - **Run `VM-Get-Host-Info` and paste the output (assuming you have installed the `vm.common` package).** - - host OS and virtualization software - - VM OS version and service pack - - VM OS ram and HDD space / usage - - VM PowerShell version - - VM Chocolatey version - - VM Boxstarter version + Include the following details about your environment: + - **Virtualization software**: VMWare, VirtualBox, etc. + - **VM OS version**: run `(Get-CimInstance Win32_OperatingSystem).version` in Powershell + - **VM PowerShell version**: run `$PSVersionTable.PSVersion.ToString()` in Powershell + - **VM Chocolatey version**: run `choco --version` + - **VM Boxstarter version**: run `choco info -l -r "boxstarter"` + - **Output of `VM-Get-Host-Info`** that will be available if the `vm.common` package has been install: run `VM-Get-Host-Info` in PowerShell with admin rights + placeholder: | + - Virtualization software: + - VM OS version: + - VM PowerShell version: + - VM Chocolatey version: + - VM Boxstarter version: + - Output of `VM-Get-Host-Info`: + validations: required: true + - type: textarea + id: extra-info + attributes: + label: Additional Information + description: | + Any additional information, configuration or data that might be necessary to understand and reproduce the issue. For example: + - Console output + - The log files `C:\ProgramData\_VM\log.txt` and `C:\ProgramData\chocolatey\logs\chocolatey.log` + + Text logs are preferred over screenshots. - type: dropdown id: ci attributes: diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3ba13e0ce --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/feature.yml b/.github/ISSUE_TEMPLATE/feature.yml new file mode 100644 index 000000000..548fec0e4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature.yml @@ -0,0 +1,17 @@ +name: 💡 Feature proposal +description: Propose a new feature or improvement. +body: + - type: markdown + attributes: + value: | + Thanks for helping improving VM-Packages. Before submitting your issue: + - **If you want to propose a new tool/package, use the [NEW PACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_package.yml&title=Package+proposal%3A+%3Cpackage_name%3E.vm) or [NEW METAPACKAGE](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Anew%3A+package&template=new_metapackage.yml&title=Metapackage+proposal%3A+%3Cpackage_name%3E.vm) template instead and provide all the information requested there.** This help us tracking proposals and speeds up the package creation process. + - If you want to report a bug, use the [bug issue type](https://github.com/mandiant/VM-Packages/issues/new?labels=%3Abug%3A+bug&template=bug.yml) instead and provide all the information requested there. Otherwise we won't be able to help. + - Check the [open issues](https://github.com/mandiant/VM-Packages/issues) and ensure there is not already a similar issue. If there is already a similar issue, please add more details there instead of opening a new one. + - type: textarea + id: problem + attributes: + label: Details + description: The more details, the better! + validations: + required: true From 8d1485a41a6d84c01be2ad3aa60a83801ee86905 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Fri, 20 Oct 2023 16:43:35 +0200 Subject: [PATCH 327/330] Improve README Several minor improvements in README. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a9e77d972..7a24f22f7 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ This repository contains the source code for packages supporting the following analysis environment projects: * [FLARE VM](https://github.com/mandiant/flare-vm) * [CommandoVM](https://github.com/mandiant/commando-vm) -* [ThreatPursuit VM](https://github.com/mandiant/ThreatPursuit-VM) > Packages do not contain actual software distributions. Packages are PowerShell scripts that only contain instructions for obtaining and configuring tools. See [Chocolatey legal information](https://docs.chocolatey.org/en-us/information/legal) for more details. @@ -17,7 +16,8 @@ The packages stored in this repository are automatically built and pushed to a p The installation of packages relies on [Chocolatey](https://chocolatey.org/). # Contributing -To report problems or to suggest new tools please open a new [Issue](https://github.com/mandiant/VM-Packages/issues). +To propose new tools, to report problems, and to suggest improvements please open a new [issue](https://github.com/mandiant/VM-Packages/issues). +Ensure you select the correct issue type and provide all the requested information. Please see the [Wiki](https://github.com/mandiant/VM-Packages/wiki) for documentation on how to create a package using our established best practices. @@ -25,4 +25,4 @@ Please see the [Wiki](https://github.com/mandiant/VM-Packages/wiki) for document Open sourcing the installation packages allows the community to not only suggest new tools, improvements, and report bugs, but to help implement them. It's now very transparent how and what gets installed. Moreover, we can use GitHub Actions (free for open-source repositories) for testing and automations. This reduces manual maintenance and simplifies contributions. ## Automation -Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors. Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past. +Once a package is submitted, our pull request automations test the package to see if it builds and installs correctly. Additionally, we use GitHub Actions to build and test each package on a daily basis to check for any errors (see [Daily Failures Wiki page](https://github.com/mandiant/VM-Packages/wiki/Daily-Failures)). Simply being aware of broken packages should quickly solve a lot of problems VM users faced in the past. From d23aa00edf5d36d8622c61ec48fa9100ee2b343f Mon Sep 17 00:00:00 2001 From: vm-packages Date: Wed, 24 May 2023 09:55:39 +0000 Subject: [PATCH 328/330] Add psnotify.vm package --- packages/psnotify.vm/psnotify.vm.nuspec | 12 +++++ .../psnotify.vm/tools/chocolateyinstall.ps1 | 47 +++++++++++++++++++ .../psnotify.vm/tools/chocolateyuninstall.ps1 | 15 ++++++ 3 files changed, 74 insertions(+) create mode 100644 packages/psnotify.vm/psnotify.vm.nuspec create mode 100644 packages/psnotify.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/psnotify.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/psnotify.vm/psnotify.vm.nuspec b/packages/psnotify.vm/psnotify.vm.nuspec new file mode 100644 index 000000000..ec71a8d65 --- /dev/null +++ b/packages/psnotify.vm/psnotify.vm.nuspec @@ -0,0 +1,12 @@ + + + + psnotify.vm + 0.2.4 + alphillips-lab + A POC tool to fight .NET anti-dumping tricks. + + + + + diff --git a/packages/psnotify.vm/tools/chocolateyinstall.ps1 b/packages/psnotify.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..bee0952a5 --- /dev/null +++ b/packages/psnotify.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,47 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $toolName = 'psnotify' + $category = 'dotNet' + + $zipUrl = 'https://github.com/WithSecureLabs/GarbageMan/releases/download/v0.2.4/psnotify.zip' + $zipSha256 = '255633da6e61bf30a67bce995ef72b7f9d8c85c75c8c5ee0aedb48709f7e6454' + + $unzipLocation = 'C:\' # psnotify has a requirement of being located in 'C:\psnotify' + $toolDir = Join-Path $unzipLocation $toolName + try { + $toolDir = Join-Path $unzipLocation $toolName + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + + # Remove files from previous zips for upgrade + VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $unzipLocation + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + url64bit = $zipUrl_64 + checksum64 = $zipSha256_64 + } + Install-ChocolateyZipPackage @packageArgs + VM-Assert-Path $toolDir + $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + + $executableDir = $toolDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -WorkingDirectory $executableDir + VM-Assert-Path $shortcut + + Install-BinFile -Name $toolName -Path $executablePath + return $executablePath + } catch { + VM-Write-Log-Exception $_ + } + VM-Assert-Path $toolDir +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/psnotify.vm/tools/chocolateyuninstall.ps1 b/packages/psnotify.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..4f2abdd1d --- /dev/null +++ b/packages/psnotify.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,15 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'psnotify' +$category = 'dotNet' +$toolDir = 'C:\psnotify' + +# Remove tool files +Remove-Item $toolDir -Recurse -Force -ea 0 | Out-Null + +# Remove tool shortcut +VM-Remove-Tool-Shortcut $toolName $category + +# Uninstall binary +Uninstall-BinFile -Name $toolName From 76c036f42c08d956b2759f7ec1d26da45c36cf94 Mon Sep 17 00:00:00 2001 From: Elliot Chernofsky <35854880+emtuls@users.noreply.github.com> Date: Fri, 20 Oct 2023 21:35:16 -0400 Subject: [PATCH 329/330] common.vm: Add unzip location to helper Add unzip location to the VM-Install-From-Zip helper function for more user customizability. --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 6347ace25..9325d71e7 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20231013 + 0.0.0.20231020 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index fe5dcba43..31b04f05b 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -329,10 +329,17 @@ function VM-Install-From-Zip { [Parameter(Mandatory=$false)] [string] $executableName, # Executable name, needed if different from "$toolName.exe" [Parameter(Mandatory=$false)] - [switch] $withoutBinFile # Tool should not be installed as a bin file + [switch] $withoutBinFile, # Tool should not be installed as a bin file + [Parameter(Mandatory=$false)] + [string] $unzipLocation ) try { - $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + if ($unzipLocation) { + $toolDir = Join-Path $unzipLocation $toolName + } else { + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $unzipLocation = $toolDir + } # Remove files from previous zips for upgrade VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} @@ -346,7 +353,7 @@ function VM-Install-From-Zip { # Download and unzip $packageArgs = @{ packageName = ${Env:ChocolateyPackageName} - unzipLocation = $toolDir + unzipLocation = $unzipLocation url = $zipUrl checksum = $zipSha256 checksumType = 'sha256' From efd38693c478c8f3ae5fb844e4cadaf5eeb1a3cc Mon Sep 17 00:00:00 2001 From: emtuls <35854880+emtuls@users.noreply.github.com> Date: Fri, 26 May 2023 00:21:44 +0000 Subject: [PATCH 330/330] Add garbageman.vm Closes https://github.com/mandiant/VM-Packages/issues/343. fixed installer --- packages/garbageman.vm/garbageman.vm.nuspec | 13 ++++ .../garbageman.vm/tools/chocolateyinstall.ps1 | 69 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 7 ++ 3 files changed, 89 insertions(+) create mode 100644 packages/garbageman.vm/garbageman.vm.nuspec create mode 100644 packages/garbageman.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/garbageman.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/garbageman.vm/garbageman.vm.nuspec b/packages/garbageman.vm/garbageman.vm.nuspec new file mode 100644 index 000000000..f5f68648b --- /dev/null +++ b/packages/garbageman.vm/garbageman.vm.nuspec @@ -0,0 +1,13 @@ + + + + garbageman.vm + 0.2.4 + alphillips-lab + A set of tools designed for .NET heap analysis. + + + + + + diff --git a/packages/garbageman.vm/tools/chocolateyinstall.ps1 b/packages/garbageman.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..a4c40bb87 --- /dev/null +++ b/packages/garbageman.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,69 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +#VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true + +try { + $toolName = 'GarbageMan' + $category = 'dotNet' + + $zipUrl = 'https://github.com/WithSecureLabs/GarbageMan/releases/download/v0.2.4/GarbageMan-0.2.4.zip' + $zipSha256 = '84007e73a21c491e9517ff70955fc8ff02b0a4a0d562d3e21521b6169b21004e' + + $toolDir = Join-Path ${Env:RAW_TOOLS_DIR} $toolName + $unzipLocation = $toolDir + $shortcutDir = Join-Path ${Env:TOOL_LIST_DIR} $category + + $innerFolder = $true + + # Remove files from previous zips for upgrade + VM-Remove-PreviousZipPackage ${Env:chocolateyPackageFolder} + + $oldDirList = @() + if (Test-Path $toolDir) { + $oldDirList = @(Get-ChildItem $toolDir | Where-Object {$_.PSIsContainer}) + } + + # Download and unzip + $packageArgs = @{ + packageName = ${Env:ChocolateyPackageName} + unzipLocation = $unzipLocation + url = $zipUrl + checksum = $zipSha256 + checksumType = 'sha256' + url64bit = $zipUrl_64 + checksum64 = $zipSha256_64 + } + Install-ChocolateyZipPackage @packageArgs + VM-Assert-Path $toolDir + + # Diff and find new folders in $toolDir + $newDirList = @(Get-ChildItem $toolDir | Where-Object {$_.PSIsContainer}) + $diffDirs = Compare-Object -ReferenceObject $oldDirList -DifferenceObject $newDirList -PassThru + + # If $innerFolder is set to $true, after unzipping only a single folder should be new. + # GitHub ZIP files typically unzip to a single folder that contains the tools. + if ($innerFolder) { + # First time install, use the single resulting folder name from Install-ChocolateyZipPackage. + if ($diffDirs.Count -eq 1) { + # Save the "new tool directory" to assist with upgrading. + $newToolDir = Join-Path $toolDir $diffDirs[0].Name -Resolve + Set-Content (Join-Path ${Env:chocolateyPackageFolder} "innerFolder.txt") $newToolDir + $toolDir = $newToolDir + } else { + # On upgrade there may be no new directory, in this case retrieve previous "new tool directory" from saved file. + $toolDir = Get-Content (Join-Path ${Env:chocolateyPackageFolder} "innerFolder.txt") + } + } + + $executablePath = Join-Path $toolDir "$toolName.exe" -Resolve + $shortcut = Join-Path $shortcutDir "$toolName.lnk" + + $executableDir = $toolDir + Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath -WorkingDirectory $executableDir + VM-Assert-Path $shortcut + + return $executablePath +} catch { + VM-Write-Log-Exception $_ +} \ No newline at end of file diff --git a/packages/garbageman.vm/tools/chocolateyuninstall.ps1 b/packages/garbageman.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..0551202aa --- /dev/null +++ b/packages/garbageman.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,7 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +$toolName = 'GarbageMan' +$category = 'dotNet' + +VM-Uninstall $toolName $category