Ever wanted a sandbox lab setup without going through the trouble of manually installing multiple VMs?
Or are you regularly filling your VMs with random trash and want to get back to a clean slate, but forgot to take a snapshot?
If that is you, then I got you covered. This project contains basic lab setups to get going in whatever direction you like.
All while keeping dependencies and requirements to a minimum (VirtualBox and Vagrant).
- Install depenencies (see below).
- Clone repo and
vagrant upin a template directory like so:
git clone https://github.com/mncmb/ninevox
cd ninevox/bigwhoop
vagrant up
install virtualbox and vagrant if not already done. Make sure to have a recent version (oldest versions tested was VBox 6.1+, vagrant 2.2+).
- windows:
winget add virtualbox winget add vagrant # refresh env / open new powershell vagrant plugin install vagrant-reload
- linux (replace with your package manager):
apt install virtualbox vagrant vagrant plugin install vagrant-reload
A classic malware analysis lab environment, following the 2 box approach.
One Windows VM is used for detonation and analysis of malware, the 2nd VM acts as a router and fakes web and other services.
The template directory also contains links to guides and ressources to get started with RE.
AD amusement park.
Vagrant template to provision an active directory domain in a flat network environment. Also includes a setup script for the elastic container project.
Creates a minimal AD deployment. Use some kind of AD generator to populate it.
Take a look at the template directory for AD generators that can be used.
The beacons are lit.
Vagrantfile for provisioning a tiered active directory network environment. Useful for practicing pivoting and testing out C2 features.
Creates a minimal AD deployment. Use some kind of AD generator to populate it.
Take a look at bigwhoop template directory or use theMayors ADgen (or get the course), where the architecture is based on.
What's in there?
| directory | notes |
|---|---|
| win10dev | dev environment. Loads and installs projects and software like threatcheck, amsiTrigger, visualstudio, vscode, sysinternals, python, go, nim, c/c++ and c# build tools, x64dbg, ghidra, etc. |
| kali | kali with some additional tools, seclists, neo4j/bloodhound setup and some open source C2s, path modifications, etc. |
I find myself in the situation of redeploying these labs on different systems and with a different purpose in mind. That is why I kept them mostly bare bones.
The following settings affect your local RAM and SSD usage, which is most often the limiting factor. CPU wise you should be good to go with any somewhat recent CPU, that has atleast 4 Cores + Multithreading.
- 4 GB RAM per Windows box (can probably be reduced to 2GB if you are RAM starved)
v.linked_clone = trueVagrant settings creates a single master image and copies it for other instances of the same windows version
The linked clone setting is the reason why you will see identical windows versions in my setups. This significantly speeds up deployment and saves local storage.
A box with a name like the following will be created gusztavvargadr-ws2022s-2211.0.0-1669581676_1679088253317_23880. This is your master image.
Since this is a vagrant deployment you can connect to every system with vagrant:vagrant.
Vagrant requires interface 1 to be a NAT adapter (different than NAT network).
The first interface should not be modified, so that it can be managed by vagrant.
If you do not use the vagrant commands at all, you may change interface 1 after the first deployment.
Some useful vagrant commands.
vagrant up dc01 fs01 # only deploy/start specified hosts
vagrant up --provision # restart provisioning scripts for all systems
vagrant reload web01 # restart vm
vagrant global-status # show status of all running VMs
vagrant halt # stop all machines
vagrant destroy -f # destroy all machines without confirmation
vagrant ssh web01 # ssh into web01
vagrant winrm srv01 # winrm into srv01
vagrant ssh -- -L 1234:localhost:80 # do port fwd with vagrant ssh
vagrant snapshot push # create new snapshot
vagrant snapshot restore # restore a snapshot
vagrant upload localfile # https://developer.hashicorp.com/vagrant/docs/cli/uploadVagrant files are ruby files, so you can use all sorts of things you could do with ruby
puts group # ruby print
test = [] # ruby array init
test.push host # ruby array add
# string interpolation, see also https://stackoverflow.com/questions/19648088/pass-environment-variables-to-vagrant-shell-provisioner
shell.args = "#{vars['VAR1']} #{vars['VAR2']}"
Gem.win_platform? # check if running on windows
defined?(vboxmanage) # check if defined
out = `id` # execute id command on host and capture output in outOn Windows, the cmdline interface for Virtualbox can be started with the following command. This assumes you have installed Virtualbox under the default path.
."C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"It can be used for many things besides configuring VMs like listing and creating Network adapters.
vboxmanage natnetwork list
vboxmanage natnetwork add --netname <net_adapter> --network <dhcp_range> --enable --dhcp onThis project is based on or influenced by