CommandoVM : Complete Mandiant Offensive VM (Commando VM), The First Full Windows-Based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming.

Installation (Install Script)

Requirements

• Windows 7 Service Pack 1 or Windows 10
• 60 GB Hard Drive
• 2 GB RAM

Recommended

• Windows 10
• 80+ GB Hard Drive
• 4+ GB RAM
• 2 network adapters
• Enable Virtualization support for VM

Instructions

1. Create and configure a new Windows Virtual Machine

• Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain
• Take a snapshot of your machine!
• Download and copy install.ps1 on your newly configured machine.
• Open PowerShell as an Administrator
• Enable script execution by running the following command:
  • Set-ExecutionPolicy Unrestricted
• Finally, execute the installer script as follows:
  • .\install.ps1
  • You can also pass your password as an argument: .\install.ps1 -password <password>

The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

Installing a new package

Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:

cinst github

Staying up to date

Type the following command to update all of the packages to the most recent version:

cup all

Also Read – Whonix : Privacy Protection, Anonymity Online, Anonymous Operating System

Installed Tools

Active Directory Tools

• Remote Server Administration Tools (RSAT)
• SQL Server Command Line Utilities
• Sysinternals

Command & Control

• Covenant
• PoshC2
• WMImplant
• WMIOps

Developer Tools

• Dep
• Git
• Go
• Java
• Python 2
• Python 3 (default)
• Ruby
• Ruby Devkit
• Visual Studio 2017 Build Tools (Windows 10)
• Visual Studio Code

Evasion

• CheckPlease
• Demiguise
• DefenderCheck
• DotNetToJScript
• Invoke-CradleCrafter
• Invoke-DOSfuscation
• Invoke-Obfuscation
• Invoke-Phant0m
• Not PowerShell (nps)
• PS>Attack
• PSAmsi
• Pafishmacro
• PowerLessShell
• PowerShdll
• StarFighters

Exploitation

• ADAPE-Script
• API Monitor
• CrackMapExec
• CrackMapExecWin
• DAMP
• EvilClippy
• Exchange-AD-Privesc
• FuzzySec’s PowerShell-Suite
• FuzzySec’s Sharp-Suite
• Generate-Macro
• GhostPack
  • Rubeus
  • SafetyKatz
  • Seatbelt
  • SharpDPAPI
  • SharpDump
  • SharpRoast
  • SharpUp
  • SharpWMI
• GoFetch
• Impacket
• Invoke-ACLPwn
• Invoke-DCOM
• Invoke-PSImage
• Invoke-PowerThIEf
• Juicy Potato
• Kali Binaries for Windows
• LuckyStrike
• MetaTwin
• Metasploit
• Mr. Unikod3r’s RedTeamPowershellScripts
• NetshHelperBeacon
• Nishang
• Orca
• PSReflect
• PowerLurk
• PowerPriv
• PowerSploit
• PowerUpSQL
• PrivExchange
• RottenPotatoNG
• Ruler
• SharpClipHistory
• SharpExchangePriv
• SharpExec
• SpoolSample
• SharpSploit
• UACME
• impacket-examples-windows
• vssown
• Vulcan

Information Gathering

• ADACLScanner
• ADExplorer
• ADOffline
• ADRecon
• BloodHound
• dnsrecon
• FOCA
• Get-ReconInfo
• GoBuster
• GoWitness
• NetRipper
• Nmap
• PowerView
  • Dev branch included
• SharpHound
• SharpView
• SpoolerScanner
• Watson

Networking Tools

• Citrix Receiver
• OpenVPN
• Proxycap
• PuTTY
• Telnet
• VMWare Horizon Client
• VMWare vSphere Client
• VNC-Viewer
• WinSCP
• Windump
• Wireshark

Password Attacks

• ASREPRoast
• CredNinja
• DomainPasswordSpray
• DSInternals
• Get-LAPSPasswords
• Hashcat
• Internal-Monologue
• Inveigh
• Invoke-TheHash
• KeeFarce
• KeeThief
• LAPSToolkit
• MailSniper
• Mimikatz
• Mimikittenz
• RiskySPN
• SessionGopher

Reverse Engineering

• DNSpy
• Flare-Floss
• ILSpy
• PEview
• Windbg
• x64dbg

Utilities

• 7zip
• Adobe Reader
• AutoIT
• Cmder
• CyberChef
• Explorer Suite
• Gimp
• Greenshot
• Hashcheck
• Hexchat
• HxD
• Keepass
• MobaXterm
• Mozilla Thunderbird
• Neo4j Community Edition
• Notepad++
• Pidgin
• Process Hacker 2
• SQLite DB Browser
• Screentogif
• Shellcode Launcher
• Sublime Text 3
• TortoiseSVN
• VLC Media Player
• Winrar
• yEd Graph Tool

Vulnerability Analysis

• AD Control Paths
• Egress-Assess
• Grouper2
• NtdsAudit
• PwndPasswordsNTLM
• zBang

Web Applications

• Burp Suite
• Fiddler
• Firefox
• OWASP Zap
• Subdomain-Bruteforce
• Wfuzz

Wordlists

• FuzzDB
• PayloadsAllTheThings
• SecLists
• Probable-Wordlists
• RobotsDisallowed

Changelog:

1.3 – June 28 2019

• Added RottenPotatoNG https://github.com/breenmachine/RottenPotatoNG #63
• Added Juicy Potato https://github.com/ohpe/juicy-potato #63, #64
• Added Watson https://github.com/rasta-mouse/Watson #64
• Added PwndPasswordsNTLM https://github.com/JacksonVD/PwnedPasswordsNTLM #67
• Added FOCA https://github.com/JacksonVD/PwnedPasswordsNTLM #71
• Added Vulcan https://github.com/praetorian-code/vulcan
• Added SharpClipHistory https://github.com/mwrlabs/SharpClipHistory
• Added NetRipper https://github.com/NytroRST/NetRipper
• Added RobotsDisallowed https://github.com/danielmiessler/RobotsDisallowed
• Added Probable-Wordlists https://github.com/berzerk0/Probable-Wordlists
• Added SharpSploit https://github.com/cobbr/SharpSploit
• Changed WinRM configuration #65
• Un-hardened UNC file paths #68
• Fixed install issues with Covenant #61, #76

1.2 – May 31 2019

• Added recommended hardware settings #20, #17
• Added DomainPasswordSpray https://github.com/dafthack/DomainPasswordSpray #2
• Added GoBuster https://github.com/OJ/gobuster #39
• Added Wfuzz https://github.com/xmendez/wfuzz #40
• Added Notepad++ #30
• Added TextFX plugin for Notepad++
• Added Explorer Suite (CFF Explorer)

1.1 – April 30 2019

• Added AD-Control-Paths https://github.com/ANSSI-FR/AD-control-paths/releases
• Added DefenderCheck https://github.com/matterpreter/DefenderCheck
• Added dnsrecon https://github.com/darkoperator/dnsrecon
• Added EvilClippy https://github.com/outflanknl/EvilClippy
• Added NtdsAudit https://github.com/Dionach/NtdsAudit
• Added SharpExec https://github.com/anthemtotheego/SharpExec
• Added Subdomain-Bruteforce https://github.com/visualbasic6/subdomain-bruteforce
• Fixed issue #18 with PATH
• Added Commando Logos with transparent backgrounds to $Home\Pictures
• Pinned Firefox to Taskbar
• Fixed misspellings in Readme #42/#43
• Added Ruby and Ruby Devkit #1
• Updated Rubeus package to current version (1.4.2) #31

1.0.2 – April 10 2019

• Added missing ‘seclists.fireeye’ package to packages.json #38

1.0.1 – March 31 2019

• Used https instead of http to install boxstarter #10