SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit SafePass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Happy new year! This episode continues our series on DIY pentest dropboxes with a focus on automation - specifically as it relates to automating the build of Windows 10, Windows Server 2019, Kali and Ubuntu VMs. Here's the resources I talk about in more detail on today's episode that helps make the automagic happen:
This article from Windowscentral.com does a great job of walking you through building a Windows 10 unattended install. A key piece of the automation is the autounattend.xml file, which you can somewhat automatically build here, but I think you'll want to install the Windows System Image Manager to really get in the tech weeds and fully tweak that answer file. The handy AnyBurn utility will help you make ISOs out of your Windows 10 / Server 2019 customized builds.
You can create a Win 10 ISO like:
oscdimg.exe -m -o -u2 -udfver102 -lNAME-TO-GIVE-ISO -bootdata:2#p0,e,bC:\path\to\etfsboot.com#pEF,e,bC:\path\to\efisys.bin C:\path\to\root\folder\where\ISO\is\extracted\ C:\path\to\ISO-YOU-WANT-TO-CREATE.ISO
You can also create a Server 2016 ISO like so:
oscdimg.exe -m -o -u2 -udfver102 -bootdata:2#p0,e,bC:\path\to\etfsboot.com#pEF,e,bC:\path\to\efisys_noprompt.bin "C:\path\to\root\folder\of\extracted\ISO\" "C:\path\to\ISO-YOU-WANT-TO-CREATE.ISO"
I set out to build a Ubuntu 18.x box because Splashtop only supports a few Linux builds. I found a freakin' sweet project called Linux unattended installation that helps you build the preseed.cfg file (kind of like the Windows equivalent of an answer file). The area of preseed.cfg I've been spending hours dorking around with is:
d-i preseed/late_command string \
Under this section you can customize things to your heart's content. For example, you could automatically pull down and install all OS packages/updates and a bunch of third party utils you want:
in-target sh -c 'apt-get update'; \ in-target sh -c 'apt-get upgrade -y'; \ in-target sh -c 'apt-get install curl dnsrecon git net-tools nmap openssh-server open-vm-tools-desktop python3.8 python3-pip python-libpcap ubuntu-gnome-desktop unzip wget xsltproc -y'; \
Finally, the project provides a slick script that will wrap up your Ubuntu build plus an SSH key into a ready-to-go ISO:
build-iso.sh ~/.ssh/id_rsa.pub ~/Desktop/My-kool-kustomized-Ubuntu.iso
Once your seed file is built, it's super easy to simply host it on a machine in your network and let Kali pull it during install. For example, if you've got a Linux box with Python on the network at 192.168.0.7, just make a temporary folder with the preseed.cfg file in it and then run:
sudo python3 -m http.server 80
Then, in your virtual environment, create a new VM and boot it to a Kali NetInstaller image. At the splash screen, hit Tab and it'll display a command line you can edit. Remove the line that says something like
auto=true and then the URL path to your preseed file, such as
url=http://192.168.0.7/preseed.cfg. The Kali will ask for a few questions, such as a username and hostname to configure, and then if you're watching your machine hosting
preseed.cfg, you'll see your Kali machine grab the config file and take care of the rest from there!
Got a better/cooler/funner/faster/awesomer way to do this type of automation? Let us know!