mirror of https://github.com/avast/PurpleDome
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
3.4 KiB
ReStructuredText
86 lines
3.4 KiB
ReStructuredText
===============
|
|
Windows targets
|
|
===============
|
|
|
|
Windows Vagrant boxes need a special setup. They have to be created from a running windows machine.
|
|
|
|
Windows Box
|
|
-----------
|
|
|
|
If you use Vagrant you need a vagrant box first. It is a base image the vm will be based on.
|
|
|
|
The base vm must be running in VirtualBox !
|
|
|
|
Bash::
|
|
|
|
vagrant package --base 'Windows 10 x64'
|
|
|
|
In this example the running Virtual Box VM named 'Windows 10 x64'
|
|
|
|
Adding the box in bash::
|
|
|
|
vagrant box add --name windows10_64 "file:///home/ts/vagrantboxes/win10_64/package.box"
|
|
|
|
After that it can be used under this name in a Vagrantfile.
|
|
|
|
Setting up Windows for Purple Dome
|
|
----------------------------------
|
|
|
|
* Mount the vagrant share to X: (at least my scripts expect it) *net use x:\\vboxsvr\share*
|
|
* Create a batch file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup to automatically start *caldera_agent.bat* in the vagrant share for this machine. This ensures that the caldera agent can be started in reboot
|
|
* Install OpenSSH on the windows target (https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse and https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_keymanagement)
|
|
|
|
Some SSH hints (powershell):
|
|
|
|
Powershell::
|
|
|
|
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
|
|
Start-Service sshd
|
|
Set-Service -Name sshd -StartupType 'Automatic'
|
|
Install-Module -Force OpenSSHUtils -Scope AllUsers
|
|
|
|
|
|
|
|
To create a user key in a private user folder call (as user) Powershell::
|
|
|
|
ssh-keygen
|
|
|
|
This can be used for remote login
|
|
|
|
To be able to log into the Windows box, *c:\users\PurpleDome\.ssh\authorized_keys* needs to be created. Add the public key there.
|
|
|
|
For admin users, the file is *C:\ProgramData\ssh\administrators_authorized_keys*
|
|
|
|
Copy your public key into that (open file in administrator notepad, copy&paste)
|
|
|
|
The file needs special permissions. Powershell::
|
|
|
|
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
|
|
$acl.SetAccessRuleProtection($true, $false)
|
|
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
|
|
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
|
|
$acl.SetAccessRule($administratorsRule)
|
|
$acl.SetAccessRule($systemRule)
|
|
$acl | Set-Acl
|
|
|
|
See: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows
|
|
|
|
https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps
|
|
|
|
To connect from linux call bash::
|
|
|
|
ssh -o "IdentitiesOnly=yes" -i ~/.ssh/id_rsa.3 -v PURPLEDOME@192.168.178.189
|
|
|
|
(Capital letters for user name !)
|
|
* The parameters enforce the use of a specific key. You can also drop that into the ssh config
|
|
|
|
Footnote: WinRM failed. I tried. The python code does not support ssh-style "disown". Vagrant files needed a special configuration-and sometimes failed connecting to the windows host properly. Base problem was that it does not properly support empty passwords (not on python, anyway) - and I used them for auto-login. Because some windows versions are a bit tricky with auto-login settings as they should be. Windows 10 is mutating here like hell.
|
|
|
|
SCP from and to Windows
|
|
-----------------------
|
|
|
|
Just use the user's home folder as entry and do::
|
|
|
|
scp win10:my_logs.zip .
|
|
|
|
Reduces the hassle with slashes. |