7MS #463: DIY Pentest Dropbox Tips - Part 5
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
In the last two episodes of this series (#449 and #450) we've been diving into how to not only speed up the process of spinning up a DIY pentest dropbox, but how to automate nearly the entire build process!
In today's episode we talk specifically about how to streamline the Windows 10 build process. As previously mentioned, this article is awesome for creating a core Win 10 answer file that will format C:, setup a local admin, login once to the configured desktop and then do whatever things you want it to do. Personally, I like having a single batch file get fired off that:
-
Sets the timezone with
tzutil /s "Central Standard Time"
-
Stops the VM from falling asleep with
powercfg.exe -change -standby-timeout-ac 0
-
Grabs and runs a PS file that does a ton of downloading and unzipping of files with:
invoke-webrequest https://somesite/somefile.zip -outfile c:\somewhere\somefile.zip
expand-archive c:\somewhere\somefile.zip -destinationpath "c:\somewhere\extracted\"
- Installs Windows updates with:
Install-PackageProvider -name nuget -force
Install-Module PSWindowsUpdate -force
Import-Module PSWindowsUpdate
Get-WindowsUpdate
Install-WindowsUpdate -AcceptAll -IgnoreReboot
- Sets a new name for the machine:
Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so"
Rename-Computer -LocalCredential administrator -PassThru
Write-Host "New name accepted!"
- Does a set of actions depending on the IP range with this code (which sets the IP address to a variable and then does stuff if the machine sits in that subnet):
$ip = ((ipconfig | findstr [0-9].\.)[0]).Split()[-1]
f ($ip -like "192.168.0.*") {
Invoke-Webrequest https://somesite/somefile.ps1 -OutFile c:\someplace\somefile.ps1
}
Also, I talk in this episode about how I try to host these "seed" files as securely as possible using Amazon Lightsail instances, the built-in firewall, and LetsEncrypt.