Active Members Fi8sVrs Posted August 25, 2013 Active Members Report Posted August 25, 2013 Introducing VulnInjectorWhats VulnInjector?VulnInjector will create an automated 'vulnerable' installation of a Windows target to practise penetration testing on.Why make it?Due to the licencing of Microsoft Windows, it's not legal for us to redistribute it (including the setup disk or it being pre-installed - which is what usually happens with Linux targets).However, VulnInjector uses your own Windows setup (and product key) to create a 'modified' setup image. This new image automates the setup of Windows itself and then applies the modifications needed for the target to become a 'vulnerable'.Windows Setup + Product key + VulnInjector = Vulnerable Windows TargetRequirementsTo run VulnInjector to create the image file: Pre-installed windows environment. dot NET framework 4 or higher. (Download here).To create the target (depends on their specification): A Windows setup disk or image file. A matching valid product key. How to use it Make sure you have dot NET framework 4 or higher pre-installed. Download and run the setup file. Select where to put the Windows setup files you wish to use for the 'source'. To do so press the CD icon and choose either a physical drive letter or locate an image file. It may prompt you for a service pack. Check which service pack is required, download a local copy and select it when prompted. It will say 'valid', if it matches the target requirements. Enter your product key. Press 'Generate Image (.ISO)' once it's enabled. Once complete, close VulnInjector. The image can then be burnt onto a CD/DVD to be used on a physical machine or loaded inside a virtual machine. (Its recommended that you use a virtual machine). Make sure to boot from CD/DVD drive. If hard drive is empty, Windows will automatically start installation. Alternatively, when prompted, press any key to start installation. This is the only interaction necessary for the setup. Wait for Windows setup to complete. Windows will automatically restart. When its complete, you should see the login screen, however, there shouldn't be any users listed. If you're using a virtual machine, its recommended to create a snapshot at this point. Remotely gain access to the target!The video below, demonstrates using 'bobby.exe' (00:00), installing it (01:24) and verifying it's on the isolated network (04:29). How does it work?The stages behind VulnInjector are: Extracts the boot sector of the setup source. Copies the content of the setup files into a local 'temporary' location. Checks to see if the setup files match the target's specification. If necessary, slipstreams the required service pack. Creates an 'answer file' for the Windows setup process. Copies over the target's setup file. Generates an image of the 'temporary' files. Removes temporary files.ScreenshotsDownloadSources:VulnHub: Introducing VulnInjectorhttps://github.com/g0tmi1k/VulnInjector Quote
