-
Notifications
You must be signed in to change notification settings - Fork 2
/
build_win10_VBox.choco
116 lines (98 loc) · 6.15 KB
/
build_win10_VBox.choco
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# modified version of ZPS CRTO
# directories creation
New-Item -Path C:\ -Name Temp -ItemType Directory -ErrorAction SilentlyContinue
New-Item -Path C:\ -Name payloads -ItemType Directory -ErrorAction SilentlyContinue
New-Item -Path C:\ -Name tools -ItemType Directory -ErrorAction SilentlyContinue
# UAC disable
New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
# Windows Update disable
get-service -DisplayName "Windows Update" | Set-Service -StartupType "Disabled"
stop-service -DisplayName "Windows Update"
$env:TEMP = "C:\Temp"
$env:TMP = "C:\Temp"
# Defender
$Downloads = Get-ItemPropertyValue 'HKCU:\software\microsoft\windows\currentversion\explorer\shell folders\' -Name '{374DE290-123F-4565-9164-39C4925E467B}'
Add-MpPreference -ExclusionPath $Downloads
Add-MpPreference -ExclusionPath "C:\payloads\"
Add-MpPreference -ExclusionPath "C:\tools\"
Set-MpPreference -MAPSReporting Disabled
Set-MpPreference -SubmitSamplesConsent NeverSend
# Packages
choco feature enable -n allowGlobalConfirmation
choco install 7zip
choco install git
choco install heidisql --version=10.2.0.559900
choco install openjdk11
choco install putty
choco install sysinternals --params "/InstallDir:C:\tools\sysinternals"
choco install vscode
choco install -y apimonitor
choco install -y dependencywalker
choco install -y die
choco install -y explorersuite
choco install -y ghidra
choco install -y hxd
choco install -y notepadplusplus.install
choco install -y pebear
choco install -y processhacker
choco install -y python3
choco install -y vcredist140
choco install -y x64dbg.portable
choco install -y nim
choco install -y windowsdriverkit10
# GitHub
Invoke-WebRequest -Uri https://github.com/dnSpy/dnSpy/releases/latest/download/dnSpy-netframework.zip -OutFile "$env:TEMP\dnSpy-netframework.zip"
Expand-Archive -Path "$env:TEMP\dnSpy-netframework.zip" -DestinationPath C:\tools\dnSpy
git clone https://github.com/BloodHoundAD/SharpHound3.git C:\tools\SharpHound3
git clone https://github.com/dafthack/MailSniper.git C:\tools\MailSniper
git clone https://github.com/decoder-it/juicy-potato.git C:\tools\juicy-potato
git clone https://github.com/djhohnstein/SharpChrome.git C:\tools\SharpChrome
git clone https://github.com/FortyNorthSecurity/Egress-Assess.git C:\tools\Egress-Assess
git clone https://github.com/FSecureLABS/SharpGPOAbuse.git C:\tools\SharpGPOAbuse
git clone https://github.com/gentilkiwi/mimikatz.git C:\tools\mimikatz
git clone https://github.com/GhostPack/Seatbelt.git C:\tools\Seatbelt
git clone https://github.com/HarmJ0y/DAMP.git C:\tools\DAMP
git clone https://github.com/hfiref0x/UACME.git C:\tools\UACME
git clone https://github.com/leechristensen/SpoolSample.git C:\tools\SpoolSample
git clone https://github.com/NetSPI/PowerUpSQL.git C:\tools\PowerUpSQL
git clone https://github.com/p3nt4/PowerShdll.git C:\tools\PowerShdll
git clone https://github.com/PowerShellMafia/PowerSploit.git C:\tools\PowerSploit
git clone https://github.com/rasta-mouse/MiscTools.git C:\tools\MiscTools
git clone https://github.com/rasta-mouse/Sherlock.git C:\tools\Sherlock
git clone https://github.com/rasta-mouse/Watson.git C:\tools\Watson
git clone https://github.com/tevora-threat/SharpView.git C:\tools\SharpView
git clone https://github.com/TheWover/donut.git C:\tools\donut
git clone https://github.com/ZeroPointSecurity/PhishingTemplates.git C:\tools\PhishingTemplates
# IE first run
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer"
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main"
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" -Name DisableFirstRunCustomize -Value 1
# BloodHound
Invoke-WebRequest -Uri 'https://github.com/BloodHoundAD/BloodHound/releases/latest/download/BloodHound-win32-x64.zip' -OutFile "$env:TEMP\BloodHound.zip"
Expand-Archive -Path "$env:TEMP\BloodHound.zip" -DestinationPath C:\tools\
Rename-Item -Path C:\tools\BloodHound-win32-x64\ -NewName BloodHound
Invoke-WebRequest -Uri 'https://neo4j.com/artifact.php?name=neo4j-community-4.0.0-windows.zip' -OutFile "$env:TEMP\neo4j.zip"
Expand-Archive -Path "$env:TEMP\neo4j.zip" -DestinationPath C:\tools\
Rename-Item -Path C:\tools\neo4j-community-4.0.0\ -NewName Neo4j
## Visual Studio
#Invoke-WebRequest -Uri 'https://marketplace.visualstudio.com/_apis/public/gallery/publishers/VisualStudioClient/vsextensions/MicrosoftVisualStudio2017InstallerProjects/0.9.6/vspackage' -OutFile "$Downloads\InstallerProjects.vsix"
#Invoke-WebRequest -Uri 'https://download.microsoft.com/download/E/E/D/EEDF18A8-4AED-4CE0-BEBE-70A83094FC5A/BuildTools_Full.exe' -OutFile "$Downloads\BuildTools.exe"
#Enable-WindowsOptionalFeature -FeatureName NetFx3 -Online
# Explorer Suite - CFF Explorer
Invoke-WebRequest -Uri 'https://ntcore.com/files/ExplorerSuite.exe' -OutFile "C:\tools\ExplorerSuite_CFF.exe"
# https://docs.microsoft.com/en-us/windows-hardware/drivers/other-wdk-downloads
Invoke-WebRequest -Uri 'https://go.microsoft.com/fwlink/?linkid=2128854' -OutFile "C:\Users\User\Desktop\wdksetup.exe"
# GPRegistryPolicy
Install-Module GPRegistryPolicy -Force
# UI
Import-Module "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1" -Force
Set-WindowsExplorerOptions -EnableShowFileExtensions -EnableShowFullPathInTitleBar -EnableExpandToOpenFolder -EnableShowRibbon
Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\tools.lnk" -targetPath C:\tools\
Install-ChocolateyShortcut -shortcutFilePath "C:\Users\Public\Desktop\Neo4j.lnk" -targetPath "C:\tools\Neo4j\bin\neo4j.bat" -arguments "console" -runAsAdmin
New-Item -Path C:\ -Name BGInfo -ItemType Directory -ErrorAction SilentlyContinue
Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/v1k1ngfr/winkernel/master/vegvisir_wallpaper.jpg' -OutFile "C:\BGInfo\wallpaper.jpg"
Invoke-WebRequest -Uri 'https://github.com/v1k1ngfr/winkernel/raw/master/bginfo.bgi' -OutFile "C:\BGInfo\bginfo.bgi"
New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ -Name BGInfo -Value "C:\tools\sysinternals\Bginfo64.exe /accepteula /iC:\BGInfo\bginfo.bgi /timer:0"
# Misc
$DesktopPath = [Environment]::GetFolderPath("Desktop")
Remove-Item -Path C:\Temp\ -Recurse -Force