search

hatching / vmcloak

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
483 stars 120 forks source link

Dev/vmware #157

Closed pwnslinger closed 2 years ago

pwnslinger commented 5 years ago

finalized version of vmware integration for vmcloak. passed all test-cases under tests/test_vms_vmware.py successfully. 

DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmware-vdiskmanager', '-d', u'/home/pwnslinger/.vmcloak/image/winxpx86_ZyaPg/winxpx86_ZyaPg.vmdk']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/ovftool', '--acceptAllEulas', '--allowAllExtraConfig', '--compress=9', u'/home/pwnslinger/.vmcloak/vms/winxpx86_ZyaPg/winxpx86_ZyaPg.vmx', u'/home/pwnslinger/.vmcloak/image/winxpx86_ZyaPg/winxpx86_ZyaPg.ova']
INFO:vmcloak:Added image u'winxpx86_ZyaPg' to the repository.
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'start', u'/home/pwnslinger/.vmcloak/vms/winxpx86_ZyaPg/winxpx86_ZyaPg.vmx', 'gui']
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.misc:Waiting for host 192.168.19.3
DEBUG:vmcloak.agent:Executing command in VM: typeperf -si 2 -sc 10 -f CSV -y -o C:\process.csv "\Process(*)\ID Process" "\Process(*)\% Processor Time"
DEBUG:vmcloak.agent:Executing command in VM: shutdown -s -t 0
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
--- 782.385023117 seconds to finish winxpx86 installation ---
DEBUG:vmcloak:/tmp/tmptqK70W/win81x64_gVUUa.iso
DEBUG:vmcloak.abstract:Executing genisoimage: /usr/bin/genisoimage -quiet -b boot.img -o /tmp/tmptqK70W/win81x64_gVUUa.iso -no-emul-boot -iso-level 2 -udf -J -l -D -N -joliet-long -relaxed-filenames -allow-limited-size /tmp/tmptqK70W/tmpsMoMdS
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmware-vdiskmanager', '-c', '-t', '1', '-s', '20GB', '-a', u'lsilogic', u'/home/pwnslinger/.vmcloak/image/win81x64_gVUUa/win81x64_gVUUa.vmdk']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'upgradevm', u'/home/pwnslinger/.vmcloak/vms/win81x64_gVUUa/win81x64_gVUUa.vmx']
INFO:vmcloak:Starting the Virtual Machine u'win81x64_gVUUa' to install Windows.
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'start', u'/home/pwnslinger/.vmcloak/vms/win81x64_gVUUa/win81x64_gVUUa.vmx', 'gui']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.misc:Waiting for host 192.168.19.7
DEBUG:vmcloak.misc:Waiting for host 192.168.19.7
DEBUG:vmcloak.agent:Executing command in VM: typeperf -si 2 -sc 10 -f CSV -y -o C:\process.csv "\Process(*)\ID Process" "\Process(*)\% Processor Time"
DEBUG:vmcloak.agent:Executing command in VM: shutdown -s -t 0
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/vmrun', 'list']
--- 767.042910814 seconds to finish win81x64 installation ---
pwnslinger commented 5 years ago

it's been a month passed and I haven't received any feedback or comment on this.

samwakel commented 5 years ago

it's been a month passed and I haven't received any feedback or comment on this.

Yeah my PR #129 has been open for over a year now. Nothing there too. This repo is very rarely looked at.

jbremer commented 5 years ago

Hey guys, sorry for keeping you waiting. The primary reasons for this taking a long time is the fact that I/we don't actively use vmcloak anymore and the fact that I don't know if the proposed changes (at least in this PR) don't break backwards compatibility. I mean, stuff like the following - I don't know off-hand if that will break stuff ;-)

- interface = "Ethernet"
+ interface = "Ethernet0"

I'll add that at least the existing unit tests leave something to be desired, so that's on me, but I also don't really intend to improve that provided we have our own (proprietary, sorry) vmcloak-like tooling nowadays that features a lot more things that we need.

So, basically.. if somebody shows some logs of creating Windows 7 and Windows 10 VMs with VirtualBox with this PR in-place, then I might just merge it, hoping no breakage takes place :)

samwakel commented 5 years ago

Hey guys, sorry for keeping you waiting. The primary reasons for this taking a long time is the fact that I/we don't actively use vmcloak anymore and the fact that I don't know if the proposed changes (at least in this PR) don't break backwards compatibility. I mean, stuff like

Yeah I was wondering if that was the case. What do you use instead?

jbremer commented 5 years ago

(In our company) we have our own vmcloak-like utility called hatchvm, it's essentially similar to vmcloak but written in Go with some additional features like full integration with the UI, Linux support, all Office versions and many more other software "dependencies", and a whole array of tweaks to make Windows 10 less noisy. Unfortunately this is all (as described above) proprietary, although I'm more than happy to invite you guys to our public sandboxing cloud at https://tria.ge/ ;-)