hermitsy
commented
4 years ago Issue is fixed with vbox 6.1.6 and vagrant 2.2.9.
Closed hermitsy closed 4 years ago
hermitsy
commented
4 years ago Issue is fixed with vbox 6.1.6 and vagrant 2.2.9.
d3vzer0
commented
4 years ago @hermitsy Did you manage to succesfully build the logger instance as well? I'm running the same version of vagrant and virtualbox but installing the Splunk package fails and complains about a corrupt archive. Not sure if it's just me 🤔
hermitsy
commented
4 years ago The issue appears to now resurface in Win10 deployment. Looks likes its something more fundamental than simply a vbox/vagrant version bug.
win10: Running: scripts/install-redteam.ps1 as C:\tmp\vagrant-shell.ps1
win10: [10:43] Installing Red Team Tooling...
win10: powershell.exe : Uninstall-WindowsFeature : The term 'Uninstall-WindowsFeature' is not recognized as the name of a
win10: + CategoryInfo : NotSpecified: (Uninstall-Windo... the name of a :String) [], RemoteException
win10: + FullyQualifiedErrorId : NativeCommandError
win10: cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
win10: was included, verify that the path is correct and try again.
win10: At C:\tmp\vagrant-shell.ps1:16 char:3
win10: + Uninstall-WindowsFeature Windows-Defender
win10: + ~~~~~~~~~~~~~~~~~~~~~~~~
win10: + CategoryInfo : ObjectNotFound: (Uninstall-WindowsFeature:String) [], CommandNotFou
win10: ndException
win10: + FullyQualifiedErrorId : CommandNotFoundException
win10:
win10: Uninstall-WindowsFeature : The term 'Uninstall-WindowsFeature' is not recognized as the name of a
win10: cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
win10: was included, verify that the path is correct and try again.
win10: At C:\tmp\vagrant-shell.ps1:17 char:3
win10: + Uninstall-WindowsFeature Windows-Defender-Features
win10: + ~~~~~~~~~~~~~~~~~~~~~~~~
win10: + CategoryInfo : ObjectNotFound: (Uninstall-WindowsFeature:String) [], CommandNotFou
win10: ndException
win10: + FullyQualifiedErrorId : CommandNotFoundException
win10: @hermitsy Did you manage to succesfully build the logger instance as well? I'm running the same version of vagrant and virtualbox but installing the Splunk package fails and complains about a corrupt archive. Not sure if it's just me
I had no issues with logger. Are you using the latest codebase?
d3vzer0
commented
4 years ago @hermitsy Yep, used the latest one :) It may have something to do with some remainants of HyperV which I used for docker desktop. I disabled HyperV but seems that VirtualBox was still using it as the default backend (when I downgraded to Vbox 6.0 to troubleshoot). Manually disabling HyperV via the CLI and rebooting seemed to have solved the issue for me 👍
Edit: Now I'm running into the same error which you are facing as well during the Win10 provisioning. The other instances seem to deploy just fine
Stderr from the command:
powershell.exe : Uninstall-WindowsFeature : The term 'Uninstall-WindowsFeature' is not recognized as the name of a
+ CategoryInfo : NotSpecified: (Uninstall-Windo... the name of a :String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At C:\tmp\vagrant-shell.ps1:16 char:3
+ Uninstall-WindowsFeature Windows-Defender
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Uninstall-WindowsFeature:String) [], CommandNotFou
ndException
+ FullyQualifiedErrorId : CommandNotFoundException
Uninstall-WindowsFeature : The term 'Uninstall-WindowsFeature' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At C:\tmp\vagrant-shell.ps1:17 char:3
+ Uninstall-WindowsFeature Windows-Defender-Features
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Uninstall-WindowsFeature:String) [], CommandNotFou
ndException
+ FullyQualifiedErrorId : CommandNotFoundException@hermitsy I found a potential fix :)
It seems that while running the install-redteam.ps1 script the $hostname variable is blank. This will cause the following statement to return true and run (from line 7):
# Windows Defender should be disabled already by the GPO, sometimes it doesnt work
If ($hostname -ne "win10") {
# Uninstalling Windows Defender (https://github.com/StefanScherer/packer-windows/issues/201)
Uninstall-WindowsFeature Windows-Defender
Uninstall-WindowsFeature Windows-Defender-Features
}The $hostname variable is set with provision.ps1 script it doesn't seem to persist. I manually set $hostname in install-redteam.ps1 and reprovisioned the machine. However, another error popped up afterwards:
powershell.exe : Add-MpPreference : A parameter cannot be found that matches parameter name
+ CategoryInfo : NotSpecified: (Add-MpPreferenc...parameter name :String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
'DisableRealtimeMonitoring'.This happens because the -DisableRealtimeMonitoring argument does not exist for the Add-MpPreference command: https://docs.microsoft.com/en-us/powershell/module/defender/add-mppreference?view=win10-ps.
This argument is only available to Set-MpPreference: https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
Modifying the content of install-redteam.ps1 (DetectionLab/Vagrant/scripts/install-redteam.ps1) with the following seems to work and all stages complete succesfully:
# Purpose: Installs Mimikatz and Powersploit into c:\Tools\Mimikatz. Used to install redteam related tooling.
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
$hostname = $(hostname)
# Windows Defender should be disabled already by O&O ShutUp10 and the GPO
If ($hostname -eq "win10") {
# Adding Defender exclusions just in case
Set-MpPreference -ExclusionPath "C:\Tools"
Add-MpPreference -ExclusionPath "C:\Users\vagrant\AppData\Local\Temp"
Set-MpPreference -DisableRealtimeMonitoring $true
}
...
...
...To resolve Win10 Vagrant fail issue - suspect the Packer build messed up somehow - I tried to rebuild Win10 box which failed as well.
Something peculiar is happening. I know not what.
==> virtualbox-iso: <Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"><Obj S="progress" RefId="0"><TN RefId="0"><T>System.Management.Automation.PSCustomObject</T><T>System.Object</T></TN><MS><I64 N="SourceId">1</I64><PR N="Record"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj></Objs>
==> virtualbox-iso: Machine successfully restarted, moving on
==> virtualbox-iso: Provisioning with Powershell...
==> virtualbox-iso: Provisioning with powershell script: ./scripts/set-powerplan.ps1
virtualbox-iso: Set power plan to high performance
virtualbox-iso: WARNING: Unable to set power plan to high performance
virtualbox-iso: WARNING: Error: HighPerf is null
==> virtualbox-iso: Provisioning with powershell script: ./scripts/docker/disable-windows-defender.ps1
==> virtualbox-iso: Remove-Item : Cannot find path 'C:\Windows\Temp\script-5eb6ab8c-2661-1a27-d491-c53737cf4abf.ps1' because it does not
==> virtualbox-iso: exist.
==> virtualbox-iso: At C:\Windows\Temp\packer-cleanup-5eb6ab8c-37e5-0b1d-3492-026883ac9e8a.ps1:3 char:1
==> virtualbox-iso: + Remove-Item c:/Windows/Temp/script-5eb6ab8c-2661-1a27-d491-c53737cf4a ...
==> virtualbox-iso: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==> virtualbox-iso: + CategoryInfo : ObjectNotFound: (C:\Windows\Temp...53737cf4abf.ps1:String) [Remove-Item], ItemNotFoundEx
==> virtualbox-iso: ception
==> virtualbox-iso: + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand
==> virtualbox-iso:
This change to script seems to have fixed the Vagrant error on Win10/2016.
Thanks.
Modifying the content of install-redteam.ps1 (DetectionLab/Vagrant/scripts/install-redteam.ps1) with the following seems to work and all stages complete succesfully:
# Purpose: Installs Mimikatz and Powersploit into c:\Tools\Mimikatz. Used to install redteam related tooling. Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..." **$hostname = $(hostname)** # Windows Defender should be disabled already by O&O ShutUp10 and the GPO If ($hostname -eq "win10") { # Adding Defender exclusions just in case Set-MpPreference -ExclusionPath "C:\Tools" Add-MpPreference -ExclusionPath "C:\Users\vagrant\AppData\Local\Temp" **Set-MpPreference** -DisableRealtimeMonitoring $true } ... ... ...
Please verify that you are building from an updated Master branch before filing an issue. Yes
Description of the issue DC Vagrant build fails
I've tried several times to rebuild the box (2016 server) using Packer (in case packing error) but the build fails anyway.
Powershell seem not to be able to find Set-MpPreference a Windows Defender function
Log -
Link to Gist Containing Build Logs:
Vagrant did not produce log for some reason.