# -*- mode: ruby -*- # vi: set ft=ruby : # Provision script for Windows 10 $script = <<-SCRIPT # Ensure the script is running with elevated permissions if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Write-Host "Run this script as Administrator!" -ForegroundColor Red exit } # Disable Firewall Set-NetFirewallProfile -All -Enabled False Write-Host "Firewall disabled" # Disable UAC Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" -Name "EnableLUA" -Value 0 # Windows Update Stop-Service -Name wuauserv -Force Set-Service -Name wuauserv -StartupType Disabled Write-Host "Windows Update disabled" # Check if Python Launcher is installed $pythonLauncher = Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name LIKE 'Python Launcher%'" 2>$null if ($pythonLauncher) { # Uninstall Python Launcher Write-Host "Python Launcher found. Uninstalling..." foreach ($launcher in $pythonLauncher) { $launcher.Uninstall() | Out-Null Write-Host "Python Launcher uninstalled successfully." } } else { Write-Host "Python Launcher not found." } # Check python exist Write-Host "Checking if Python is installed..." $pythonCheck = & python --version 2>$null if (-Not $pythonCheck) { # Download python Write-Host "Python not installed. Installing Python..." Invoke-WebRequest -Uri "https://www.python.org/ftp/python/3.8.0/python-3.8.0.exe" -OutFile "C:\\python-3.8.0.exe" # Install python as Administrator Start-Process "C:\\python-3.8.0.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1" -Verb RunAs -Wait # Optionally remove the installer after installation Remove-Item "C:\\python-3.8.0.exe" Write-Host "Python installed" } else { Write-Host "Python exist" } Write-Host "Installing Python modules..." # Python install module python -m pip install --upgrade pip python -m pip install Pillow==9.5.0 python -m pip install etw python -m pip install numpy python -m pip install pywintrace # Download and run the agent Write-Host "Downloading the agent and creating a scheduled task..." # Define the file path and task name $filePath = "C:\\my_secret.pyw" $taskName = "RunMySecretAgent" # Check if the file exists if (Test-Path $filePath) { Write-Host "File already exists. Exiting..." } else { Write-Host "Downloading the agent..." # Download the agent Invoke-WebRequest -Uri "https://raw.githubusercontent.com/kevoreilly/CAPEv2/249bbe3af709919c4fac0975a914bb0e977ede6b/agent/agent.py" -OutFile $filePath Write-Host "Agent downloaded to $filePath." } Write-Host "Creating a scheduled task to run the agent at logon..." # Check if the scheduled task already exists if (Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue) { Write-Host "Task '$taskName' already exists. No need to create it again." } else { # Create a scheduled task to run the script at logon with highest privileges $action = New-ScheduledTaskAction -Execute "pythonw.exe" -Argument $filePath $trigger = New-ScheduledTaskTrigger -AtLogOn $principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description "Run my secret agent at logon" Write-Host "Download completed and scheduled task created." # Run pythonw $filePath } # Reduce Overall Noise $scriptPath = "C:\\disable_win7noise.bat" # Download the script Invoke-WebRequest -Uri "https://raw.githubusercontent.com/kevoreilly/CAPEv2/master/installer/disable_win7noise.bat" -OutFile $scriptPath # Run the script with elevated privileges Start-Process -FilePath $scriptPath -Verb RunAs # Step 1: Disable real-time protection using Set-MpPreference (Temporary, depends on system settings) Set-MpPreference -DisableRealtimeMonitoring $true Set-MpPreference -DisableScanningNetworkFiles $true Set-MpPreference -MAPSReporting Disabled Set-MpPreference -SubmitSamplesConsent 2 # Step 2: Disable additional security features Set-MpPreference -DisableBehaviorMonitoring $true Set-MpPreference -DisableScriptScanning $true Set-MpPreference -DisableAutoExclusions $true Set-MpPreference -DisableBlockAtFirstSeen $true Set-MpPreference -DisableIntrusionPreventionSystem $true # Step 3: Modify registry to permanently disable Windows Defender $defenderRegPath = "HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender" if (-not (Test-Path $defenderRegPath)) { New-Item -Path $defenderRegPath -Force | Out-Null } Set-ItemProperty -Path $defenderRegPath -Name "DisableAntiSpyware" -Value 1 -Force # Step 4: Disable Real-Time Protection components via registry $realTimeProtectionPath = "$defenderRegPath\\Real-Time Protection" if (-not (Test-Path $realTimeProtectionPath)) { New-Item -Path $realTimeProtectionPath -Force | Out-Null } Set-ItemProperty -Path $realTimeProtectionPath -Name "DisableRealtimeMonitoring" -Value 1 -Force Set-ItemProperty -Path $realTimeProtectionPath -Name "DisableBehaviorMonitoring" -Value 1 -Force Set-ItemProperty -Path $realTimeProtectionPath -Name "DisableScanOnRealtimeEnable" -Value 1 -Force Set-ItemProperty -Path $realTimeProtectionPath -Name "DisableIOAVProtection" -Value 1 -Force # Step 5: Notify the user to restart the system for changes to take effect Write-Host "Windows Defender real-time protection and related features have been disabled. Restart your system for the changes to take effect." -ForegroundColor Yellow # Disable Windows Defender sc stop WinDefend # Replace 'REPLACE_VM_ADAPTER' with the actual name of your Ethernet adapter $adapterName = "REPLACE_VM_ADAPTER" $ipAddress = "REPLACE_VM_IP" $subnetMask = "REPLACE_VM_SUBNET" $defaultGateway = "REPLACE_VM_GW" # Adjust this based on your network configuration $dnsServer = "REPLACE_VM_DNS" # You can specify your preferred DNS server # Set the static IP address New-NetIPAddress -InterfaceAlias $adapterName -IPAddress $ipAddress -PrefixLength 24 -DefaultGateway $defaultGateway # Set the DNS server Set-DnsClientServerAddress -InterfaceAlias $adapterName -ServerAddresses $dnsServer Write-Output "Static IP address set to $ipAddress on adapter $adapterName." # Disable Noisy Network Services netsh interface teredo set state disabled $packagesClientTools = Get-ChildItem -Path "$env:SystemRoot\\servicing\\Packages" -Filter "Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum" foreach ($package in $packagesClientTools) { DISM /Online /NoRestart /Add-Package:"$($package.FullName)" } $packagesClientExtensions = Get-ChildItem -Path "$env:SystemRoot\\servicing\\Packages" -Filter "Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum" foreach ($package in $packagesClientExtensions) { DISM /Online /NoRestart /Add-Package:"$($package.FullName)" } SCRIPT # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure("2") do |config| # The most common configuration options are documented and commented below. # For a complete reference, please see the online documentation at # https://docs.vagrantup.com. # Every Vagrant development environment requires a box. You can search for # boxes at https://vagrantcloud.com/search. config.vm.box = "gusztavvargadr/windows-10" config.vm.boot_timeout = 99999999 # WinRM # config.winrm.host = "REPLACE_VM_IP" # Disable automatic box update checking. If you disable this, then # boxes will only be checked for updates when the user runs # `vagrant box outdated`. This is not recommended. config.vm.box_check_update = false # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below, # accessing "localhost:8080" will access port 80 on the guest machine. # NOTE: This will enable public access to the opened port # config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine and only allow access # via 127.0.0.1 to disable public access # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" # Create a private network, which allows host-only access to the machine # using a specific IP. # config.vm.network "private_network", ip: "192.168.33.10" # Create a public network, which generally matched to bridged network. # Bridged networks make the machine appear as another physical device on # your network. # config.vm.network "public_network" # Share an additional folder to the guest VM. The first argument is # the path on the host to the actual folder. The second argument is # the path on the guest to mount the folder. And the optional third # argument is a set of non-required options. # config.vm.synced_folder "../data", "/vagrant_data" # Provider-specific configuration so you can fine-tune various # backing providers for Vagrant. These expose provider-specific options. # Example for VirtualBox: # # config.vm.provider "virtualbox" do |vb| # # Display the VirtualBox GUI when booting the machine # vb.gui = true # # # Customize the amount of memory on the VM: # vb.memory = "1024" # end # # View the documentation for the provider you are using for more # information on available options. # Enable provisioning with a shell script. Additional provisioners such as # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the # documentation for more information about their specific syntax and use. # config.vm.provision "shell", inline: <<-SHELL # apt-get update # apt-get install -y apache2 # SHELL config.vm.provider "virtualbox" do |vb| vb.name = "REPLACE_VM_NAME" vb.cpus = REPLACE_VM_CPU vb.memory = "REPLACE_VM_RAM" # Network config config.vm.network "private_network", :type => 'dhcp', :name => 'REPLACE_VM_NETWORK', :adapter => 2 end config.vm.provision "shell", inline: $script, privileged: true end