metasploit-baseline-builder

Purpose

This project provides baseline virtual machines for creation of testing environments requiring primarily windows based targets.

Pre-Requisites

Prior to usage of the utility provided here the following must be obtained or configured:

• A virtualization platform (i.e. VMWare Fusion, VMWare Workstation, VirtualBox)
• Packer (https://www.packer.io/)
• Installation media for the desired operating systems.
• Python >= 2.7.11

Installation

pip install cpe-utils
pip install python-packer
pip install tqdm
pip install vm-automation

Usage

General

Obtain all required iso files listed in iso_list.json make them available at <install location>/iso To build the msf_host be sure to init submodules

git submodule init
git submodule update

VMWare Fusion and Workstation

python build_baselines.py [options]
python build_msf_host.py [options]

WMWare ESXI (vsphere)

Create an esxi_config.json with the required parameters.

{
  "esxi_host": "",
  "esxi_datastore": "",
  "esxi_cache_datastore": "",
  "esxi_username": "",
  "esxi_password": "",
  "esxi_network": ""
}

Configure the ESXI server:

Purloined from Nick Charlton's December 2016 writeup. Thank you!

Enable SSH

Inside the web UI, navigate to “Manage”, then the “Services” tab. Find the entry called: “TSM-SSH”, and enable it.

You may wish to enable it to start up with the host by default. You can do this inside the “Actions” dropdown (it’s nested inside “Policy”).

Enable “Guest IP Hack”

Run the following command on the ESXi host:

esxcli system settings advanced set -o /Net/GuestIPHack -i 1

This allows Packer to infer the guest IP from ESXi, without the VM needing to report it itself.

Open VNC Ports on the Firewall

Packer connects to the VM using VNC, so open a range of ports to allow it to connect to it.

First, ensure you can edit the firewall configuration:

chmod 644 /etc/vmware/firewall/service.xml
chmod +t /etc/vmware/firewall/service.xml

Then append the range we want to open to the end of the file:

<service id="1000">
  <id>packer-vnc</id>
  <rule id="0000">
    <direction>inbound</direction>
    <protocol>tcp</protocol>
    <porttype>dst</porttype>
    <port>
      <begin>5900</begin>
      <end>6000</end>
    </port>
  </rule>
  <enabled>true</enabled>
  <required>true</required>
</service>

Finally, restore the permissions and reload the firewall:

chmod 444 /etc/vmware/firewall/service.xml
esxcli network firewall refresh

Execute the build

python build_baselines.py [options]
python build_msf_host.py [options]

Docker Environment

Create a local user jenkins with UID=1001

cd docker
docker build -t rapid7/build:payload-lab .

To execute the build process:

docker run --rm=true --tty -u jenkins \
    --volume=${FULL_PATH_TO_WORKING_DIR}:/r7-source \
    --workdir=/r7-source/metasploit-baseline-bulder rapid7/build:payload-lab \
    bash -l -c "python build_baselines.py [options]"
docker run --rm=true --tty -u jenkins \
    --volume=${FULL_PATH_TO_WORKING_DIR}:/r7-source \
    --workdir=/r7-source/metasploit-baseline-bulder rapid7/build:payload-lab \
    bash -l -c "python build_msf_host.py [options]"

Logging Output

When executed output for each VM will have logs in <WORKING_DIR>/tmp/<VM_NAME>

It Did Not Work?

Check the output log files in each <VM_NAME> ls -lrt metasploit-baseline-builder/*/output.log will give the output logs in time order. The most recent log is the one you should check.