tldr: We’re releasing our Packer scripts for Windows builds, which we use internally for tool development and testing.
“Packer standardizes and automates the process of building system and container images.”
Background
Penetration testers often need to test out tools and techniques against controlled environments. This is done for three main purposes:
- Familiarisation; Learning how the tool/technique works, in a common environment.
- Safety; You can break whatever you want, and it won’t cause pain for some poor sysadmin (or client).
- Testing; Ensuring the thing works as expected, and doesn’t cause unexpected side effects.
Some would call these “test environments”, others “labs”, although other names are common; we call ours a Lab environment.
Internally, we have the following (automated) systems to support our Lab:
- Daily builds of common Windows and Linux systems; most of which we expect to see on a daily basis in our target environments.
- A system of libvirt-backed machines which redeploy common “lab” environments daily, deployed with Terraform and Ansible.
The latter we may consider open sourcing (or perhaps writing up) at a later date; however the former is now available publicly on our GitHub.
What goes into a Lab Environment?
For us, we usually expect the following:
- An Active Directory environment.
- Fully updated, but otherwise relatively unmodified Windows 10 and 11 machines.
- A number of Windows Server 2019 and 2022 machines (also fully updated).
Building images
We have two main parts to our Windows build system; A scheduled job in GitLab (although this could also be done with simpler mechanisms, and Packer.
What we published
A GitHub repository containing Packer HCL scripts for the following:
- Windows Server 2019 (Core and GUI).
- Windows Server 2022 (Also Core and GUI).
- Windows 11, 23h2.
- Windows 10, 22h2.
Pre-requisites
The only pre-requisites for running the machine(s) are QEMU (8.1.5 or above), and Packer (1.9.4) and above.
Using the scripts
The README.md
document in the repo should be enough information for how to run this locally,
but to save you switching back and forth here is the quickstart.
# We need to initialise plugins first
# any file will do, as they all have the same plugin
packer init win10_22h2.pkr.hcl
# make everything (server builds are core)
make all
# Build with UI support, useful for debugging
packer build -var=headless=false win10_22h2.pkr.hcl
# Build with a different image
# Ensure to specify a new checksum!
packer build -var=iso_checksum=sha256:xxx -var=iso_url=http://foo.com win10_22h2.pkr.hcl
# Use a different autounattend file
packer build autounattend=./Autounattend.xml win10_22h2.pkr.hcl
This will build the whole environment. If you just want a single box (such as the win10_22h2
box) you can do the following:
packer build win10_22h2.pkr.hcl
Closing
Using automated lab deployments has sped up our workflow by just having the machines there ready to go, and we hope this can help others out so they can spend their time on the fun stuff.