search

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Apache License 2.0
2.08k stars 349 forks source link

Git clone Sharphound fails due to choco error #818

Closed arunkumars954 closed 1 year ago

arunkumars954 commented 1 year ago

TASK [windows_common : include] **** [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks/import_playbook instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=firefox) included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=git) included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=notepadplusplus) included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=7zip) included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=adobereader) included: /opt/attack_range/packer/ansible/roles/windows_common/tasks/install_app_chocolatey.yml for ar-win-attack-range-key-pair-ar-0 => (item=python)

TASK [windows_common : install firefox] **** [WARNING]: Chocolatey was missing from this system, so it was installed during this task run. fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": true, "command": "C:\ProgramData\Chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_common : install git] **** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_common : install notepadplusplus] **** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_common : install 7zip] *** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_common : install adobereader] **** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_common : install python] ***** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": false, "command": "C:\ProgramData\chocolatey\bin\choco.exe list --local-only --limit-output --all-versions", "msg": "Error checking installation status for chocolatey packages", "rc": 1, "stderr": "", "stderr_lines": [], "stdout": "Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.\r\n", "stdout_lines": ["Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information."]} ...ignoring

TASK [windows_universal_forwarder : Download Splunk UF from Splunk website] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Install Splunk_UF MSI] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Start Splunk] ** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for outputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\win_outputs_app\local)

TASK [windows_universal_forwarder : Copy an outputs.conf using templating] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for inputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\powershell_inputs_app\local)

TASK [windows_universal_forwarder : Copy inputs.conf configuration] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for inputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\attack_simulation_inputs_app\local)

TASK [windows_universal_forwarder : Copy inputs.conf configuration] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for inputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\sysmon_inputs_app\local)

TASK [windows_universal_forwarder : Copy inputs.conf configuration] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for inputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\local)

TASK [windows_universal_forwarder : Copy inputs.conf configuration] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Create folder directory for inputs configuration] *** changed: [ar-win-attack-range-key-pair-ar-0] => (item=C:\Program Files\SplunkUniversalForwarder\etc\apps\aurora_agent_inputs_app\local)

TASK [windows_universal_forwarder : Copy inputs.conf configuration] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_universal_forwarder : Restart splunk] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : Create ansible directories] ***** changed: [ar-win-attack-range-key-pair-ar-0] => (item=c:\Program Files\ansible) changed: [ar-win-attack-range-key-pair-ar-0] => (item=c:\ProgramData\ansible\log)

TASK [sysmon : check if sysmon archive is present] ***** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : download sysmon] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : unzip sysmon] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : add sysmon to PATH] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : Copy Sysmon template] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : install sysmon with defined config] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [sysmon : WINEVT Channels Event Log Enabled] ** ok: [ar-win-attack-range-key-pair-ar-0] => (item=Microsoft-Windows-Sysmon/Operational)

TASK [sysmon : WINEVT Channels Event Log size review] ** changed: [ar-win-attack-range-key-pair-ar-0] => (item=Microsoft-Windows-Sysmon/Operational)

TASK [sysmon : WINEVT Channels Event Log retention review] ***** changed: [ar-win-attack-range-key-pair-ar-0] => (item=Microsoft-Windows-Sysmon/Operational)

TASK [sysmon : Reboot server] ** changed: [ar-win-attack-range-key-pair-ar-0]

PLAY RECAP ***** ar-win-attack-range-key-pair-ar-0 : ok=47 changed=31 unreachable=0 failed=0 skipped=1 rescued=0 ignored=6

==> ar-win-attack-range-key-pair-ar-0: Running provisioner: ansible... ar-win-attack-range-key-pair-ar-0: Running ansible-playbook... [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [all] *****

TASK [Gathering Facts] ***** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [set_hostname_win : Change the hostname] ** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [set_hostname_win : reboot | Rebooting Server] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_splunk_post : Change Splunk password] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_splunk_post : Change Hostname] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [windows_splunk_post : Restart] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : features | Installing Windows DNS Server] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : reboot | Rebooting Server] **** skipping: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : set local admin password] ***** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : features | Installing RSAT AD Admin Center] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : features | Installing AD Domain Services] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Creating a windows domain] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Setting DNS Servers] ** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : reboot | Rebooting Server] **** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Managing Domain Controller Membership] **** ok: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Enable Kerberos LogLevel] ***** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Enable Kerberos Authentication Service Logging] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [create_domain_controller : Enable Kerberos Service Ticket Operations Logging] *** changed: [ar-win-attack-range-key-pair-ar-0]

TASK [update_sysmon_config : Copy Sysmon template] ***** skipping: [ar-win-attack-range-key-pair-ar-0]

TASK [update_sysmon_config : install sysmon with defined config] *** skipping: [ar-win-attack-range-key-pair-ar-0]

TASK [update_sysmon_config : Reboot server] **** skipping: [ar-win-attack-range-key-pair-ar-0]

TASK [red_team_tools : Git clone SharpHound] *** fatal: [ar-win-attack-range-key-pair-ar-0]: FAILED! => {"changed": true, "cmd": "git clone https://github.com/BloodHoundAD/SharpHound3.git C:\tools\SharpHound3", "delta": "0:00:01.031985", "end": "2023-07-04 14:28:21.452308", "msg": "non-zero return code", "rc": 1, "start": "2023-07-04 14:28:20.420323", "stderr": "git : The term 'git' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the \r\nspelling of the name, or if a path was included, verify that the path is correct and try again.\r\nAt line:1 char:65\r\n+ ... le]::InputEncoding = New-Object Text.UTF8Encoding $false; git clone h ...\r\n+ ~\r\n + CategoryInfo : ObjectNotFound: (git:String) [], CommandNotFoundException\r\n + FullyQualifiedErrorId : CommandNotFoundException", "stderr_lines": ["git : The term 'git' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the ", "spelling of the name, or if a path was included, verify that the path is correct and try again.", "At line:1 char:65", "+ ... le]::InputEncoding = New-Object Text.UTF8Encoding $false; git clone h ...", "+ ~", " + CategoryInfo : ObjectNotFound: (git:String) [], CommandNotFoundException", " + FullyQualifiedErrorId : CommandNotFoundException"], "stdout": "", "stdout_lines": []}

PLAY RECAP ***** ar-win-attack-range-key-pair-ar-0 : ok=17 changed=13 unreachable=0 failed=1 skipped=4 rescued=0 ignored=0

Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again.

arunkumars954 commented 1 year ago

Resolved by manually installing the choco on Windows server. Initial failure cause was .NET framework installation required reboot to continue installing choco.