Details here: https://www.reddit.com/r/netsec/comments/b6r415/fireeye_introduces_commando_vm_windows_offensive/ejol6k8/

Describe the bug and expected behavior
A clear and concise description of what the bug is.

When using the install.ps1 script some packages may fail with the below error:

Failures
 - openvpn.fireeye (exited 1) - openvpn.fireeye not installed. An error occurred during installation:
 Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Chocolatey reported an unsuccessful exit code of 1. See C:\Users\kevin\AppData\Local\Boxstarter\boxstarter.log for details.

Screenshots
If applicable, add screenshots to help explain your problem.

Version

• OS: [e.g. Win7]

Windows 7/10

Work Around
If you notice packages have failed when running the install.ps1 script, you may attempt to run the install.ps1 script again and that may resolve your issues, however, manually installing them seems much more reliable

Example:

cinst openvpn.fireeye

I quite like this but for what its worth this is my feedback.

Setup on Windows 10. No install issues on the whole. I did notice a few script errors by chance (as I was doing other stuff, its a long install) that I didnt read properly but saying that everything seems to work fine.

The README.txt on the desktop after installation:

• requests spelt wrong "reqeuests"
• Github URL is wrong "https://github.com/fireeye/commandovm"
  should be "https://github.com/fireeye/commando-vm"

Visual Studio 2019 is out now so why install 2017. .Net Core really needs 2019 and it is the way forward, especially for cross platform.

In note of that why not add some sort of config file that lets you pick versions of everything.

Maybe I actually own "paid" for versions of software so I dont want the free versions. An extra config file I could change before running the installer would help. (I could change the installer but it gets a bit messy if you change stuff).

I think Ghidra "https://github.com/NationalSecurityAgency/ghidra" should be included. In fact I think "Hacking" and "Reversing" Installs should be on the same machine these days as they sort of go hand in hand now. Why not mix your other VM (that name escapes me this moment in time). And just have one.

Though a "little personal and you would expect somebody installing this to know how beforehand" but the VM recommended disk size is smaller than some of my password text files... VM's dont have to use the full size on install so I think it should be made much larger (with a note maybe as why relative to its install size"

I'm also surprised stuff like Wpscan, Nikto, Nessus and various other very common (but quick useful) scanning tools where not included.

On the whole though so far I like it.

Bug has recurred with another fresh release of Metasploit (i.e metasploit-framework-5.0.21+20190503200152-1rapid7-1-x64.msi)

[NuGet] Installing 'metasploit.flare 5.0.19.20190423'.
[NuGet] Successfully installed 'metasploit.flare 5.0.19.20190423'.
metasploit.flare v5.0.19.20190423
metasploit.flare package files upgrade completed. Performing other installation steps.
Attempt to get headers for https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi failed.
The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi'. Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (404) Not Found."
Attempt to get headers for https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi failed.
The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi'. Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (404) Not Found."
Downloading metasploit.flare 64 bit
from 'https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi'
Downloading metasploit.flare 64 bit
from 'https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi'
ERROR: The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://windows.metasploit.com/metasploit-framework-5.0.19%2B20190423193305.git.7.b9e2e14-1rapid7-1-x64.msi'. Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (404) Not Found."
The upgrade of metasploit.flare was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\metasploit.flare\tools\chocolateyInstall.ps1'.
See log for details.
Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Failures

• metasploit.flare (exited 404) - Error while running 'C:\ProgramData\chocolatey\lib\metasploit.flare\tools\chocolateyInstall.ps1'.
  See log for details.
  Chocolatey reported an unsuccessful exit code of 404. See C:\Users\user\AppData\Local\Boxstarter\boxstarter.log for details.

• Boxstarter finished Calling Chocolatey to install metasploit.flare. This may take several minutes to complete... 00:00:10.3561916
• Boxstarter finished Calling Chocolatey to install metasploit.flare. This may take several minutes to complete... 00:00:10.3561916
  ExitCode: 404
  ExitCode: 404
  Failed to install metasploit.flare

Summary from authors GitHub

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

https://github.com/dafthack/DomainPasswordSpray

I searched for this in the readme and saw no reference of it. I apologize if I missed it.

How do I start the postgresql to enable the db for msfconsole?

Prebellico (Passive reconnaissance)
https://github.com/unixrox/prebellico

Describe the bug and expected behavior
SecLists is included in the software to be included. However, after install it doesn't show up in the wordlists shortcuts, in tools, or as something checked when running cup.

I tried to clone it myself, and it gives a partial copy, with a lot of errors (due to the types of files in SecLists?). Could these errors be why it didn't install in the first place?

To Reproduce
Try to locate SecLists.

Try to clone seclists.

Example

C:\Tools>git clone https://github.com/danielmiessler/SecLists.git
Cloning into 'SecLists'...
remote: Enumerating objects: 47, done.
remote: Counting objects: 100% (47/47), done.
remote: Compressing objects: 100% (30/30), done.
remote: Total 7765 (delta 23), reused 34 (delta 16), pack-reused 7718
Receiving objects: 100% (7765/7765), 455.42 MiB | 24.08 MiB/s, done.
Resolving deltas: 100% (3835/3835), done.
error: invalid path 'Payloads/File-Names/traversal/..\:;'
error: unable to create file Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: Filename too long
error: unable to create file Payloads/File-Names/max-length/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.php.gif: Filename too long
error: unable to create file Payloads/File-Names/traversal/..::..::;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/..::;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/..:;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/..;:: Invalid argument
error: unable to create file Payloads/File-Names/traversal/.:..:: Invalid argument
error: unable to create file Payloads/File-Names/traversal/.:..:;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/.:;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/.;:: Invalid argument
error: unable to create file Payloads/File-Names/traversal/:..:;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/::..::;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/:;: Invalid argument
error: unable to create file Payloads/File-Names/traversal/;:: Invalid argument
error: unable to create file Payloads/File-Names/traversal/;\:: Invalid argument
Checking out files: 100% (5215/5215), done.
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry the checkout with 'git checkout -f HEAD'

Version

• OS: Win10

when executing the script the following error displays:
`At C:\install.ps1:147 char:190

• ... ata-ga-click="(Logged out) Header, go to Features">Features <span cla ...

•                                                             ~
  

The '<' operator is reserved for future use.
At C:\install.ps1:147 char:261

• ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...

•                                                             ~
  

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in
double quotation marks ("&") to pass it as part of a string.
At C:\install.ps1:160 char:255

• ... ogged out) Header, go to Customer stories">Customer stories <span cla ...

•                                                             ~
  

The '<' operator is reserved for future use.
At C:\install.ps1:160 char:326

• ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...

•                                                             ~
  

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in
double quotation marks ("&") to pass it as part of a string.
At C:\install.ps1:161 char:231

• ... ata-ga-click="(Logged out) Header, go to Security">Security <span cla ...

•                                                             ~
  

The '<' operator is reserved for future use.
At C:\install.ps1:161 char:302

• ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...

•                                                             ~
  

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in
double quotation marks ("&") to pass it as part of a string.
At C:\install.ps1:181 char:222

• ... a-click="(Logged out) Header, go to Explore">Explore GitHub <span cla ...

•                                                             ~
  

The '<' operator is reserved for future use.
At C:\install.ps1:181 char:293

• ... ="Bump-link-symbol float-right text-normal text-gray-light">→</s ...

•                                                             ~
  

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in
double quotation marks ("&") to pass it as part of a string.
At C:\install.ps1:184 char:102

• ... light text-normal text-mono f5 mb-2 border-top pt-3">Learn & con ...

•                                                             ~
  

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in
double quotation marks ("&") to pass it as part of a string.
At C:\install.ps1:217 char:185

• ... r" data-ga-click="(Logged out) Header, go to Pricing">Plans <span cla ...

•                                                             ~
  

The '<' operator is reserved for future use.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : RedirectionNotSupported`
set-executionpolicy unrestricted is done, so i expected not to ask whether to run install.ps1 or not. any ideas?

The installation of cyberchef.flare fails during the attempted association of ".htm" with chrome.exe, because chrome.exe did not exist.

Started with a clean Windows 10 VM from Win10_1809Oct_v2_English_x64.iso
Chrome was not manually installed by me prior to the attempt to install Commando.

During installation, cyberchef.flare failed with this error in the Chocolately log file:

Running 'ChocolateyScriptRunner' for cyberchef.flare v8.27.0.20190328 with packageScript 'C:\ProgramData\chocolatey\lib\cyberchef.flare\tools\chocolateyInstall.ps1', packageFolder:'C:\ProgramData\chocolatey\lib\cyberchef.flare', installArguments: '', packageParameters: '',
Running 'C:\ProgramData\chocolatey\lib\cyberchef.flare\tools\chocolateyInstall.ps1'
Running Install-ChocolateyFileAssociation -extension '.htm' -executable 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' does not exist, not able to create association
ERROR: 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' does not exist, not able to create association
Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1';& Import-Module 'C:\ProgramData\boxstarter\Boxstarter.chocolatey\Boxstarter.chocolatey.psd1' -DisableNameChecking -ArgumentList $true; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\cyberchef.flare\tools\chocolateyInstall.ps1' -installArguments '' -packageParameters '''] exited with '-1'.
Calling command ['"C:\Windows\System32\shutdown.exe" /a']
Command ['"C:\Windows\System32\shutdown.exe" /a'] exited with '1116'

the installer install the Red Team, however there is also a blue team, how to switch to that one or how to install the blue team directly on first install run?

Would you like have a tool or script added? Please include a link
wfuzz
https://github.com/xmendez/wfuzz

Is your feature request related to a problem? Please describe.
Useful for some many things when interacting with a website. Can FUZZ paths, arguments, parameters, headers, cookies, subdomains, etc.

If related to a problem, describe the solution you'd like
Install and get working well on Windows system.

Describe alternatives you've considered
I can install it myself (\python27\python -m pip install wfuzz). It doesn't work great. The output is very laggy, and it runs slow.

How can I change the path of PS_Transcripts?

Several packages fail with "Received an unexpected EOF or 0 bytes from the transport stream" error. The following packages always fail:

tortoisesvn 1.11.1.28492
autoit.install 3.3.14.5
putty.portable 0.71
vlc 3.0.6
winscp.install 5.15
autohotkey.portable 1.1.30.01
gimp 2.10.8
fiddler 5.0.20182.28034
HxD 2.2.1.0
openvpn.fireeye 2.4.6.20190314
commandovm.win10.config.fireeye 1.0.0.2

This occurs on a clean Windows 10 VM created from this ISO: Win10_1809Oct_v2_English_x64

For each one, you can see the package downloading from 0% to almost 100%. Something must fail and it retries the download, going from 0% to 90-ish%. Then the failure is registered in the command window. For instance:

Progress: Downloading openvpn.fireeye 2.4.6.20190314... 91% openvpn.fireeye not installed. An error occurred during installation:
Received an unexpected EOF or 0 bytes from the transport stream.

I see this in the boxstarter log file:

openvpn.fireeye is not installed. Installing...
[NuGet] Attempting to resolve dependency 'chocolatey (≥ 0.10.8)'.
openvpn.fireeye not installed. An error occurred during installation:
Received an unexpected EOF or 0 bytes from the transport stream.
openvpn.fireeye package files upgrade completed. Performing other installation steps.
No package information as package is null.
No package information as package is null.
No package information to save as package is null.
No package information to save as package is null.
Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...
The upgrade of openvpn.fireeye was NOT successful.
openvpn.fireeye not installed. An error occurred during installation:
Received an unexpected EOF or 0 bytes from the transport stream.

Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

• openvpn.fireeye (exited 1) - openvpn.fireeye not installed. An error occurred during installation:
  Received an unexpected EOF or 0 bytes from the transport stream.
  Sending message 'PostRunMessage' out if there are subscribers...
  [2019-03-31T15:25:37.6996320-07:00:::PID 7848] Boxstarter: restoring current directory location to C:\Windows\system32
  VERBOSE: Boxstarter: restoring current directory location to C:\Windows\system32
  [2019-03-31T15:25:37.6996320-07:00:::PID 7848] Boxstarter: Exit Code: 1
  VERBOSE: Boxstarter: Exit Code: 1
  Chocolatey reported an unsuccessful exit code of 1. See C:\Users\tonyk\AppData\Local\Boxstarter\boxstarter.log for details.
  [2019-03-31T15:25:37.7152552-07:00:::PID 7848] + Boxstarter finished Calling Chocolatey to install openvpn.fireeye. This may take several minutes to complete... 00:03:46.7459448
  [2019-03-31T15:25:37.7152552-07:00:::PID 7848] + Boxstarter finished Calling Chocolatey to install openvpn.fireeye. This may take several minutes to complete... 00:03:46.7459448

• Boxstarter finished Calling Chocolatey to install openvpn.fireeye. This may take several minutes to complete... 00:03:46.7459448
  [2019-03-31T15:25:37.7309341-07:00:::PID 7848]

[2019-03-31T15:25:37.7465312-07:00:::PID 7848] ExitCode: 1
ExitCode: 1
Failed to install openvpn.fireeye

https://github.com/nettitude/PoshC2 is no longer maintained (see the readme), instead an official python edition has been created and is now far further ahead than the original build: https://github.com/nettitude/PoshC2_Python/

As python is already being installed, please consider using this version which is more fully featured and up-to-date.

Packer (https://www.packer.io) lets us write templates for virtual machines and turns them into VM images that can be deployed to AWS/DigitalOcean/VMWare/VirtualBox/etc

We should write 1 Packer template each for AWS, VMWare, and VirtualBox IMO, and then add additional providers later.

This would enable people to create VMs quickly, without leaving the command line.

Because Packer supports Powershell provisioners, we could keep our existing Powershell installation script and not replace it with another tool like Ansible.

Talked about this with Blaine Stancill from FLARE on 3/29/18

Would you like have a tool or script added? Please include a link
gobuster
https://github.com/OJ/gobuster/releases

Is your feature request related to a problem? Please describe.
Web path enumeration

If related to a problem, describe the solution you'd like
Have gobuster installed

Describe alternatives you've considered
I can install it myself.

Description
The Bug is where outta nowhere it will start freezing and lagging hard.

To Reproduce
Steps to reproduce the behavior:

1. It starts outta nowhere!

Version

• OS: [e.g. Win10 Home]
• Version: [10.0.17134]
• Build [17134]

Describe the bug and expected behavior
Metasploit keeps getting re-downloaded again and again saying that the hashes don't match. Not sure if chocolatey is doing the checksum check. What can I do?

Describe the bug and expected behavior
When executing cup all, cup cmder.fireeye or cup commandovm.win10.config.fireeye certain tools will be unpinned:

• Cmder
• cmd.exe
• Powershell.exe
• Explorer.exe

Version

• OS: Windows 10

Additional context
Users may manually pin programs back to the taskbar until the bug is identified/fixed

I have found that there several different programs are old. One example is Rubeus from harmj0y's ghostpack. The version is 1.2.1. The most up to date version is 1.4.2.

I think we should add Choco packages for additional programming languages:

• Perl
• Ruby
• PHP

This'll help pentesters build tools quickly, without worrying about how to install software on Commando. Also, this'll help pentesters who don't have Internet access on their VM or computer and can't download additional software.

Feel free to assign this to me.

Metasploit Fails to install
Directory empty.

To Reproduce
Steps to reproduce the behavior:

1. Set-ExecutionPolicy Unrestricted
2. .\install.ps1

Error
Chocolatey installed 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

• Metasploit - Metasploit not installed. The package was not found with the source(s) listed.
  Source(s): 'https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2/'
  NOTE: When you specify explicit sources, it overrides default sources.
  If the package version is a prerelease and you didn't specify --pre,
  the package may not be found.
  Please see https://chocolatey.org/docs/troubleshooting for more
  assistance.

Version

• OS: Windows 10 x64

Would you like have a tool or script added? Please include a link
Notepad ++.

Describe the bug and expected behavior
When I run nmap with -sT flag, it hangs. It may only occur with the -p- option. Looking in wireshark, I see it making connections to the same port over and over again. The port seems to change on each run, but always an open port. I've tried on multiple hosts, both windows and linux targets.

To Reproduce
Steps to reproduce the behavior:

1. open cmder
2. open wireshark and start capture on appropriate interface
3. run nmap -sT -p- --min-rate 10000 [ip with a couple ports open]
4. look at statistics -> conversations in wireshark and see one port getting connected to over and over.

Example
Without -sT, finishes all ports in 32 seconds. With it, it's 2.5 minutes in, with 2.5 hours remaining.

Z:\+
λ nmap -p- --min-rate 10000 10.10.10.131
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:11 GMT Daylight Time
Warning: 10.10.10.131 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.10.131
Host is up (0.064s latency).
Not shown: 64681 closed ports, 850 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 32.12 seconds

Z:\+
λ nmap -sT -p- --min-rate 10000 10.10.10.131
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:12 GMT Daylight Time
Stats: 0:02:24 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 1.58% done; ETC: 00:43 (2:28:54 remaining)

If I look in wireshark, I have about 100 conversations with port 21 already (Linux target).

Second target, Windows host:

Z:\+
λ nmap -p- --min-rate 10000 10.10.10.132
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:18 GMT Daylight Time
Nmap scan report for 10.10.10.132
Host is up (0.041s latency).
Not shown: 65530 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
445/tcp   open  microsoft-ds
5985/tcp  open  wsman
8080/tcp  open  http-proxy
49667/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 14.00 seconds

Z:\+
λ nmap -sT -p- --min-rate 10000 10.10.10.132
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:18 GMT Daylight Time
Stats: 0:00:49 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 1.73% done; ETC: 23:06 (0:46:27 remaining)

Wireshark shows this one gets stuck on 8080 (managed engine servicedesk plus).

Third example, edge router x in local network:

Z:\+
λ nmap -p- --min-rate 10000 10.1.1.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:20 GMT Daylight Time
Nmap scan report for 10.1.1.1
Host is up (0.00s latency).
Not shown: 65530 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
53/tcp    open  domain
80/tcp    open  http
443/tcp   open  https
10001/tcp open  scp-config
MAC Address: 80:2A:A8:DE:99:EF (Ubiquiti Networks)

Nmap done: 1 IP address (1 host up) scanned in 4.11 seconds

Z:\+
λ nmap -sT -p- --min-rate 10000 10.1.1.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-09 22:20 GMT Daylight Time
Stats: 0:00:40 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 1.39% done; ETC: 23:07 (0:46:13 remaining)

Repeated scans to 443, https.

Version

• OS: Windows 10

Additional context
First two hosts are over VPN to Hackthebox.eu targets. Third example is in local network.

Example:

• ping refers to C:\Python27\Scripts\ping.py
• reg refers to impacket's reg script

What are the setup details for Bloodhound, I tried the pw bloodhound and that did not work.

Would you like have a tool or script added? Please include a link
Name of the tool requested and a link to the tool

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

If related to a problem, describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

I want to use it in packaged box with vitual box 6.0. is there a resource that in VagrantClound.

Installing on a vanilla Win10 VM fails when a proxy is configured which requires authentication:

[ * ] Installing Boxstarter
Exception calling "DownloadString" with "1" argument(s): "The remote server returned an error: (407) Proxy
Authentication Required."
At C:\Users\user\Desktop\commando-vm-master\install.ps1:60 char:3
+   iex ((New-Object System.Net.WebClient).DownloadString('http://boxst ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

My internet speed is very slow. When I installed it for nearly 12 hours, there was a power outage. The installation was not completed. What should I do?

Commando/Boxstarter is installed and other apps and tools seem to be OK - still testing.

When I attempt to run Metasploit - msfconsole - I see the following error.
Do I need to modify any Ruby environmental variables or update Ruby?
Traceback (most recent call last):
6: from internal:gem_prelude:2:in <internal:gem_prelude>' 5: from <internal:gem_prelude>:2:in require'
4: from C:/metasploit-framework/embedded/lib/ruby/site_ruby/2.5.0/rubyge
ms.rb:116:in <top (required)>' 3: from C:/metasploit-framework/embedded/lib/ruby/site_ruby/2.5.0/rubyge ms.rb:1365:in module:Gem'
2: from C:/metasploit-framework/embedded/lib/ruby/site_ruby/2.5.0/rubyge
ms.rb:1365:in require' 1: from C:/metasploit-framework/embedded/lib/ruby/site_ruby/2.5.0/rubyge ms/specification.rb:18:in <top (required)>'
C:/metasploit-framework/embedded/lib/ruby/site_ruby/2.5.0/rubygems/specification
.rb:18:in `require': incompatible library version - C:/metasploit-framework/embe
dded/lib/ruby/2.5.0/x64-mingw32/stringio.so (LoadError)

install.ps1 error under Windows 10 Enterprise fully updated:

_Chocolatey

Chocolatey : Chocolatey reported an unsuccessful exit code of 1. See
C:\Users\Admin\AppData\Local\Boxstarter\boxstarter.log for details.
At C:\ProgramData\boxstarter\BoxStarter.Chocolatey\Invoke-ChocolateyBoxstarter.ps1:199 char:5

• Chocolatey install $bootstrapPackage -source $source -force:$forc ...
  

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chocolatey

very nice, but why it is not with kali linux
apt-get does not work

have you done it with ubuntu?

sorry if iam wrong

Is there a tool available like responder or could it be added? Apologies if there is a look a like tool, but i couldn't find it.

i have this error when I tried execute ps1

[NuGet] Installing 'proxycap.fireeye 5.32.0.2'.
[NuGet] Successfully installed 'proxycap.fireeye 5.32.0.2'.

proxycap.fireeye v5.32.0.2
proxycap.fireeye package files upgrade completed. Performing other installation steps.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
File appears to be downloaded already. Verifying with package checksum to determine if it needs to be redownloaded.
Error - hashes do not match. Actual value was 'A59426233B10B0CB4512CC5022AA9D40DF43CD98A361AD86A9A279EB640825D6'.
Downloading proxycap.fireeye 64 bit
from 'http://www.proxycap.com/download/pcap532_x64.msi'
Downloading proxycap.fireeye 64 bit
from 'http://www.proxycap.com/download/pcap532_x64.msi'
WARNING: C:\Users\user\AppData\Local\Temp\ProxyCap.installer.msi is of content type text/html; charset=UTF-8
Progress: 100% - Completed download of C:\Users\user\AppData\Local\Temp\ProxyCap.installer.msi (8.55 KB).

Download of ProxyCap.installer.msi (8.55 KB) completed.
Download of ProxyCap.installer.msi (8.55 KB) completed.
Error - hashes do not match. Actual value was 'A59426233B10B0CB4512CC5022AA9D40DF43CD98A361AD86A9A279EB640825D6'.
ERROR: Checksum for 'C:\Users\user\AppData\Local\Temp\ProxyCap.installer.msi' did not meet '3B3FD836AB5D549E96D2A4C12C3884CEDC842EDF8397B7B555B83C79DBB7C40A' for checksum type 'sha256'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary.
The upgrade of proxycap.fireeye was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\proxycap.fireeye\tools\chocolateyInstall.ps1'.
See log for details.

Chocolatey upgraded 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

• proxycap.fireeye (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\proxycap.fireeye\tools\chocolateyInstall.ps1'.
  See log for details.
  Chocolatey reported an unsuccessful exit code of -1. See C:\Users\user\AppData\Local\Boxstarter\boxstarter.log for details.

• Boxstarter finished Calling Chocolatey to install proxycap.fireeye. This may take several minutes to complete... 00:00:12.3780691
• Boxstarter finished Calling Chocolatey to install proxycap.fireeye. This may take several minutes to complete... 00:00:12.3780691
  ExitCode: -1
  ExitCode: -1
  Failed to install proxycap.fireeye

Describe the bug and expected behavior
Commando install script is not finding the metasploit install file.

Downloading metasploit.flare 64 bit from 'https://windows.metasploit.com/metasploit-framework-5.0.14%2B20190325163246-1rapid7-1-x64.msi' Downloading metasploit.flare 64 bit from 'https://windows.metasploit.com/metasploit-framework-5.0.14%2B20190325163246-1rapid7-1-x64.msi' ERROR: The remote file either doesn't exist, is unauthorized, or is forbidden for url 'https://windows.metasploit.com/metasploit-framework-5.0.14%2B20190325163246-1rapid7-1-x64.msi'. Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (404) Not Found." The upgrade of metasploit.flare was NOT successful. Error while running 'C:\ProgramData\chocolatey\lib\metasploit.flare\tools\chocolateyInstall.ps1'. See log for details.

Version

• OS: Win10 Pro

Additional context
Add any other context about the problem here.

Would you like have a tool or script added? Please include a link
Name of the tool requested and a link to the tool

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

If related to a problem, describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Hello,
I am in the process of installing this on Win 10 Ent 64 VM through VirtualBox, but I keep seeing this message popping up during the install.

WARNING: Installation of this MSI is not supported on this platform. Contact package maintainer(s) if you feel this is in error or if you need an architecture that is not available with the current packaging.

Then whatever comes after it is in red text saying that the Install failed.

Is this a known issue, if so, how can I proceed to remedy this issue.

Hello guys
Thank you for the awesome efforts.

Please add the latest version of Ruby 2.6 and its DevKit.

Chose #3

Thanks!

Describe the bug and expected behavior
Credit @WHumphreys . Readme.txt in the installer packages has the wrong URL for commando VM.

Version

• OS: Win7, Win10

Greetings distinguished Mandiant colleagues,

I don't know if the licensing allows it, but I am curious if CommandoVM would be able to implement FactionC2 MARAUDER released at TROOPERS19; my understanding is it was developed by one of the red team Jareds on twitter dot com.

I'm still getting caught up on CommandoVM's implementation of various command & control services, so I'll save similar questions for others like byt3bl33d3r's SILENTTRINITY for the future.

Full disclosure: I am primarily interested in this because I like the logo (this is well-documented) and because I'd like to find more diverse build servers & payloads in the wild. 😉

Solution is to install 2nd network adapter onto the VM before running the install script or installing Nmap.

Possible fix is to download and reinstall Nmap if you do not want to revert snapshot and/or reinstall Commando.

Aircrack-ng ?

After a fresh install on a new Windows 10 Pro VM with 60GB disk, I downloaded Ghidra and couldn't unzip it due to the disk being full. Please increase the recommended disk space in the README.

Receiving the following error when running "cup all" post installation.

...
vcredist2015 v14.0.24215.20170201 is the latest version available based on your source(s).
vcredist2017 v14.16.27027.1 is the latest version available based on your source(s).

visualstudio-installer was not found with the source(s) listed.
If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
Version: ""; Source(s): "https://www.myget.org/F/fireeye/api/v2;https://chocolatey.org/api/v2/"

visualstudio2017-workload-netcoretools v1.2.2 is the latest version available based on your source(s).
visualstudio2017community v15.9.10.0 is the latest version available based on your source(s).
...

I reran the install.ps1 script to be certain everything was installed and I received all green results (no red).

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

So what?

That's all, this message is just to notify you if you care.

Running the install.ps1 results in various errors, due to a connection that is forcibly closed by the remote host.

Running the installer multiple times doesn't fix it. Some error over and over again.

No proxy, no VPN, no firewall.

Windows 10 client is a virtual machine on the latest version of VirtualBox.

Any ideas anyone?

Regards
Tom

To Reproduce
Steps to reproduce the behavior:

1. run install.ps1

Screenshots

If applicable, add screenshots to help explain your problem.

Version

• OS: Win 10

Additional context
Add any other context about the problem here.
Part of boxstarter.log:

Failures
 - commandovm.win10.config.fireeye (exited 1) - commandovm.win10.config.fireeye not installed. An error occurred during installation:
 Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Sending message 'PostRunMessage' out if there are subscribers...
[2019-04-17T16:42:09.9445775+02:00:::PID 3168] Boxstarter: restoring current directory location to C:\Users\root\Desktop\commando-vm-master\commando-vm-master
VERBOSE: Boxstarter: restoring current directory location to C:\Users\root\Desktop\commando-vm-master\commando-vm-master
[2019-04-17T16:42:09.9445775+02:00:::PID 3168] Boxstarter: Exit Code: 1
VERBOSE: Boxstarter: Exit Code: 1
Chocolatey reported an unsuccessful exit code of 1. See C:\Users\root\AppData\Local\Boxstarter\boxstarter.log for details.
[2019-04-17T16:42:09.9587221+02:00:::PID 3168] + Boxstarter finished Calling Chocolatey to install commandovm.win10.config.fireeye. This may take several minutes to complete... 00:02:03.2208932
[2019-04-17T16:42:09.9587221+02:00:::PID 3168] + Boxstarter finished Calling Chocolatey to install commandovm.win10.config.fireeye. This may take several minutes to complete... 00:02:03.2208932
+ Boxstarter finished Calling Chocolatey to install commandovm.win10.config.fireeye. This may take several minutes to complete... 00:02:03.2208932
0
Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1';& Import-Module 'C:\ProgramData\boxstarter\Boxstarter.chocolatey\Boxstarter.chocolatey.psd1' -DisableNameChecking -ArgumentList $true; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\tools\chocolateyinstall.ps1' -installArguments '' -packageParameters '''] exited with '0'.
Only an exit code of non-zero will fail the package by default. Set 
 `--failonstderr` if you want error messages to also fail a script. See 
 `choco -h` for details.
Calling command ['"C:\Windows\System32\shutdown.exe" /a']
Command ['"C:\Windows\System32\shutdown.exe" /a'] exited with '1116'
Environment Vars (like PATH) have changed. Close/reopen your shell to
 see the changes (or in powershell/cmd.exe just type `refreshenv`).
Logging of values is not turned on by default because it 
 could potentially expose sensitive data. If you understand the risk,
 please see `choco feature -h` for information to turn it on.
The following values have been added/changed (may contain sensitive data):
  * ChocolateyLastPathUpdate='[REDACTED]' (User)
Capturing package files in 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye'
Capturing package files in 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye'
 Found 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\commandovm.win10.installer.fireeye.nupkg'
  with checksum '245D0CEDFC4FFEDF95F3490CA47DDCD4'
 Found 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\commandovm.win10.installer.fireeye.nuspec'
  with checksum '23C5DED3F6A5F4E4D4968A8CF4169545'
 Found 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\tools\chocolateyinstall.ps1'
  with checksum '42517CEF69222E01EB233FAE837A8F79'
 Found 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\tools\chocolateyuninstall.ps1'
  with checksum '0731AA84B1AAF5DFDFCBEDCB4E12267F'
 Found 'C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\tools\packages.json'
  with checksum 'DDDBA1CA12E5628BAC5B29E1A84DB1FC'
Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\commandovm.win10.installer.fireeye.1.0.1.3\.arguments".
Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\commandovm.win10.installer.fireeye.1.0.1.3\.version".
Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\commandovm.win10.installer.fireeye.1.0.1.3\.sxs".
Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\commandovm.win10.installer.fireeye.1.0.1.3\.pin".
Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...
Attempting to delete file "C:\ProgramData\chocolatey\lib\commandovm.win10.installer.fireeye\.chocolateyPending".
 The install of commandovm.win10.installer.fireeye was successful.
  Software installed to '"C:\Program Files (x86)\Microsoft Visual Studio\Installer"'
Attempting to delete file "C:\Users\root\AppData\Local\NuGet\Cache\commandovm.win10.installer.fireeye.1.0.1.3.nupkg".

Chocolatey installed 1/1 packages. 0 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Enjoy using Chocolatey? Explore more amazing features to take your 
experience to the next level at
 https://chocolatey.org/compare
Sending message 'PostRunMessage' out if there are subscribers...
[2019-04-17T16:42:10.7560689+02:00:::PID 3168] Boxstarter: restoring current directory location to C:\Users\root
[2019-04-17T16:42:10.7724679+02:00:::PID 3168] Boxstarter: Exit Code: 1
[2019-04-17T16:42:10.8967061+02:00:::PID 3168] ++ Boxstarter finished Calling Chocolatey to install commandovm.win10.installer.fireeye. This may take several minutes to complete... 00:09:01.3345216
[2019-04-17T16:42:10.8967061+02:00:::PID 3168] ++ Boxstarter finished Calling Chocolatey to install commandovm.win10.installer.fireeye. This may take several minutes to complete... 00:09:01.3345216
[2019-04-17T16:42:10.9439537+02:00:::PID 3168] Boxstarter: Restore Automatic Updates from Windows Update
[2019-04-17T16:42:10.9748540+02:00:::PID 3168] Boxstarter: Cleaning up and not rebooting
[2019-04-17T16:42:10.9909723+02:00:::PID 3168] + Boxstarter finished Installation session. 00:09:02.3675456
[2019-04-17T16:42:10.9909723+02:00:::PID 3168] Boxstarter: Composing record for pipeline...
[2019-04-17T16:42:11.0212392+02:00:::PID 3168] Boxstarter: writing object...
[2019-04-17T16:42:11.0525111+02:00:::PID 3168] Boxstarter: object written...