search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.65k stars 926 forks source link

Trouble with downloading failed pacakges manually. #575

Closed datboimic closed 8 months ago

datboimic commented 9 months ago

What's the problem?

I have a few failed packages during the Flare VM download. They were, peanatomist.vm, minidump.vm, metaspoloit.vm, resourcehacker.portable, event-log-explorer.vm, resourcehacker.vm, and autopsy.vm. Now, I didn't get to check for everyone of those missing pacakges but autopsy.vm for example, it said it failed to install, but then I would scroll up on the log where it said that it was installed. I checked the tools folder and saw it there but it was 0KB. Either minidump or metasploit was similar, except the folder had some data in it.

My real issue stems from trying to manually install them again. i've tried autopsy, but it failed. Same with minidump: During the initial phases of the manual installation attempts, I get the follower error as seen in the screenshot. Screenshot (553)

I'm not sure if that is what is causing my problems but if anyone may have some ideas on what to do, I'd greatly appreciate it. I need autopsy out of the failed ones, so it is currently where my priority is at.

Steps to Reproduce

  1. Run powershell as admin
  2. Enter the following command for a failed package installation: (choco install -y ), in my case autopsy: choco install -y autopsy.vm
  3. Wait for the execution.

Environment

Virtualization software: VMWare, VirtualBox, etc.c :VirtualBox VM OS version: run (Get-CimInstance Win32_OperatingSystem).version in Powershell :10.0.19045 VM PowerShell version: run $PSVersionTable.PSVersion.ToString() in Powershell :5.1.19041.3803 VM Chocolatey version: run choco --version :2.2.2 VM Boxstarter version: run choco info -l -r "boxstarter" :Boxstarter|3.0.3 Output of VM-Get-Host-Info : 2024/03/05 14:00:11 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack

Version : 10.0.19045 BuildNumber : 19045 OSArchitecture : 64-bit ServicePackMajorVersion : 0 Caption : Microsoft Windows 10 Pro

VM OS RAM (MB)

0

VM OS HDD Space / Usage

DeviceID DriveType ProviderName VolumeName Size FreeSpace

C: 3 112113954816 40809529344 D: 5 ESD-ISO 4893306880 0

VM AV Details

AntiVirusProduct classname does not exist...

VM PowerShell Version

5.1.19041.3803

VM CLR Version

4.0.30319.42000

VM Chocolatey Version

2.2.2

VM Boxstarter Version

Boxstarter|3.0.3 Boxstarter.Bootstrapper|3.0.3 Boxstarter.Chocolatey|3.0.3 Boxstarter.Common|3.0.3 Boxstarter.HyperV|3.0.3 Boxstarter.WinConfig|3.0.3

VM Installed Packages

010editor.vm|14.0.0.20231204 7zip.install|23.1.0 7zip-15-05.vm|15.5.0.20231220 adconnectdump.vm|0.0.0.20230710 aleapp.vm|3.1.9 amcacheparser.vm|1.5.1.20231208 apimonitor|2.13.0.20210213 apimonitor.vm|2.13.0.20220224 apktool.vm|2.9.3 appcompatcacheparser.vm|1.5.0.20231208 arsenalimagemounter|3.11.279 arsenalimagemounter.vm|3.11.279.20240226 asreproast.vm|0.0.0.20230713 autohotkey|1.1.37.1 autohotkey.install|1.1.37.1 autopsy.vm|4.21.0 az.powershell|11.3.1 azurehound.vm|2.1.7 badassmacros.vm|1.0.0 blobrunner.vm|0.0.5.20240217 blobrunner64.vm|0.0.5.20240217 bloodhound.vm|4.3.1.20230713 bloodhound-custom-queries.vm|0.0.0.20230713 Boxstarter|3.0.3 Boxstarter.Bootstrapper|3.0.3 Boxstarter.Chocolatey|3.0.3 Boxstarter.Common|3.0.3 Boxstarter.HyperV|3.0.3 Boxstarter.WinConfig|3.0.3 bstrings.vm|1.5.2.20231208 burp-free.vm|0.0.0.20240217 burp-suite-free-edition|2022.12.4 bytecodeviewer.vm|2.12.0 c3.vm|0.0.0.20230711 capa.vm|7.0.1 certify.vm|1.1.0.20230713 chainsaw.vm|2.8.1 chocolatey|2.2.2 chocolatey-compatibility.extension|1.0.0 chocolatey-core.extension|1.4.0 chocolatey-dotnetfx.extension|1.0.1 chocolatey-visualstudio.extension|1.11.1 chocolatey-windowsupdate.extension|1.0.5 Cmder|1.3.24 cmder.vm|1.3.24.20240217 codetrack|1.0.3.301 codetrack.vm|1.0.3.20230526 common.vm|0.0.0.20240304 confuserex|1.6.0 confuserex.vm|1.6.0.20230713 covenant.vm|0.0.0.20230711 credninja.vm|2.3.0 cryptotester.vm|1.7.1 cutter.vm|2.3.2 cyberchef.vm|10.8.2 Cygwin|3.5.0 cygwin.vm|3.5.0.20240217 dcode.vm|5.5.21194.20240217 de4dot-cex.vm|4.0.0.20230526 debloat.vm|0.0.0.20240123 dependencywalker|2.2.6000.9 dependencywalker.vm|2.2.6000 dex2jar.vm|2.3.0.20231025 didier-stevens-beta.vm|0.0.0.20240226 didier-stevens-suite.vm|0.0.0.20240226 die.vm|3.7.20240217 dll-to-exe.vm|1.1.0 dnlib.vm|4.0.0 dnspyex.vm|6.5.0 dokan.vm|2.1.0 dotdumper.vm|1.1.0 DotNet3.5|3.5.20160716 dotnet-5.0-desktopruntime|5.0.17 dotnet5-desktop-runtime|5.0.6 dotnet-6.0-desktopruntime|6.0.26 dotnet-6.0-runtime|6.0.26 dotnet-6.0-sdk|6.0.419 dotnet-6.0-sdk-4xx|6.0.419 dotnet-6.vm|0.0.0.20231224 dotnet-8.0-desktopruntime|8.0.2 dotnetfx|4.8.0.20220524 dotnettojscript.vm|0.0.0.20230713 dumpert.vm|0.0.0.20230711 evilclippy.vm|1.3.0 evtxecmd.vm|1.5.0.20231208 exeinfope.vm|0.0.7.20240217 exiftool|12.77.0 exiftool.vm|12.77.0.20240217 explorersuite.vm|0.0.0.20230925 extreme_dumper.vm|4.0.0.20240219 ezviewer.vm|2.0.0.20240226 fakenet-ng.vm|1.4.11.20230418 fiddler|5.0.20211.51073 fiddlerclassic.vm|5.0.20211.20221209 file.vm|0.0.0.20240217 floss.vm|3.0.1.20240217 ftk-imager.vm|4.7.1.20231207 fuzzdb.vm|0.0.0.20230711 gadgettojscript.vm|2.0.0.20230713 garbageman.vm|0.2.4 getlapspasswords.vm|0.0.0.20240125 ghidra|11.0.1 ghidra.vm|11.0.1 gobuster.vm|3.5.0.20230713 googlechrome.vm|0.0.0.20240111 goresym.vm|2.4.0.20240217 gowitness.vm|2.5.1.20240112 group3r.vm|1.0.59 hashcat.vm|6.2.6.20240208 hasher.vm|2.0.0.20240226 hashmyfiles.vm|0.0.0.20240217 hayabusa.vm|2.11.0 hollowshunter.vm|0.3.8.20240217 hxd|2.5.0 hxd.vm|2.5.0.20230925 ida.diaphora.vm|3.1.2 ida.plugin.capa.vm|7.0.1 idafree.vm|8.3.0.20240119 idr.vm|0.0.0.20230627 ifpstools.vm|2.0.2.20231203 ilspy|8.2.0 ilspy.vm|8.2.0 imhex|1.32.2 imhex.vm|1.32.2 innoextract.vm|1.9.0.20231203 innounp.vm|0.50.0.20230710 installer.vm|0.0.0.20240305 inveigh.vm|2.0.10.20231203 invokedosfuscation.vm|1.0.0 invokeobfuscation.vm|1.8.2 isd.vm|1.5.0.20240217 jlecmd.vm|1.5.0.20231208 juicypotato.vm|0.1.0 jumplist_explorer.vm|2.0.0.20231208 KB2919355|1.0.20160915 KB2919442|1.0.20160915 KB2999226|1.0.20181019 KB3033929|1.0.5 KB3035131|1.0.3 KB3063858|1.0.0 keethief.vm|0.0.0.20230713 kerbrute.vm|1.0.3 kernel-ost-viewer.vm|21.1.0 kernel-outlook-pst-viewer.vm|20.3.0 ldapnomnom.vm|1.2.0 lecmd.vm|1.5.0.20231208 libraries.python3.vm|0.0.0.20240130 logfileparser.vm|2.0.0.20231204 mailsniper.vm|0.0.0.20230712 malware-jail.vm|0.0.0.20231020 map.vm|0.0.0.20230723 memprocfs.vm|5.8.17 merlin.vm|2.1.1 mfasweep.vm|0.0.0.20230710 mft_explorer.vm|2.0.0.20231208 mftecmd.vm|1.2.2.20231208 microburst.vm|0.0.0.20230320 microsoft-windows-terminal|1.19.10302 microsoft-windows-terminal.vm|1.19.10302.20240217 mimikatz.vm|2.2.0 minidump.vm|0.0.0.20230711 nanodump.vm|0.0.0.20230713 nasm|2.16.1.20221231 nasm.vm|2.16.1.20240217 netcat|1.12.0 netcat.vm|1.12.0 netfx-4.8|4.8.0.20220524 netgpppassword.vm|1.0.0 net-reactor-slayer|6.4.0 net-reactor-slayer.vm|6.4.0.20230621 networkminer.vm|2.8.1 nmap.vm|7.93.20230418.20240102 nodejs|20.7.0 nodejs.install|20.7.0 nodejs.vm|0.0.0.20231020 notepadplusplus|8.6.2 notepadplusplus.install|8.6.2 notepadplusplus.vm|8.6.2 notepadpp.plugin.compare.vm|2.0.2 notepadpp.plugin.jstool.vm|1.2312.0 notepadpp.plugin.xmltools.vm|3.1.1.20231219 npcap.vm|1.73.0 offvis.vm|1.0.0.20240226 ollydbg.ollydumpex.vm|1.80.0 ollydbg.scyllahide.vm|0.0.0.20230210 ollydbg.vm|1.10.0.20230418 ollydbg2.ollydumpex.vm|1.80.0 ollydbg2.scyllahide.vm|0.0.0.20230210 ollydbg2.vm|2.1.0.20230418 onenoteanalyzer.vm|0.0.0.20240226 openjdk|21.0.1 openjdk.vm|0.0.0.20240202 openvpn|2.6.9.1 openvpn.vm|2.6.9 outflank-c2-tool-collection.vm|0.0.0.20230713 payloadsallthethings.vm|0.0.0.20230711 pdfstreamdumper.vm|0.9.634.20240226 pebear|0.6.7.3 pebear.vm|0.6.7.20240208 pecmd.vm|1.5.0.20231208 peid.vm|0.95.0.20221115 pesieve|0.3.8 pesieve.vm|0.3.8.20240217 pestudio.vm|9.58.0 petitpotam.vm|0.0.0.20230710 pkg-unpacker.vm|1.0.0.20231027 pma-labs.vm|0.0.0.20230626 powercat.vm|0.0.0.20240217 powermad.vm|0.0.0.20230711 powersploit.vm|0.0.0.20230713 powerupsql.vm|0.0.0.20230710 powerzure.vm|0.0.0.20230320 processdump.vm|2.1.1.20240217 psnotify.vm|0.2.4.20231020 putty|0.80.0 putty.portable|0.80.0 putty.vm|0.80.0 python3|3.10.11 python3.vm|0.0.0.20231019 python310|3.10.11 rbcmd.vm|1.5.0.20231208 recentfilecacheparser.vm|1.5.0.20231208 recmd.vm|2.0.0.20231208 reg_export.vm|1.3.0.20240217 regcool.vm|1.361.0.20240228 registry_explorer.vm|2.0.0.20240226 regshot.vm|1.9.1.20240217 rla.vm|2.0.0.20231208 routesixtysink.vm|0.0.0.20230714 rpcview.vm|0.3.1.20231218 rubeus.vm|2.3.1 rundotnetdll.vm|2.2.0.20231203 safetykatz.vm|0.0.0.20230713 sbecmd.vm|2.0.0.20231208 scdbg.vm|0.0.0.20240217 sclauncher.vm|0.0.4.20240217 sclauncher64.vm|0.0.4.20240217 sdb_explorer.vm|2.0.0.20231208 seatbelt.vm|1.2.0.20230713 seclists.vm|2024.1.0 setdllcharacteristics.vm|0.0.1 sfextract.vm|2.1.0 sharpcliphistory.vm|1.0.0 sharpdpapi.vm|1.11.3 sharpdump.vm|0.0.0.20230713 sharpexec.vm|0.0.0.20230713 sharphound.vm|2.3.2 sharplaps.vm|1.1.0 sharpsecdump.vm|0.0.0.20230711 sharpup.vm|0.0.0.20230602 sharpview.vm|0.0.0.20230713 sharpwmi.vm|0.0.0.20230713 shellbags_explorer.vm|2.0.0.20231208 shellcode_launcher.vm|0.0.0.20240217 situational-awareness-bof.vm|0.0.0.20240112 sliver.vm|1.5.42 snaffler.vm|1.0.140 spoolsample.vm|0.0.0.20230602 sqlecmd.vm|1.0.0.20231208 sqlitebrowser.vm|3.12.2 sqlrecon.vm|3.3.0 srumecmd.vm|0.5.1.20231208 statistically-likely-usernames.vm|0.0.0.20230711 stracciatella.vm|0.7.0.20230713 streamdivert.vm|1.1.0 sumecmd.vm|0.5.2.20231208 sysinternals.vm|0.0.0.20240112 systeminformer.vm|3.0.7353 syswhispers2.vm|0.0.0.20230712 syswhispers3.vm|0.0.0.20230713 teamfiltration.vm|3.5.0.20230713 telnet.vm|0.0.0.20230317 testdisk.vm|7.2.0 timeline_explorer.vm|2.0.0.20231208 tor-browser|13.0.10 tor-browser.vm|13.0.10.20240226 total-registry.vm|0.9.7.20240228 truestedsec-remote-ops-bof.vm|0.0.0.20230713 unhook-bof.vm|0.0.0.20230713 uniextract2.vm|2.0.0.20231220 upx.vm|4.2.2 vbdec.vm|1.0.917.20240217 vcbuildtools.vm|0.0.0.20240217 vcredist140|14.36.32532 vcredist140.vm|0.0.0.20231019 vcredist2005|8.0.50727.619501 vcredist2008|9.0.30729.616104 vcredist2010|10.0.40219.32503 vcredist2012|11.0.61031.20230518 vcredist2013|12.0.40660.20180427 vcredist2015|14.0.24215.20170201 vcredist2017|14.16.27033 vcredist-all|1.0.1 visualstudio.vm|17.6.1.20240217 visualstudio2017buildtools|15.9.58 visualstudio2017-workload-vctools|1.3.3 visualstudio2022community|117.9.0 visualstudio-installer|2.0.3 vnc-viewer|7.7.0 vnc-viewer.vm|7.7.0 vscmount.vm|1.5.0.20231208 vscode.install|1.87.0 vscode.vm|1.85.2.20240304 whisker.vm|0.0.0.20230714 windbg.vm|0.0.0 winscp|6.1.1 winscp.install|6.1.1 winscp.vm|6.1.1 wireshark|4.2.3 wireshark.vm|4.2.3.20240217 wmimplant.vm|0.0.0.20240125 wxtcmd.vm|1.0.0.20231208 x64dbg.ollydumpex.vm|1.80.0 x64dbg.scyllahide.vm|1.4.0 x64dbg.vm|2024.1.6.20240123 x64dbgpy.vm|1.0.59.20240124 yara|4.5.0 yara.vm|4.5.0

Common Environment Variables

VM_COMMON_DIR: C:\ProgramData_VM TOOL_LIST_DIR: C:\Users\micha\Desktop\Tools RAW_TOOLS_DIR: C:\Tools

Additional Information

No response

Ana06 commented 8 months ago

@datboimic thanks for your issue and sorry for the late reply. Some of the tools you mentioned are broken and we are aware of it as it is tracked by our daily run: https://github.com/mandiant/VM-Packages/wiki/Daily-Failures Broken packages that are not tracked by our daily run should be reported in https://github.com/mandiant/VM-Packages and not in the installer (this repository). If the tool fails to install in the daily, likely you are not going to be able to install it neither with the installer of manually. We appreciate any help to fix packages and to report error undetected by our test-suite.