search

rapid7 / metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
Other
4.78k stars 1.15k forks source link

Operation did not complete successfully because the file contains a virus or potentially unwanted software. #592

Closed farhangamary closed 1 year ago

farhangamary commented 1 year ago

Issue Description

Trying to build the virtualbox artifact manually from cloned source code with packer - using the _windows_2008r2.json template, it downloads the files starts the virtualbox, installs the machine and starts it successfully:

virtualbox-iso: Mounting ISOs...
    virtualbox-iso: Mounting boot ISO...
==> virtualbox-iso: Deleting any current floppy disk...
==> virtualbox-iso: Attaching floppy disk...
==> virtualbox-iso: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 4239)
==> virtualbox-iso: Executing custom VBoxManage commands...
    virtualbox-iso: Executing: modifyvm metasploitable3-win2k8 --memory 4096
    virtualbox-iso: Executing: modifyvm metasploitable3-win2k8 --cpus 2
==> virtualbox-iso: Starting the virtual machine...
==> virtualbox-iso: Waiting 10m0s for boot...
==> virtualbox-iso: Typing the boot command...
==> virtualbox-iso: Using SSH communicator to connect: 127.0.0.1
==> virtualbox-iso: Waiting for SSH to become available...
==> virtualbox-iso: Connected to SSH!
==> virtualbox-iso: Uploading VirtualBox version info (6.1.38)
==> virtualbox-iso: Uploading VirtualBox guest additions ISO...
==> virtualbox-iso: Skipping shell-local due to runtime OS
==> virtualbox-iso: Running local shell script: C:\Users\???\AppData\Local\Temp\packer-she???.cmd
    virtualbox-iso:
    virtualbox-iso: ???\metasploitable3>cd ????\metasploitable3\packer\templates/../../resources   && powershell ???\metasploitable3\packer\templates/../../resources/download-windows-files.ps1
    virtualbox-iso: Downloading dotNet 4.5.2
    virtualbox-iso: Downloading Windows Management Framework 5.1
==> virtualbox-iso: Uploading ???\metasploitable3\packer\templates/../../scripts => C:/vagrant
==> virtualbox-iso: Uploading ???\metasploitable3\packer\templates/../../resources => C:/vagrant

but at the end when trying to make the vagrant box file, my windows defender, detects a backdoor or a virus and doesn't let it to get copied:

 ==> virtualbox-iso: Upload failed: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.
==> virtualbox-iso: Provisioning step had errors: Running the cleanup provisioner, if present...
==> virtualbox-iso: Cleaning up floppy disk...
==> virtualbox-iso: Deregistering and deleting VM...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored after 11 minutes 41 seconds: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.

==> Wait completed after 11 minutes 41 seconds

==> Some builds didn't complete successfully and had errors:
--> virtualbox-iso: open ???\metasploitable3\resources\backdoors\caidao.asp: Operation did not complete successfully because the file contains a virus or potentially unwanted software.

==> Builds finished but no artifacts were created.

Is something wrong with the whole process? Any fix or suggestion please? - I will of course not deactivate the defender or let any harmful or suspicious file.

Host System

Command Output

bcoles commented 1 year ago

Any fix or suggestion please?

The script is failing when accessing this backdoor:

https://github.com/rapid7/metasploitable3/blob/master/resources/backdoors/caidao.asp

You can read source code - the file contents are plain text.

You could try removing the contents of the file so that the image is built with an empty file. However, it is likely that the build will fail when processing other files, such as the other backdoors:

I will of course not deactivate the defender or let any harmful or suspicious file.

Perhaps reconsider what you are trying to achieve. You are working with intentionally vulnerable and malicious files.

If someone has network access to your Metasploitable host, a deliberately malicious or "suspicious" backdoor is barely worse than an intentionally vulnerable and exploitable application.

farhangamary commented 1 year ago

Yes, no backdoor could be copied because of the defender, so the script failed - I have found a safe workaround for it. As it is explained and it was indeed no issue I am closing this report.