Flare-vm tools not installing

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Apache License 2.0

6.55k stars 915 forks source link

Flare-vm tools not installing #433

Closed SUBHAMPAREEK closed 1 year ago

SUBHAMPAREEK commented 1 year ago

Description

Every time i try to install the script it shows : Error

"Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server" At line:1 char:115

... /main/install.ps1',"$([Environment]::GetFolderPath("Desktop"))\instal ...


+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException"

MalwareMechanic commented 1 year ago

The exception appears to be thrown as a result of the DownloadFile call below:

https://github.com/mandiant/flare-vm/blob/fea9dbcd65375013dcb68924f945a2fafc1aedb2/install.ps1#L301-L304

This call is trying to download the file https://raw.githubusercontent.com/mandiant/flare-vm/main/config.xml. If you run the code below in an admin powershell prompt, does it also throw an exception?

(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/config.xml', "$(${Env:TEMP})\config.xml")

I'm curious, do you have an AV/EDR solution running that may be preventing the connection to the remote host?

Another thought, if you used a custom configuration provided on the command line, if the provided URL doesn't exist or has a typo, it may also result in a network error.

SUBHAMPAREEK commented 1 year ago

EDR/AV are not running. Still the same error

MalwareMechanic commented 1 year ago

My next thought was that your VM might be in "host-only" mode, but I tried the same command I posted above with my VM in "host-only" mode and got the error: "The remote name could not be resolved: 'raw.githubusercontent.com'", so I don't think your VM is in "host-only" mode.

Overall, this seems to be a networking issue rather than an issue with the script itself. Unfortunately I'm not sure if I'll be able to properly diagnosis the root cause. You could try connecting to a proxy or VPN and trying again. Also check if there's any firewall or IDS that may be preventing the remote connection to be established.

Let me know if you find the root cause!

MalwareMechanic commented 1 year ago

Closing for now, we can re-open when more information is available

Swapnil-Chatterjee commented 1 year ago

@SUBHAMPAREEK were you able to identify the error? If so, please share the workaround/solution.

luk0y commented 1 year ago

@Swapnil-Chatterjee @SUBHAMPAREEK I used a VPN with a random US location and it worked successfully. Thank a lot @MalwareMechanic.