Windows Offensive VM from Mandiant FireEye
Last time, I wrote a high-level overview of Commando VM and why it is important for both red and blue teamers to be familiar with the tools that come pre-packaged in testing platforms like this one. Today, I’ll be covering the installation and any configuration needed to get up and running with Commando VM.
Commando VM can be installed on a virtual machine or physical machine but for ease of use and deployment, I’d suggest to use virtual. This will allow you to take snapshots along the way and roll back from any issues you may experience throughout the process. The minimum requirements for your machine to run Commando VM are 60 GB of space and 2 GB of memory, which are the same specs that I’ll be using today. The recommended specifications on their GitHub page are 80+ GB of space, 4+ GB of memory and 2 network adapters. The package can be installed on Windows 7 SP1 or Windows 10, but Windows 10 allows for more features to be installed.
Once you’ve got your Windows 7 SP1 or Windows 10 machine installed, you’ll want to ensure that it is fully patched. At this point, the creators of Commando VM recommend taking a snapshot, so you have a clean state pre-installation. Once you’re ready to start the installation of Commando VM, you can download it from the GitHub here.
Commando VM is installed in 3 pretty simple steps:
- Start an elevated PowerShell prompt
- Set the execution policy to unrestricted
- Set-ExecutionPolicy unrestricted
- Run the install.ps1 installation script found in the commando-vm-master package.
As you can see, once you launch the installation script, it will run some prerequisite checks and ask if you’d like to take a snapshot prior to installation. The script will prompt you for credentials so it can log in and continue installing after a reboot. During the process, your PowerShell window will give you updates as to what it is installing, and you’ll see various popups for software being installed automatically. Commando VM goes ahead and removes or disables a lot of the junk that Windows comes prepackaged with, since it isn’t needed on a machine used for penetration testing. The whole process took roughly an hour and a half from start to finish, with 5+ reboots during the entire process. Each interval took about 10-15 minutes before a reboot, at which point it started back up, auto-logged in and continued to install more applications. Depending on the resources and internet speed of your virtual machine, you may have a different installation experience, it may be quicker or take longer. You’ll know its complete when it logs you back in with a new background and a command prompt waiting for your action. Be sure to take a snapshot so you can start fresh if and when needed!
Now that Commando VM is installed, I wanted to quickly poke around and share what I experienced upon initial impression of the testing platform before I dive into using any of the tools. The first thing I wanted to look into, was how many tools actually existed after the install was complete. There are over 2 GB of tools installed to C:\Tools! Definitely a lot to comb through, and a lot to work with.
Another thing I noticed was the Tool List that exists is broken up into categories for you to easily navigate and find a tool you may be looking for.
Some highlights of each category that I found interesting are below:
- Information Gathering
- Networking Tools
- Password Attacks
- Vulnerability Analysis
- Web Application
- OWASP ZAP
This is just a high-level list of things I noticed and found interesting and look forward to playing around with. Be sure to look out for my next post where I actually get my hands dirty with some of the tools that are installed with Commando VM.
Kevin Joyce is a Senior Technical Product Manager at STEALTHbits Technologies. He is responsible for building and delivering on the roadmap of STEALTHbits products and solutions.
Kevin is passionate about cyber-security and holds a Bachelor of Science degree in Digital Forensics from Bloomsburg University of Pennsylvania.