Removed 'choco_packages', now uses the profile to install package

Author: pix

malboxes/config-example.js

@@ -28,7 +28,7 @@
 	// This example profile will attempt to load profiles/maldoc.js
 	// For more information on profiles check an example profile:
 	// https://github.com/GoSecure/malboxes/blob/master/malboxes/profile-example.js
-	//"profile": "maldoc",
+	"profile": "default",
 	//"input_locale": "fr-FR",
 
 	// Provision settings
@@ -53,10 +53,6 @@
 	// Windows Updates: true means enabled, false means disabled. Default is false.
 	//"windows_updates": "false",
 
-	// Chocolatey packages to install on the VM
-	// TODO re-add dependencywalker and regshot once upstream choco package provides a checksum
-	"choco_packages": "sysinternals windbg 7zip putty fiddler4 processhacker apm wireshark",
-
 	// Setting the IDA Path will copy the IDA remote debugging tools into the guest
 	//"ida_path": "/path/to/your/ida",
 

malboxes/malboxes.py

@@ -206,10 +206,10 @@ def prepare_config(args):
         config.update(profile_config)
 
     packer_tmpl = prepare_packer_template(config, args)
-
     # merge/update with template config
     with open(packer_tmpl, 'r') as f:
-        config.update(json.loads(f.read()))
+        a = f.read()
+        config.update(json.loads(a))
 
     return config, packer_tmpl
 
@@ -331,10 +331,14 @@ def run_packer(packer_tmpl, args):
                 return 254
 
         # run packer with relevant config minified
+        # (removes "profiles" as packer do not support arrays in var-file)
         configfile = os.path.join(DIRS.user_config_dir, 'config.js')
         with open(configfile, 'r') as config:
+            config = json.loads(jsmin(config.read()))
+            if "profile_config" in config.keys():
+                del config["profile_config"]
             f = create_cachefd('packer_var_file.json')
-            f.write(jsmin(config.read()))
+            f.write(json.dumps(config))
             f.close()
 
         flags = ['-var-file={}'.format(f.name)]
@@ -486,6 +490,8 @@ def prepare_profile(config, args):
 
     profile = load_profile(profile_name)
 
+    config["profile_config"] = profile
+
     fd = create_cachefd('profile-{}.ps1'.format(profile_name))
 
     if "registry" in profile:
@@ -500,9 +506,9 @@ def prepare_profile(config, args):
         for doc_mod in profile["document"]:
             document(profile_name, doc_mod["modtype"], doc_mod["docpath"], fd)
 
-    if "package" in profile:
-        for package_mod in profile["package"]:
-            package(profile_name, package_mod["package"], fd)
+    if "packages" in profile:
+        for pkg in profile["packages"]:
+            package(profile_name, pkg, fd)
 
     if "packer" in profile:
         packer = profile["packer"]
@@ -560,7 +566,7 @@ def directory(profile_name, modtype, dirpath, fd):
 
 def package(profile_name, package_name, fd):
     """ Adds a package to install with Chocolatey."""
-    line = "choco install {} -y\r\n".format(package_name)
+    line = "choco install -y {}\r\n".format(package_name)
     print("Adding Chocolatey package: {}".format(package_name))
 
     fd.write(line)

malboxes/profile-example.js

@@ -1,5 +1,17 @@
 {
-    "package": [{"package": "thunderbird"}],
+    "packages": [
+        // "dependencywalker --ignorechecksum",
+        // "regshot --ignorechecksum",
+        "npcap --package-parameters '/winpcap_mode=yes' -y",
+        "sysinternals",
+        "windbg",
+        "7zip",
+        "putty",
+        "fiddler4",
+        "processhacker",
+        "apm",
+        "wireshark"
+    ],
     "document": [{"modtype": "add", "docpath": "C:\\Test.doc"}],
     "directory": [{"modtype": "add", "dirpath": "C:\\mlbxs\\"}],
     "registry": [

malboxes/templates/snippets/provision_powershell.json

@@ -6,17 +6,34 @@
 			{% if hypervisor == "virtualbox" %}
 				"{{ dir }}/scripts/windows/vmtools.ps1",
 			{% endif %}
-			"{{ dir }}/scripts/windows/installtools.ps1",
-			{% if profile is defined %}"{{ cache_dir }}/profile-{{ profile }}.ps1",{% endif %}
 			"{{ dir }}/scripts/windows/malware_analysis.ps1"
 		]
 	}
-{% if choco_packages %},
+{% if profile and profile_config.packages and profile_config.packages|length > 0 %}
+	,
 	{
-		"type": "windows-shell",
-		"inline": [
-			"choco install npcap --package-parameters '/winpcap_mode=yes' -y",
-			"choco install {{ choco_packages }} -y"
+		"type": "powershell",
+		"elevated_user": "{{ username }}",
+		"elevated_password": "{{ password }}",
+		"scripts": [
+			"{{ dir }}/scripts/windows/installtools.ps1"
+		],
+		"valid_exit_codes": [ 0, 5888 ]
+	}
+{% endif %}
+{% if "win7" in template %}
+	{# Windows 7 needs to reboot after .net installation #}
+	,
+	{
+		"type": "windows-restart"
+	}
+{% endif %}
+{% if profile is defined %}
+	,
+	{
+		"type": "powershell",
+		"scripts": [
+			"{{ cache_dir }}/profile-{{ profile }}.ps1"
 		]
 	}
 {% endif %}

malboxes/templates/snippets/provision_powershell_win7.json

@@ -27,7 +27,7 @@
 
 	"provisioners": [
 
-	{% include 'snippets/provision_powershell_win7.json' %}
+	{% include 'snippets/provision_powershell.json' %}
 
 	{% if tools_path %},
 		{% include 'snippets/tools.json' %}

malboxes/templates/win7_32_analyst.json

@@ -27,7 +27,7 @@
 
 	"provisioners": [
 
-	{% include 'snippets/provision_powershell_win7.json' %}
+	{% include 'snippets/provision_powershell.json' %}
 
 	{% if tools_path %},
 		{% include 'snippets/tools.json' %}