search

mandiant / VM-Packages

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
Apache License 2.0
147 stars 67 forks source link

choco fails to install dcode.vm #1176

Open micahflack opened 4 days ago

micahflack commented 4 days ago

What's the problem?

Both the automatic flarevm script and manual installation of the dcode.vm package fails to download. The installer can still be downloaded with any browser though. I thought that this might be caused by the URL being redirected during download...

But neither of these URLs works within the chocolatey installer. See my attempt at earlier PR - Fixed broken URL for dcode.vm #1167

Looking back through the daily tests (1-2 weeks) and commits for dcode.vm, nothing has been changed within the package that could cause downloader issues. However, there was a recent release update to Chocolatey from 2.3.0 to 2.4.0. Downgrading the Chocolatey package produced the same 404 error as well.

I still think the problem lies further upstream with Chocolatey and how the command "Install-ChocolateyZipPackage @packageArgs" is handled.

Steps to Reproduce

  1. Prepare VM following "pre-installation" steps
  2. Unblock-File .\install.ps1
  3. Set-ExecutionPolicy Unrestricted -Force
  4. .\install.ps1 -password
  5. select full download
  6. installer finishes but dcode.vm fails to install

Manual Steps (after complete FlareVM install)

  1. Open powershell as admin
  2. choco install dcode.vm
  3. (installer attempts download)
  4. fails because of missing or unauthorized files

Choco downgrade and manual install

  1. (complete flarevm installation)
  2. (reboot)
  3. choco upgrade chocolatey --version 2.3.0 --allow-downgrade
  4. (reboot)
  5. choco install dcode.vm
  6. (installer attempts download)
  7. fails because of missing or authorized files

Environment

Virtualization software: Proxmox VM OS version: 10.0.19044 VM PowerShell version: 5.1.19041.3031 VM Chocolatey version: 2.4.0 VM Boxstarter version: Boxstarter|3.0.3 VM-Get-Host-Info:

PS C:\Users\Flare > VM-Get-Host-Info
2024/11/22 15:29:19 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----

Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise LTSC

VM OS RAM (MB)
-----
0

VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName         Size         FreeSpace
-------- --------- ------------ ----------         ----         ---------
C:       3                                         214159282176 119650639872
D:       5                      tiny10 23H2 x64    3839221760   0
E:       5                      virtio-win-0.1.229 534818816    0

VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.3031

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
2.4.0

VM Boxstarter Version
-----

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3

VM Installed Packages
-----
010editor.vm|15.0.1
7zip.vm|0.0.0.20240425
7zip-15-05.vm|15.5.0.20240614
7zip-nsis.vm|23.1.0.20240507
7z-nsis.vm|23.1.0
adconnectdump.vm|0.0.0.20240412
aleapp.vm|3.2.2
amcacheparser.vm|1.5.1.20240826
apimonitor|2.13.0.20210213
apimonitor.vm|2.13.0.20220224
apktool.vm|2.10.0
appcompatcacheparser.vm|1.5.0.20240826
arsenalimagemounter|3.11.293
arsenalimagemounter.vm|3.11.293
asreproast.vm|0.0.0.20240412
autohotkey|1.1.37.1
autohotkey.install|1.1.37.1
autoit-ripper.vm|0.0.0.20240607
autopsy.vm|4.21.0
az.powershell|12.5.0
azurehound.vm|2.1.9
badassmacros.vm|1.0.0
bindiff.vm|8.0.0.20240402
blobrunner.vm|0.0.5.20240411
blobrunner64.vm|0.0.5.20240411
bloodhound.vm|4.3.1.20240411
bloodhound-custom-queries.vm|0.0.0.20240412
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
bstrings.vm|1.5.2.20240826
burp-free.vm|0.0.0.20240217
burp-suite-free-edition|2022.12.4
bytecodeviewer.vm|2.12.0
c3.vm|0.0.0.20240412
capa.vm|7.4.0
certify.vm|1.1.0.20240412
chainsaw.vm|2.9.0
chocolatey|2.4.0
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.11.1
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.25
cmder.vm|1.3.25
codetrack|1.0.3.301
codetrack.vm|1.0.3.20230526
common.vm|0.0.0.20241106
confuserex|1.6.0
confuserex.vm|1.6.0.20230713
covenant.vm|0.0.0.20240412
credninja.vm|2.3.0.20240412
cryptotester.vm|1.7.1.20240411
cutter.vm|2.3.4.20240411
cyberchef.vm|10.19.0.20241002
Cygwin|3.5.4
cygwin.vm|3.5.4
de4dot-cex.vm|4.0.0.20240411
debloat.vm|0.0.0.20240327
dependencywalker|2.2.6000.9
dependencywalker.vm|2.2.6000
dex2jar.vm|2.3.0.20240411
didier-stevens-beta.vm|0.0.0.20240726
didier-stevens-suite.vm|0.0.0.20240726
die.vm|3.10.0
dll-to-exe.vm|1.1.0
dnlib.vm|4.0.0
dnspyex.vm|6.5.0.20240411
dokan.vm|2.1.0.20240603
dotdumper.vm|1.1.0.20240411
DotNet3.5|3.5.20160716
dotnet-5.0-desktopruntime|5.0.17
dotnet5-desktop-runtime|5.0.6
dotnet-6.0-desktopruntime|6.0.36
dotnet-6.0-runtime|6.0.36
dotnet-6.0-sdk|6.0.428
dotnet-6.0-sdk-4xx|6.0.428
dotnet-6.vm|0.0.0.20240507
dotnet-8.0-desktopruntime|8.0.11
dotnetfx|4.8.0.20220524
dotnettojscript.vm|0.0.0.20240412
dumpert.vm|0.0.0.20240412
egress-assess.vm|0.0.0.20240412
event-log-explorer.vm|5.5.2.20240908
evilclippy.vm|1.3.0.20240412
evtxecmd.vm|1.5.0.20240826
exeinfope.vm|0.0.7.20240411
exiftool|13.3.0
exiftool.vm|13.3.0
explorersuite.vm|0.0.0.20240717
extreme_dumper.vm|4.0.0.20240603
ezviewer.vm|2.0.0.20240826
fakenet-ng.vm|3.2.0.20240902
fiddler|5.0.20245.10105
fiddler.vm|5.0.20245
file.vm|0.0.0.20240411
floss.vm|3.1.1
ftk-imager.vm|4.7.1.20231207
fuzzdb.vm|0.0.0.20240412
gadgettojscript.vm|2.0.0.20240412
garbageman.vm|0.2.4.20240411
getlapspasswords.vm|0.0.0.20240125
ghidra|11.2.1
ghidra.vm|11.2.1
git|2.47.0.20241025
git.install|2.47.0.20241025
gobuster.vm|3.6.0.20240606
googlechrome.vm|0.0.0.20241106
goresym.vm|2.7.4
gowitness.vm|3.0.5
graphviz|12.2.0
group3r.vm|1.0.65
hashcat.vm|6.2.6.20240410
hasher.vm|2.1.0.20220826
hashmyfiles.vm|0.0.0.20240411
hayabusa.vm|2.18.0
hollowshunter.vm|0.3.9.20240411
hxd|2.5.0
hxd.vm|2.5.0.20230925
ida.diaphora.vm|3.2.0
ida.plugin.capa.vm|7.0.1.20240425
ida.plugin.comida.vm|0.0.0.20240725
ida.plugin.dereferencing.vm|0.0.0.20240725
ida.plugin.flare.vm|0.0.0.20240725
ida.plugin.hashdb.vm|1.10.0
ida.plugin.ifl.vm|1.4.4.20240725
ida.plugin.lighthouse.vm|0.0.0.20240725
ida.plugin.sigmaker.vm|1.0.2
idafree.vm|8.4.0.20240528
idr.vm|0.0.0.20230627
ifpstools.vm|2.0.2.20240411
ilspy|8.2.0
ilspy.vm|8.2.0
imhex|1.35.4
imhex.vm|1.35.4
innoextract.vm|1.9.0.20240411
innounp.vm|0.50.0.20230710
installer.vm|0.0.0.20241002
internal-monologue.vm|0.0.0.20240412
internet_detector.vm|1.0.0.20241029
inveigh.vm|2.0.10.20240411
invokedosfuscation.vm|1.0.0.20240412
invokeobfuscation.vm|1.8.2.20240412
ipython.vm|8.27.0.20241001
isd.vm|1.5.0.20240217
jlecmd.vm|1.5.0.20240826
js-beautify.vm|1.15.1.20240930
js-deobfuscator.vm|0.0.0.20240516
juicypotato.vm|0.1.0
jumplist_explorer.vm|2.0.0.20240826
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
KB3063858|1.0.0
keethief.vm|0.0.0.20240412
kerbrute.vm|1.0.3
kernel-ost-viewer.vm|21.1.0
kernel-outlook-pst-viewer.vm|20.3.0
ldapnomnom.vm|1.2.0
lecmd.vm|1.5.0.20240826
libraries.python3.vm|0.0.0.20240726
libraries-extra.python3.vm|0.0.0.20241029
logfileparser.vm|2.0.0.20240411
magika.vm|0.0.0.20240607
mailsniper.vm|0.0.0.20230712
malware-jail.vm|0.0.0.20240419
map.vm|0.0.0.20240416
memprocfs.vm|5.9.14.20240606
merlin.vm|2.1.3
metasploit.vm|6.4.13.20241106
mfasweep.vm|0.0.0.20230710
mft_explorer.vm|2.0.0.20240826
mftecmd.vm|1.2.2.20240908
microburst.vm|0.0.0.20240412
microsoft-office.vm|0.0.0.20240821
microsoft-office-deployment|16.0.18129.20030
microsoft-windows-terminal|1.19.10302
microsoft-windows-terminal.vm|1.19.10302.20240217
mimikatz.vm|2.2.0
nanodump.vm|0.0.0.20240412
nasm|2.16.3
nasm.vm|2.16.3
netcat|1.12.0
netcat.vm|1.12.0
netfx-4.8|4.8.0.20220524
netgpppassword.vm|1.0.0
net-reactor-slayer|6.4.0
net-reactor-slayer.vm|6.4.0.20230621
networkminer.vm|2.9.0.20240809
nmap.vm|7.93.20230418.20240614
nodejs|20.7.0
nodejs.install|20.7.0
nodejs.vm|0.0.0.20240827
notepadplusplus|8.7.1.20241108
notepadplusplus.install|8.7.1.20241108
notepadplusplus.vm|8.7.1
notepadpp.plugin.compare.vm|2.0.2
notepadpp.plugin.jstool.vm|1.2312.0
notepadpp.plugin.xmltools.vm|3.1.1.20231219
npcap.vm|1.80.0
obfuscator-io-deobfuscator.vm|0.0.0.20240514
offvis.vm|1.0.0.20240411
ollydbg.ollydumpex.vm|1.80.0
ollydbg.plugin.ollydumpex.vm|1.84.0.20240606
ollydbg.plugin.scyllahide.vm|1.4.0.20240606
ollydbg.scyllahide.vm|0.0.0.20230210
ollydbg.vm|1.10.0.20230418
ollydbg2.ollydumpex.vm|1.80.0
ollydbg2.plugin.ollydumpex.vm|1.84.0.20240606
ollydbg2.plugin.scyllahide.vm|1.4.0.20240606
ollydbg2.scyllahide.vm|0.0.0.20230210
ollydbg2.vm|2.1.0.20230418
onenoteanalyzer.vm|0.0.0.20240226
openjdk|21.0.1
openjdk.vm|0.0.0.20240531
openvpn|2.6.12.1
openvpn.vm|2.6.12
outflank-c2-tool-collection.vm|0.0.0.20240412
payloadsallthethings.vm|0.0.0.20240412
pdbresym.vm|1.3.4
pdbs.pdbresym.vm|0.0.0.20240813
pdfstreamdumper.vm|0.9.634.20240226
pe_unmapper.vm|1.0.0
peanatomist.vm|0.2.11931.20240411
pebear|0.7.0
pebear.vm|0.7.0
pecmd.vm|1.5.0.20240826
peid.vm|0.95.0.20240411
pesieve|0.3.9
pesieve.vm|0.3.9.20240305
pestudio.vm|9.59.0
petitpotam.vm|0.0.0.20240412
pkg-unpacker.vm|1.0.0.20240419
pma-labs.vm|0.0.0.20240411
powercat.vm|0.0.0.20240217
powermad.vm|0.0.0.20240412
powersploit.vm|0.0.0.20240412
powerupsql.vm|0.0.0.20240412
powerzure.vm|0.0.0.20240412
procdot.vm|1.22.57
processdump.vm|2.1.1.20240217
psnotify.vm|0.2.4.20231020
putty|0.81.0
putty.portable|0.81.0
putty.vm|0.81.0
python3|3.10.11
python3.vm|0.0.0.20240726
python310|3.10.11
rbcmd.vm|1.5.0.20240826
recentfilecacheparser.vm|1.5.0.20240826
recmd.vm|2.0.0.20240908
reg_export.vm|1.3.0.20240217
regcool.vm|2.15.0
registry_explorer.vm|2.0.0.20240826
regshot.vm|1.9.1.20240411
resourcehacker.portable|5.2.7
resourcehacker.vm|0.0.0.20240423
rla.vm|2.0.0.20240908
routesixtysink.vm|0.0.0.20240412
rpcview.vm|0.3.1.20240411
rubeus.vm|2.3.1.20240412
rundotnetdll.vm|2.2.0.20240411
safetykatz.vm|0.0.0.20240412
sbecmd.vm|2.0.0.20240826
scdbg.vm|0.0.0.20240411
sclauncher.vm|0.0.5
sclauncher64.vm|0.0.5
sdb_explorer.vm|2.0.0.20240826
seatbelt.vm|1.2.0.20240412
seclists.vm|2024.3.0
setdllcharacteristics.vm|0.0.1.20240411
sfextract.vm|2.1.0
sharpcliphistory.vm|1.0.0
sharpdpapi.vm|1.11.3.20240412
sharpdump.vm|0.0.0.20240412
sharpexec.vm|0.0.0.20240412
sharphound.vm|2.4.1
sharplaps.vm|1.1.0
sharpsecdump.vm|0.0.0.20240412
sharpup.vm|0.0.0.20240412
sharpview.vm|0.0.0.20240412
sharpwmi.vm|0.0.0.20240412
shellbags_explorer.vm|2.0.0.20240826
shellcode_launcher.vm|0.0.0.20240217
situational-awareness-bof.vm|0.0.0.20240412
sliver.vm|1.5.42
snaffler.vm|1.0.184
spoolsample.vm|0.0.0.20240412
sqlecmd.vm|1.0.0.20240826
sqlitebrowser.vm|3.12.2
sqlrecon.vm|3.3.0
srumecmd.vm|0.5.1.20240826
statistically-likely-usernames.vm|0.0.0.20240412
stracciatella.vm|0.7.0.20240412
streamdivert.vm|1.1.0.20240411
sumecmd.vm|0.5.2.20240826
sysinternals.vm|0.0.0.20241106
systeminformer.vm|3.1.24318
syswhispers2.vm|0.0.0.20240412
syswhispers3.vm|0.0.0.20240412
teamfiltration.vm|3.5.0.20240411
telnet.vm|0.0.0.20230317
testdisk.vm|7.2.0.20240606
timeline_explorer.vm|2.0.0.20240908
tor-browser|14.0.1
tor-browser.vm|14.0.1
total-registry.vm|0.9.7.20240228
truestedsec-remote-ops-bof.vm|0.0.0.20240412
trustedsec-remote-ops-bof.vm|0.0.0.20240531
ttd.vm|1.11.319.20240614
unhook-bof.vm|0.0.0.20240412
uniextract2.vm|2.0.0.20240411
upx.vm|4.2.4
vbdec.vm|1.0.917.20240614
vcbuildtools.vm|0.0.0.20240217
vcredist140|14.36.32532
vcredist140.vm|0.0.0.20231019
vcredist2005|8.0.50727.619501
vcredist2008|9.0.30729.616104
vcredist2010|10.0.40219.32503
vcredist2012|11.0.61031.20230518
vcredist2013|12.0.40660.20180427
vcredist2015|14.0.24215.20170201
vcredist2017|14.16.27052
vcredist-all|1.0.1
visualstudio.vm|17.6.1.20240217
visualstudio2017buildtools|15.9.58
visualstudio2017-workload-vctools|1.3.3
visualstudio2022community|117.11.5
visualstudio-installer|2.0.3
vnc-viewer|7.7.0
vnc-viewer.vm|7.7.0
vscmount.vm|1.5.0.20240826
vscode|1.95.2
vscode.extension.jupyter.vm|2024.6.2024060601
vscode.extension.python.vm|2024.9.11621011
vscode.install|1.95.2
vscode.vm|1.95.2
whisker.vm|0.0.0.20240412
windbg.vm|0.0.0
windows-terminal.vm|1.19.10573.20240402
windump.vm|0.3.0
winscp|6.3.3
winscp.install|6.3.3
winscp.vm|6.3.3.20240606
wireshark|4.4.1
wireshark.vm|4.4.1
wmimplant.vm|0.0.0.20240125
wxtcmd.vm|1.0.0.20240826
x64dbg.dbgchild.vm|10.0.0
x64dbg.ollydumpex.vm|1.80.0
x64dbg.plugin.dbgchild.vm|10.0.0
x64dbg.plugin.ollydumpex.vm|1.84.0.20240606
x64dbg.plugin.scyllahide.vm|1.4.0
x64dbg.plugin.x64dbgpy.vm|1.0.59.20240124
x64dbg.scyllahide.vm|1.4.0
x64dbg.vm|2024.4.11.20240606
x64dbgpy.vm|1.0.59.20240124
yara|4.5.2
yara.vm|4.5.2

Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\Users\Flare\Desktop\Tools
RAW_TOOLS_DIR: C:\Tools

Additional Information

Log output from: choco install dcode.vm --trace --log-file=dcode.log

C:\ProgramData_VM\log.txt

C:\ProgramData\chocolatey\logs\chocolatey.log

Detected by test suite

Yes

micahflack commented 4 days ago

See Test & Push #2452 for log output after PR for URL change fails

And daily test #1088 for first day dcode.vm failed to install